Blog, Information Security and Retail - Information Management Today

Volvo retailer leaks sensitive files

Security Affairs

APRIL 15, 2023

The Brazilian retail arm of car manufacturing giant Volvo leaked sensitive files, putting its clientele in the vast South American country in peril. Volvo’s retailer in Brazil, Dimas Volvo, leaked sensitive files through its website. website, belonging to an independent Volvo retailer in the Santa Catarina region of Brazil.

Retail

Retail Manufacturing Communications Passwords

SEC Announces 2022 Examination Priorities: Private Funds, ESG, Retail, Cyber, Digital Assets Top the List

Data Matters

APRIL 6, 2022

Securities and Exchange Commission (SEC) Division of Enforcement (EXAMS or Division) issued its annual examination priorities. Private Fund, ESG Investing, Retail Investors, Cybersecurity, Fintech, and Digital Assets.

Retail

Retail Compliance Sales Risk

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

IT Governance

MARCH 11, 2024

Source (New) Retail Italy Yes 436,932 Toner-dumping.de Source (New) Retail Germany Yes 334,000 Yakima Valley Radiology, PC Source 1 ; source 2 (New) Healthcare USA Yes 235,249 Consorzio Innovation Source (New) Professional services Italy Yes 225 GB Northeast Orthopaedics & Sports Medicine Source (New) Healthcare USA Yes 177,276 Strike.me

Data Privacy

Data Privacy Privacy Security Data breaches

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Ukraine IT Army hit EGAIS portal impacting Russia’s alcohol distribution

Security Affairs

MAY 6, 2022

This was reported to Vedomosti by four participants in this market, a representative of a large retailer and an employee of a specialized association.” ” reported Vedomosti “Apparently, we are talking about DDoS attacks.” To nominate, please visit:? Follow me on Twitter: @securityaffairs and Facebook.

IT

IT Retail Marketing Cybersecurity

Fortinet warns of a spike in attacks against TBK DVR devices

Security Affairs

MAY 2, 2023

According to the company, they have over 600,000 Cameras and 50,000 Recorders installed all over the world in multiple sectors such as Banking, Retail, Government, etc. ” reads the advisory published by Fortinet.

Authentication

Authentication Retail Education Marketing

Lojas Renner, Brazilian largest clothing store chain, was hit by ransomware

Security Affairs

AUGUST 20, 2021

The retailer also reported that its main databases were not impacted. . According to the Brazilian blog TecMundo , the attack against Lojas Renner was orchestrated by RansomExx operators. “Information from unofficial sources said Renner paid R$20 million in cryptocurrencies as a ransom.

Ransomware

Ransomware Retail Data breaches Marketing

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

IT Governance

APRIL 29, 2024

Source (New) Manufacturing Taiwan Yes 4,715,133 Mustafa Centre Source 1 ; source 2 (Update) Retail Singapore Yes >3,5000,000 TRAXERO Source (New) Software USA Yes 2,634,753 Piping Rock Health Products Source 1 ; source 2 ; source 3 (New) Manufacturing USA Yes 2,103,100 FBCS, Inc. To learn more about our research methodology, click here.

Data Privacy

Data Privacy Privacy Manufacturing Security

Threat Report Portugal: Q3 & Q4 2022

Security Affairs

APRIL 6, 2023

Next, Retail and Health, as the most sectors affected in this season. You can Download [PDF] or [PNG] report from the original post at [link] About the author: Pedro Tavarez Pedro Tavares is a professional in the field of information security working as an Ethical Hacker, Malware Analyst and also a Security Evangelist.

Phishing

Phishing Data collection Retail Security awareness

2021 data breach exposed data of 70 Million Luxottica customers

Security Affairs

MAY 20, 2023

As a vertically integrated company, Luxottica designs, manufactures, distributes and retails its eyewear brands, including LensCrafters, Sunglass Hut, Apex by Sunglass Hut, Pearle Vision, Target Optical, Eyemed vision care plan, and Glasses.com. The investigation into the security breach is still ongoing. “We Luxottica Group S.p.A.

Data breaches

Data breaches Retail Sales Ransomware

QakBot Big Game Hunting continues: the operators drop ProLock ransomware for Egregor

Security Affairs

NOVEMBER 20, 2020

This ransomware strain emerged in September 2020, but the threat actors behind already managed to lock quite big companies, such as game developers Crytek, booksellers Barnes & Noble, and most recently a retail giant Cencosud from Chile. of victims) and Retail (14.5%). ProLock = Egregor. Inside Egregor.

Ransomware

Ransomware Retail Encryption Manufacturing

The GDPR: Everything you need to know about data controllers and data processors

IT Governance

NOVEMBER 14, 2018

That’s why we’ve dedicated this blog to explaining everything you need to know about data controllers and data processors. A data processor is the organisation that does the legwork; it processes the information on the controller’s behalf. It’s also common for organisations to get their own employees to process information.

GDPR

GDPR Retail Data collection Personal data

Exclusive: Welcome “Frappo” – Resecurity identified a new Phishing-as-a-Service

Security Affairs

MAY 10, 2022

“Frappo” acts as a Phishing-as-a-Service and enables cybercriminals the ability to host and generate high-quality phishing pages which impersonate major online banking, e-commerce, popular retailers, and online-services to steal customer data. To nominate, please visit:? Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Phishing

Phishing Retail Financial Services Data breaches

NIST published updated guidance for supply chain risks

Security Affairs

MAY 8, 2022

A security incident suffered by one of the companies producing these components could have a significant impact on the overall product and service. To nominate, please visit:? Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini. SecurityAffairs – hacking, NIST).

Risk

Risk Manufacturing Cybersecurity Retail

Threat Report Portugal: Q4 2020

Security Affairs

JANUARY 26, 2021

Next, was Retail and Technology, as the most sectors affected in this season. Pedro Tavares is a professional in the field of information security, working as an Ethical Hacker, Malware Analyst, Cybersecurity Analyst and also a Security Evangelist. Threats by Sector. About the author Pedro Tavares.

Phishing

Phishing Retail Security awareness Data collection

The Clock is Ticking for PCI DSS 4.0 Compliance

Thales Cloud Protection & Licensing

SEPTEMBER 18, 2023

Compliance madhav Tue, 09/19/2023 - 05:17 It is essential for any business that stores, processes, and transmits payment card information to comply with the Payment Card Industry Data Security Standard (PCI DSS). Consumers’ payment data is a compelling target for criminals who continue to circumvent IT security defenses.

Compliance

Compliance Financial Services Data breaches Encryption

New Lobshot hVNC malware spreads via Google ads

Security Affairs

MAY 1, 2023

Russian TA505 hacking group , aka Evil Corp , has been active since 2014 focusing on Retail and banking sectors. While investigating the malware distribution, the researchers noticed the use of an infrastructure known to belong to cybercrime group TA505.

Retail

Retail Access Education Security

Threat Report Portugal: Q2 2020

Security Affairs

AUGUST 14, 2020

Next, was Retail and Financing, as the most sectors affected in this season. Pedro Tavares is a professional in the field of information security, working as an Ethical Hacker, Malware Analyst, Cybersecurity Analyst and also a Security Evangelist. Threats by Sector. About the author Pedro Tavares.

Phishing

Phishing Data collection Retail Security awareness

GUEST ESSAY: Leveraging best practices and an open standard to protect corporate data

The Last Watchdog

MARCH 21, 2022

Become familiar with the standards that affect your industry, such as GDPR, CCPA, SOX, HIPAA, the Gramm-Leach-Bliley Act, Payment Card Industry Data Security Standard (PCI-DSS), Federal Information Security Management Act (FISMA) and Children’s Online Privacy Protection Rule (COPPA). Assign roles and responsibilities.

Encryption

Encryption Cloud Privacy GDPR

Its the most wonderful time of the year – Patching

Roger's Information Security

DECEMBER 19, 2018

Anyone in retail certainly has a change freeze in effect. Information about the update for Internet Explorer is available here : [link]. The post Its the most wonderful time of the year – Patching appeared first on Roger's Information Security Blog.

IT

IT Retail Information Security Security

FTC Pursues Advertising Network that Failed to Deliver In-Game Rewards in Exchange for Payment or Personal Information

Hunton Privacy

JANUARY 13, 2021

As reported on the Hunton Retail Law Resource blog , the Federal Trade Commission settled charges with mobile advertising company Tapjoy, Inc.,

Marketing

Marketing Retail IT Information Security

Threat Report Portugal: Q1 2021

Security Affairs

MAY 2, 2021

Next, was Retail and Technology, as the most sectors affected in this season. Pedro Tavares is a professional in the field of information security working as an Ethical Hacker/Pentester, Malware Researcher and also a Security Evangelist. Threats by Sector. About the author: Pedro Tavares.

Phishing

Phishing Data collection Retail Security awareness

Threat Report Portugal: Q2 2022

Security Affairs

JULY 4, 2022

Next, Retail and Health, as the most sectors affected in this season. Pedro Tavares is a professional in the field of information security working as an Ethical Hacker, Malware Analyst and also a Security Evangelist. Criminals are also using smishing to enlarge the scope and to impact a large group of victims.

Phishing

Phishing Data collection Retail Security awareness

Threat Report Portugal: Q4 2021

Security Affairs

FEBRUARY 20, 2022

Regarding the affected sectors, Retail was the most affected with both phishing and malware campaigns hitting Portuguese citizens during Q4 2021. Pedro Tavares is a professional in the field of information security working as an Ethical Hacker, Malware Analyst and also a Security Evangelist. Threats by Sector.

e-Delivery

e-Delivery Phishing Data collection Retail

Risk Management under the DORA Regulation

IT Governance

NOVEMBER 23, 2023

In fact, in 2020–2022, the financial sector was the second-most attacked sector, topped only by the retail and manufacturing sector. To help navigate such security-specific challenges, organisations may find it useful to reference a best-practice standard like ISO 27005 , which offers guidance on managing information security risks.

Risk

Risk Data breaches Authentication Financial Services

Data controller vs data processor: what’s the difference?

IT Governance

AUGUST 19, 2020

In this blog, we take a close look at what a data controller and processor does and how they fit into your organisation. Say, for example, that you are a marketing executive at a retailer who wants to conduct a survey on shoppers’ browsing habits. appeared first on IT Governance UK Blog. What is a data controller?

GDPR

GDPR Personal data Compliance Privacy

Experts spotted five malicious Google Chrome extensions used by 1.4M users

Security Affairs

AUGUST 31, 2022

Researchers spotted 5 malicious Google Chrome extensions used to track users’ browsing activity and profit of retail affiliate programs. Customers should take extra steps to verify the authenticity if the extension is requesting permissions that enable it to run on every website you visit such as the one detailed in this blog?.”

Retail

Retail Sales Authentication Privacy

Threat Report Portugal Q1 2020

Security Affairs

APRIL 20, 2020

Next, was Financing due to the Lampion Trojan and Retail, as the most sectors affected in this season. Pedro Tavares is a professional in the field of information security, working as an Ethical Hacker, Malware Analyst, Cybersecurity Analyst and also a Security Evangelist. EDP Group ransomware attack via RagnarLocker ).

Phishing

Phishing Retail Security awareness Data collection

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

. “These operations have targeted various industries, including Aerospace & Defense, Education, Energy & Utilities, Governments, Hospitality, Manufacturing, Oil & Gas, Retail, Technology, and Transportation. ” continues the report.

Energy and Utilities

Energy and Utilities Military Government Phishing

Threat Report Portugal: Q2 2021

Security Affairs

JULY 22, 2021

Next, was Retail and Technology, as the most sectors affected in this season. Pedro Tavares is a professional in the field of information security working as an Ethical Hacker/Pentester, Malware Researcher and also a Security Evangelist. Threats by Sector. About the author: Pedro Tavares. Original post at [link].

Phishing

Phishing Data collection Retail Security awareness

SEC Announces Examination Priorities for 2019

Data Matters

JANUARY 16, 2019

Continued Focus on Retail Investors. The Exam Priorities continue OCIE’s trend in recent years to prioritize the protection of retail investors, particularly seniors and those saving for retirement. The post SEC Announces Examination Priorities for 2019 appeared first on Data Matters Privacy Blog. Other Relevant Focus Areas.

Retail

Retail Compliance Risk Marketing

SEC and FINRA Issue 2020 Examination Priorities (Including Cybersecurity) for Broker-Dealers and Investment Advisers

Data Matters

JANUARY 24, 2020

Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) and the Financial Industry Regulatory Authority (FINRA) recently published their examination priorities (together, the Examination Priorities) for the 2020 calendar year. Protection of Retail Investors . Retail-Targeted Investments.

Cybersecurity

Cybersecurity Retail Compliance Marketing

GUEST ESSAY: Did you know these 5 types of digital services are getting rich off your private data?

The Last Watchdog

NOVEMBER 5, 2018

There are some little- known privacy danger inherent in the “frequent shopper” or savings cards offered by many grocery stores and retailers. These organizations are saving, analyzing, and sharing information on what you buy, when you buy it, and predicting future sales. What is in it for the business offering these ‘savings’?

Privacy

Privacy Sales Access Big data

Threat Report Portugal: Q3 2021

Security Affairs

NOVEMBER 14, 2021

Next, was Retail and Technology, as the most sectors affected in this season. Pedro Tavares is a professional in the field of information security working as an Ethical Hacker, Malware Analyst and also a Security Evangelist. Threats by Sector. About the author: Pedro Tavarez.

Phishing

Phishing e-Delivery Data collection Retail

SEC and FINRA Issue 2020 Examination Priorities for Broker-Dealers and Investment Advisers

Data Matters

FEBRUARY 20, 2020

Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) and the Financial Industry Regulatory Authority (FINRA) recently published their examination priorities (together, the Examination Priorities) for the 2020 calendar year. Protection of Retail Investors . Retail-Targeted Investments.

Retail

Retail Compliance Marketing Risk

Second Circuit Affirms Dismissal of Data Breach Class Action on Article III Standing Grounds

Hunton Privacy

APRIL 27, 2021

As reported on the Hunton Retail Law Blog , on April 26, 2021, the U.S. Court of Appeals for the Second Circuit affirmed the dismissal on Article III standing grounds of a data breach class action predicated on an alleged increased risk of identity theft. McMorris v. Carlos Lopez & Assocs. , 19-4310, 2021 WL 1603808 (2d Cir.

Data breaches

Data breaches Risk Retail Education

FTC Announces Settlement with Security Camera Retailer After Hacking Exposed Private Feeds on the Internet

Hunton Privacy

SEPTEMBER 5, 2013

Read the FTC Business Center Blog’s post about the TRENDnet settlement. The FTC’s Consumer Information Blog also posted about the settlement. submit a report to the FTC detailing the manner and form of TRENDnet’s compliance with the settlement.

Retail

Retail Security Compliance Information Security

Weekly podcast: ICANN, DNS and DNSSEC; credential stuffing; passwords managers; and EDPS report

IT Governance

FEBRUARY 28, 2019

This week, we discuss ICANN’s warning about DNS attacks, the extent of credential stuffing attacks on the retail sector, password managers’ responses to recent research into security flaws, and the European Data Protection Supervisor’s annual report for 2018. data-protection. Well, that’ll do for this week.

Passwords

Passwords GDPR Retail Government

How Lush could have protected its till system

IT Governance

DECEMBER 3, 2018

Lush could have avoided this predicament by implementing an ISMS (information security management system) aligned to ISO 27001 , the international standard for information security. For more information, or advice specific to your organisation, email our team. The value of an effective ISMS. Risk assessments.

IT

IT Risk Information Security Security

SEC Office of Compliance Inspections and Examinations Publishes 2018 Exam Priorities

Data Matters

FEBRUARY 13, 2018

Securities and Exchange Commission (the Commission) released its annual National Exam Program Examination Priorities (Exam Priorities). 1 As has been widely reported, the Exam Priorities’ general focus areas include: retail investors. 1 As has been widely reported, the Exam Priorities’ general focus areas include: retail investors.

Compliance

Compliance Retail Cybersecurity Risk

11 cyber security predictions for 2020

IT Governance

JANUARY 9, 2020

With that in mind, Geraint Williams, IT Governance’s chief information security officer, discusses his cyber security predictions in the upcoming year. The retail and hospitality industries will continue to have their POS equipment targeted. Our predictions.

Security

Security IoT Phishing Ransomware

Weekly podcast: Amazon, TalkTalk and City of York

IT Governance

NOVEMBER 22, 2018

According to The Register , the online retail giant emailed affected customers on Tuesday, unapologetically saying: Hello, We’re contacting you to let you know that our website inadvertently disclosed your name and email address due to a technical error. .” Visit our website for more information: itgovernance.co.uk.

Data breaches

Data breaches Personal data Passwords Encryption

Data Breaches and Cyber Attacks in 2022: 408 Million Breached Records

IT Governance

JANUARY 9, 2023

Other significant contributors to 2022’s total were the technology (115), education (95), professional services (63) and retail (62) sectors. Keeping your organisation secure. Using the information collected here, you will have a good idea of the threats you must address and the trends to look out.

Data breaches

Data breaches Ransomware Government Passwords

Microsoft Fights Off Another Record DDoS Attack as Incidents Soar

eSecurity Planet

JANUARY 28, 2022

The enterprise software and cloud giant said in a blog post this week that during the last six months of the year, there was a 40 percent increase in the number of DDoS attacks worldwide over the first half of 2021, with an average of 1,955 attacks per day and a maximum of 4,296 on Aug.

IoT

IoT Cloud Cybersecurity Ransomware

Recent Risk Alerts by SEC OCIE Highlight Privacy and Cybersecurity Issues in Examinations

Data Matters

JUNE 3, 2019

Indeed, cybersecurity was once again identified by OCIE in its 2019 National Exam Program Examination Priorities (2019 Exam Priorities), which placed a particular emphasis on proper configuration of network storage devices, information security governance, and policies and procedures related to retail trading information security.

Risk

Risk Privacy Cybersecurity Compliance

Volvo retailer leaks sensitive files

SEC Announces 2022 Examination Priorities: Private Funds, ESG, Retail, Cyber, Digital Assets Top the List

Webinars

Trending Sources

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

Webinars

Ukraine IT Army hit EGAIS portal impacting Russia’s alcohol distribution

Fortinet warns of a spike in attacks against TBK DVR devices

Lojas Renner, Brazilian largest clothing store chain, was hit by ransomware

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

Threat Report Portugal: Q3 & Q4 2022

2021 data breach exposed data of 70 Million Luxottica customers

QakBot Big Game Hunting continues: the operators drop ProLock ransomware for Egregor

The GDPR: Everything you need to know about data controllers and data processors

Exclusive: Welcome “Frappo” – Resecurity identified a new Phishing-as-a-Service

NIST published updated guidance for supply chain risks

Threat Report Portugal: Q4 2020

The Clock is Ticking for PCI DSS 4.0 Compliance

New Lobshot hVNC malware spreads via Google ads

Threat Report Portugal: Q2 2020

GUEST ESSAY: Leveraging best practices and an open standard to protect corporate data

Its the most wonderful time of the year – Patching

FTC Pursues Advertising Network that Failed to Deliver In-Game Rewards in Exchange for Payment or Personal Information

Threat Report Portugal: Q1 2021

Threat Report Portugal: Q2 2022

Threat Report Portugal: Q4 2021

Risk Management under the DORA Regulation

Data controller vs data processor: what’s the difference?

Experts spotted five malicious Google Chrome extensions used by 1.4M users

Threat Report Portugal Q1 2020

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Threat Report Portugal: Q2 2021

SEC Announces Examination Priorities for 2019

SEC and FINRA Issue 2020 Examination Priorities (Including Cybersecurity) for Broker-Dealers and Investment Advisers

GUEST ESSAY: Did you know these 5 types of digital services are getting rich off your private data?

Threat Report Portugal: Q3 2021

SEC and FINRA Issue 2020 Examination Priorities for Broker-Dealers and Investment Advisers

Second Circuit Affirms Dismissal of Data Breach Class Action on Article III Standing Grounds

FTC Announces Settlement with Security Camera Retailer After Hacking Exposed Private Feeds on the Internet

Weekly podcast: ICANN, DNS and DNSSEC; credential stuffing; passwords managers; and EDPS report

How Lush could have protected its till system

SEC Office of Compliance Inspections and Examinations Publishes 2018 Exam Priorities

11 cyber security predictions for 2020

Weekly podcast: Amazon, TalkTalk and City of York

Data Breaches and Cyber Attacks in 2022: 408 Million Breached Records

Microsoft Fights Off Another Record DDoS Attack as Incidents Soar

Recent Risk Alerts by SEC OCIE Highlight Privacy and Cybersecurity Issues in Examinations

Stay Connected