Data Breach Today

AUGUST 23, 2018

Facebook's Ex-CSO Says That Ship Has Sailed; Look to 2020 With less than three months to go until the U.S. midterm elections, Alex Stamos, until recently Facebooks's CSO, says there isn't time to properly safeguard this year's elections. But here's how the company can get its act together in time for 2020.

IT 165

IT Security 165

IT Governance

MAY 25, 2023

Monday’s €1.2 billion fine for Meta – by far the biggest fine issued under the GDPR since it took effect five years ago – has been taken by many as a sign that the Regulation is at last beginning to be enforced with sufficient vigour.

GDPR 96

GDPR Compliance Personal data Data Privacy 96

Data Breach Today

SEPTEMBER 19, 2019

Symantec Sees New Tortoiseshell Gang Hitting Targets in Middle East A hacker group called Tortoiseshell has been hitting targets in the Middle East since at least July 2018, apparently targeting IT service providers to gain access to many potential targets at once.

IT 254

IT Access 254

Krebs on Security

JULY 10, 2018

Microsoft and Adobe each issued security updates for their products today. Microsoft’s July patch batch includes 14 updates to fix more than 50 security flaws in Windows and associated software. Separately, Adobe has pushed out an update for its Flash Player browser plugin, as well as a monster patch bundle for Adobe Reader/Acrobat.

Security 130

Security IT 130

Security Affairs

SEPTEMBER 28, 2023

US CISA added the flaw CVE-2018-14667 in Red Hat JBoss RichFaces Framework to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added the critical flaw CVE-2018-14667 (CVSS score 9.8) affecting Red Hat JBoss RichFaces Framework to its Known Exploited Vulnerabilities Catalog.

IT 101

IT Cybersecurity Risk Security 101

Krebs on Security

APRIL 15, 2019

In March 2018, Wipro said it passed the $8 billion mark in annual IT services revenue. In September 2018, the Nebraska Department of Health and Human Services issued a cease-and-desist letter to Wipro, ordering it to stop work on the upgrade to the state’s Medicaid enrollment system, and to vacate its state offices.

IT 258

IT Insurance Communications Phishing 258

Security Affairs

JUNE 20, 2021

Norway police secret service states said that China-linked APT31 group was behind the 2018 cyberattack on the government’s IT network. Norway’s Police Security Service (PST) said that the China-linked APT31 cyberespionage group was behind the attack that breached the government’s IT network in 2018. Pierluigi Paganini.

Government 117

Government Passwords Access Cloud 117

Security Affairs

OCTOBER 16, 2020

Britain’s information commissioner has fined British Airways 20 million pounds for the 2018 hack that exposed data of 400,000 customers. In September 2018, British Airways suffered a data breach that exposed the personal information of 400,000 customers. This is the largest fine the British ICO has ever issued. Pierluigi Paganini.

GDPR 110

GDPR Personal data Data breaches Communications 110

Krebs on Security

AUGUST 15, 2018

According to security firm Ivanti , the first of the two zero-day flaws ( CVE-2018-8373 ) is a critical flaw in Internet Explorer that attackers could use to foist malware on IE users who browse to hacked or booby-trapped sites. One nifty little bug fixed in this patch batch is CVE-2018-8345. Microsoft’s analysis is here.

Paper 111

Paper Security IT 111

Security Affairs

NOVEMBER 1, 2018

Cyber Defense Magazine November 2018 Edition has arrived. INFOSEC AWARDS FOR 2019 OPEN ON NOVEMBER 1, 2018. The post Cyber Defense Magazine – November 2018 has arrived. Sponsored by: Bosch. We hope you enjoy this month’s edition…packed with 100+ pages of excellent content. InfoSec Knowledge is Power.

IT 73

IT Libraries Security Cybersecurity 73

Krebs on Security

APRIL 10, 2020

Most people who who filed a tax return in 2018 and/or 2019 and provided their bank account information for a debit or credit should soon see an Economic Impact Payment direct-deposited into their bank accounts. More importantly, it appears one doesn’t really need to supply one’s AGI in 2018. But there are millions of U.S.

Computer and Electronics 326

Computer and Electronics IT Government Access 326

Data Breach Today

JANUARY 4, 2018

Why Making a Prediction Is So Difficult So what actions can we expect in 2018 from the Department of Health and Human Services' Office for Civil Rights as it enforces the HIPAA privacy, security and breach notification rules? Making a prediction is difficult, given all the changes at HHS.

Privacy 113

Privacy Security IT 113

WIRED Threat Level

JANUARY 20, 2023

The mobile operator just suffered at least its fifth data breach since 2018, despite promising to spend a fortune shoring up its systems.

Data breaches 90

Data breaches IT Security 90

IT Governance

MARCH 8, 2019

2018 saw some of the biggest data breaches yet , with Marriott, Under Armour and Facebook suffering breaches that affected 500 million, 150 million and 100 million people respectively. Using our monthly ‘ List of data breaches and cyber attacks ’ blog posts, we’ve created an infographic to sum up the reported data breaches of 2018.

Data breaches 109

Data breaches GDPR Personal data Compliance 109

AIIM

FEBRUARY 9, 2023

We rebranded once again in 2018 as the Association for Intelligent Information Management. Since then, we have gone through two major rebrands, reflecting the changing industry and focus of our members. In 1982, the organization changed its name to the Association for Information and Image Management. Don’t you love the irony?

IT 104

IT Metadata 104

Security Affairs

DECEMBER 30, 2022

US CISA added TIBCO Software’s JasperReports vulnerabilities, tracked as CVE-2018-5430 (CVSS score: 7.7) and CVE-2018-18809 (CVSS score: 9.9), to its Known Exploited Vulnerabilities ( KEV ) catalog, TIBCO JasperReports is an open-source Java reporting tool for creating and managing reports and dashboards. Pierluigi Paganini.

IT 83

IT Libraries Authentication Access 83

Security Affairs

SEPTEMBER 14, 2021

The network equipment maker MikroTik revealed that the routers were previously compromised in 2018. “As far as we have seen, these attacks use the same routers that were compromised in 2018, when MikroTik RouterOS had a vulnerability, that was quickly patched.” The DDoS attack was launched by a new DDoS botnet tracked as M?ris

Passwords 74

Passwords Access Security IT 74

Data Breach Today

JANUARY 12, 2024

The fine of 746 million euros stems from a 2018 complaint by French privacy group La Quadrature du Net.

Privacy 305

Privacy IT 305

Krebs on Security

JULY 8, 2021

Sanders said the portal had been retired in 2018 in favor of a more modern customer support and ticketing system, yet somehow the old site was still left available online. Last week cybercriminals deployed ransomware to 1,500 organizations that provide IT security and technical support to many other companies. Image: Archive.org.

IT 270

IT Ransomware Systems administration Authentication 270

IT Governance

MARCH 11, 2019

But that was somewhat misleading, because the same day the GDPR came into force, the UK adopted the DPA 2018. The DPA 2018 is essentially a UK-specific complement to the GDPR, and was created for three reasons. As a result, the DPA 2018 includes provisions based on Council of Europe Data Protection Convention 108 that apply to them.

GDPR 79

GDPR Personal data Compliance Government 79

Security Affairs

OCTOBER 3, 2018

We hope you enjoy our Cyber Defense Magazine Annual Global Edition for 2018 including our Global Awards Winners for 2018…packed with over 75+ pages of excellent content. Global Edition for 2018 has arrived. GLOBAL 2018 Awards have arrived – Winners are listed here: [link]. Cyber Defense Magazine.

IT 67

IT Libraries Security 67

Security Affairs

DECEMBER 21, 2019

Cisco has warned customers that hackers continue to target Cisco ASA and Firepower Appliance products by exploiting the CVE-2018-0296 flaw. Experts warn that threat actors continue to exploit the CVE-2018-0296 flaw to target Cisco ASA and Firepower Appliance. SecurityAffairs – Cisco ASA, CVE-2018-0296). Pierluigi Paganini.

Risk 62

Risk Authentication Security Cloud 62

Security Affairs

MAY 25, 2022

Other issues impact Google, Mozilla, Facebook, Adobe, and Webkit GTK software products, the vulnerabilities range from 2018 to 2021. US Critical Infrastructure Security Agency (CISA) adds 41 new vulnerabilities to its Known Exploited Vulnerabilities Catalog. The Cisco IOS XR flaw (CVE-2022-20821, CVSS score: 6.5, Pierluigi Paganini.

IT 141

IT Cybersecurity Risk Security 141

Data Protection Report

NOVEMBER 14, 2023

The SEC’s Complaint alleges that between 2018 and 2021, the Company and the CISO misled investors about the strength of its cybersecurity protocols, which were allegedly not reasonably designed to protect its critical assets, including Orion. SolarWinds designs and sells network monitoring software.

Cybersecurity 113

Cybersecurity IT Risk Passwords 113

Security Affairs

SEPTEMBER 23, 2021

BulletProofLink has been active since 2018, it was used by multiple threat actors in either one-off or monthly subscription-based business models. The post BulletProofLink, a large-scale phishing-as-a-service active since 2018 appeared first on Security Affairs. ” concludes Microsoft. Pierluigi Paganini.

Phishing 82

Phishing Ransomware IT Access 82

Security Affairs

DECEMBER 5, 2018

Adobe released security updates for Flash Player that address two vulnerabilities, including a critical flaw, tracked as CVE-2018-15982, exploited in targeted attacks. Adobe is aware of reports that an exploit for CVE-2018-15982 exists in the wild.” Securi ty Affairs – Flash zero-day, CVE-2018-15982). Pierluigi Paganini.

Archiving 100

Archiving Security Access IT 100

Security Affairs

JANUARY 30, 2019

According to the ENISA Threat Landscape Report 2018, 2018 has brought significant changes in the techniques, tactics, and procedures associated with cybercrime organizations and nation-state actors. 2018 was characterized by significant changes in the cyber threat landscape especially for TTPs associated with threat agent groups. .

IoT 79

IoT Cybersecurity Phishing Risk 79

Security Affairs

AUGUST 16, 2018

Cyber Defense Magazine August 2018 Edition has arrived. GLOBAL 2018 Awards – OPEN. USA 2018 Awards – CLOSED. Congratulations to our InfoSec Awards 2018 Winners! The post Cyber Defense Magazine – August 2018 has arrived. Sponsored by: Bosch. InfoSec Knowledge is Power. Click here to apply.

IT 50

IT Libraries Security 50

Security Affairs

OCTOBER 1, 2018

Cyber Defense Magazine October 2018 Edition has arrived. GLOBAL 2018 Awards – CLOSED! The post Cyber Defense Magazine – October 2018 has arrived. Sponsored by: Bosch. We hope you enjoy this month’s edition…packed with 100+ pages of excellent content. InfoSec Knowledge is Power. Pierluigi Paganini.

IT 53

IT Libraries Security Cybersecurity 53

Security Affairs

OCTOBER 26, 2018

Security researcher discovered a highly critical vulnerability (CVE-2018-14665) in X.Org Server package that affects major Linux distributions. Xorg published a security advisory on the CVE-2018-14665 flaw. OpenBSD #0day Xorg LPE via CVE-2018-14665 can be triggered from a remote SSH session, does not need to be on a local console.

Security 96

Security IT 96

PerezBox

OCTOBER 20, 2018

On September 28th, 2018, Facebook announced it’s biggest data breach to date. The post The 2018 Facebook Data Breach appeared first on PerezBox. They estimated 50 million accounts were affected at the time of the disclosure. Subsequent to the disclosure, security.

Data breaches 76

Data breaches Security IT Cybersecurity 76

Security Affairs

SEPTEMBER 12, 2018

GLOBAL 2018 Awards – OPEN. USA 2018 Awards – CLOSED. Congratulations to our InfoSec Awards 2018 Winners! Copyright (C) 2018, Cyber Defense Magazine, part of the Cyber Defense Media Group, a d/b/a of STEVEN G. The post Cyber Defense Magazine – September 2018 has arrived. Click here to apply.

IT 48

IT Libraries Marketing Security 48

Security Affairs

SEPTEMBER 9, 2022

CISA added 12 more security flaws to its Known Exploited Vulnerabilities Catalog including four D-Link vulnerabilities. Last week, Google rolled out emergency fixes to address a vulnerability, tracked as CVE-2022-3075 , in the Chrome web browser that is being actively exploited in the wild. Now CISA added this flaw to the Catalog.

IT 115

IT Passwords Ransomware Cybersecurity 115

Security Affairs

OCTOBER 21, 2023

and the Russia-based Volasys Silver Star, which had previously been sanctioned in 2018 by the Department of the Treasury. government seized 17 website domains used by North Korean IT workers in a fraudulent scheme to defraud businesses worldwide. The illicit funds defraud U.S. The US authorities seized approximately $1.5 Attorney Sayler A.

IT 95

IT Government Access Security 95

IT Governance

MARCH 22, 2019

The data protection landscape was dramatically reshaped with the introduction of the EU GDPR (General Data Protection Regulation) on 25 May 2018, but it wasn’t the only law that took effect that day. In this blog, we explain why the DPA 2018 exists, what it contains and how it relates to the EU GDPR. Interested in DPA 2018 training?

GDPR 88

GDPR Government IT 88

Security Affairs

AUGUST 22, 2023

“Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user.” affecting Adobe ColdFusion to its Known Exploited Vulnerabilities Catalog.

IT 80

IT Cybersecurity Risk Security 80