2020

U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise

Krebs on Security

Communications at the U.S. Treasury and Commerce Departments were reportedly compromised by a supply chain attack on SolarWinds , a security vendor that helps the federal government and a range of Fortune 500 companies monitor the health of their IT networks.

Marriott Hit With $24 Million GDPR Privacy Fine Over Breach

Data Breach Today

Privacy Regulator in UK Cautions Organizations to Conduct Thorough Due Diligence Hotel giant Marriott has been hit with the second largest privacy fine in British history, after it failed to contain a massive, long-running data breach. But the final fine of $23.8

GDPR 277
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The Current Chaos of Zero Trust Architecture

Adapture

Everyone seems to agree that organizations need to move to a zero trust architecture, but zero trust in action currently ranges from a single area that can be “zero trust-like” to a complete environment being considered a zero trust architecture… But there aren’t actually agreed upon standards as of yet.

How to Choose the Right Metrics for Your Records Management Program

TAB OnRecord

In a three-part post we are looking at the role of metrics in demonstrating the value of RM, specifically in organizations that have implemented an electronic records management system. In this post we outline a four-step process to arriving at the right metrics. Read More.

The Best Data Retention Policy & Template To Get You Started

In this whitepaper from Onna, we will walk you through data retention best practices and provide you with a downloadable template to help you get organized and gain better visibility into your data’s lifecycle.

In-House Legal Security: Using Cloud Technology to Address Threats

Zapproved

There are two major categories of security features cloud vendors can offer to address threats. Technology and operations each contribute to data security.

Cloud 52

More Trending

US Commerce, Treasury Hit in Network Intrusions

Data Breach Today

SolarWinds: Flawed Updates in Orion Platform May be Source of Attacks The U.S. Commerce Department confirmed on Sunday it had been targeted by hackers, and the U.S. Treasury has also reportedly been struck.

IT 270

Medical Records Exposed via GitHub Leaks

Data Breach Today

Report: 9 Leaks Account for Exposure of PHI for at Least 150,000 Patients Never store hardcoded credentials in code uploaded to public-facing GitHub repositories, and make sure none of your business associates are doing that.

284
284

Thinking of a Cybersecurity Career? Read This

Krebs on Security

Thousands of people graduate from colleges and universities each year with cybersecurity or computer science degrees only to find employers are less than thrilled about their hands-on, foundational skills.

Ransomware Knocks Out Voter Database in Georgia

Data Breach Today

Report: Hall County Continuing to Restore Systems An Oct. 7 ransomware attack targeted a database used to verify voter signatures in Georgia, and the database is still not fully functional. The DoppelPaymer gang has taken credit for the attack

How to Measure DevSecOps Progress and Ensure Success

Speaker: Shannon Lietz, Director of DevSecOps Team, Intuit

You've finally done it: You've won over C-Suite and your DevSecOps team is up and running. But how do you monitor your new program? Join Shannon Lietz, Leader and Director of DevsecOps at Intuit, and learn to lead your DevSecOps team to the top.

Microsoft Finds Backdoor, CISA Warns of New Attack Vectors

Data Breach Today

Devastating Scope of Hacking Campaign Expands Microsoft says on Thursday it has removed malware related to an expansive hacking campaign that has ensnared thousands of organizations and U.S. government agencies.

Data of 27 Million Texas Drivers Compromised in Breach

Data Breach Today

Misconfigured Database Might Have Led to Data Breach, Security Experts Say An unauthorized person appears to have gained entry to insurance software firm Vertafore and compromised the driver's license information of over 27 million Texas citizens.

Ticketmaster Fined $1.7 Million for Data Security Failures

Data Breach Today

Following Alerts of Potential Fraud, Ticketmaster Took 9 Weeks to Spot Big Breach Ticketmaster UK has been fined $1.7 million by Britain's privacy watchdog for its "serious failure" to comply with the EU's General Data Protection Regulation.

Clothing Retailer H&M Told to Wear $41 Million GDPR Fine

Data Breach Today

Employee Surveillance Violations Trigger Germany's Biggest Privacy Fine to Date Privacy regulators in Germany have slammed clothing retailer H&M with a $41 million fine for collecting and retaining private employee data in violation of the EU's General Data Protection Regulation.

Retail 269

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

Morgan Stanley Hit With $5 Million Data Breach Suit

Data Breach Today

Poor Procedures for Discarding Old Equipment Led to Breach, Lawsuit Alleges A $5 million lawsuit seeking class action status has been filed against Morgan Stanley, claiming the financial organization failed to properly safeguard personally identifiable information when the company discarded old computer equipment.

Hacked: US Commerce and Treasury Departments

Data Breach Today

Fellow Victim FireEye Traces Breaches to Trojanized SolarWinds Software Updates The U.S. Commerce Department confirmed on Sunday it had been targeted by hackers, and the U.S. Treasury has also reportedly been struck.

ROUNDTABLE: What’s next, now that we know V.I.P Twitter users can so easily be spoofed?

The Last Watchdog

Judging from the criminals’ meager pay day, the high-profile hack of Twitter , disclosed last week, was nothing much. Related: Study shows disinformation runs rampant on Twitter The hackers insinuated their way deep into Twitter’s internal system. They were able to get into a position from which they could access some 350 million Twitter accounts, including numerous accounts of the rich and famous.

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

Fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. The attacks were facilitated by scams targeting employees at GoDaddy , the world’s largest domain name registrar, KrebsOnSecurity has learned.

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

Iranian Hackers Using LinkedIn, WhatsApp to Target Victims

Data Breach Today

Charming Kitten' Threat Group Continues Impersonating Journalists "Charming Kitten," a hacking group with ties to Iran, is now using LinkedIn and WhatsApp messages to contact potential victims and persuade them to visit a phishing page, according to ClearSky.

US Treasury Suffers 'Significant' SolarWinds Breach

Data Breach Today

Dozens of Email Accounts' Compromised by Attackers, Says Senior Democratic Senator An ongoing investigation at the U.S.

Access 251

Elon Musk Says Tesla Saved From 'Serious' Ransom Attempt

Data Breach Today

FBI: $4 Million Scheme - Mixing Malware, DDoS and Extortion - Thwarted by Insider Tesla CEO Elon Musk says a "serious attack" aimed at stealing corporate data and holding his company to ransom has been thwarted.

267
267

Cyber Incidents Disrupt More Schools

Data Breach Today

Districts in Connecticut, Florida Among the Latest Targets The start of classroom instruction at Hartford Public Schools in Connecticut was canceled Tuesday as a result of a ransomware attack - the latest in a series of cyber incidents to disrupt schools this fall.

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

How a Game Developer Leaked 46 Million Accounts

Data Breach Today

WildWorks Data Breach Shows Danger of Sharing Sensitive Keys Over Chat Chat and collaboration software tools such as Slack are critical for software development teams.

Bye-Bye Bitcoins: Empire Darknet Market 'Exit Scams'

Data Breach Today

Darknet Market Is the Latest to See Administrators Steal Users' Cryptocurrency Message to anyone who placed or fulfilled an order via the world's largest darknet market, Empire, in recent weeks: Say bye-bye to your cryptocurrency.

VMware Flaw a Vector in SolarWinds Breach?

Krebs on Security

government cybersecurity agencies warned this week that the attackers behind the widespread hacking spree stemming from the compromise at network software firm SolarWinds used weaknesses in other, non-SolarWinds products to attack high-value targets.

SolarWinds Attack: 'This Hit the Security Community Hard'

Data Breach Today

RiskIQ CEO Lou Manousos Details Lessons to Learn in Supply-Chain Attack Aftermath The SolarWinds breach is a case study in how attackers can subvert a widely used piece of software to turn it to their advantage, says Lou Manousos, CEO of RiskIQ.

Rethinking Information Governance In The Age of Unstructured Enterprise Data

Today’s organizations are faced with the overwhelming challenge of managing, finding, and leveraging their information. This eBook discusses a newly discovered information discipline and is filled to the brim with helpful information.

NSA Warns of Hacking Tactics That Target Cloud Resources

Data Breach Today

Alert Follows Week's Worth of Revelations About SolarWinds Breach The NSA has issued a warning about two hacking techniques that could allow threat actors to access cloud resources by bypassing authentication mechanisms.

Cloud 247

NEW TECH: Byos pushes ‘micro segmentation’ approach to cybersecurity down to device level

The Last Watchdog

Many companies take an old-school approach to bringing up the rear guard, if you will, when it comes to protecting IT assets. It’s called network segmentation. The idea is to divide the network up into segments, called subnetworks, to both optimize performance as well as strengthen security. Related: A use case for endpoint encryption At RSA 2020 in San Francisco recently, I learned about how something called “micro segmentation” is rapidly emerging as a viable security strategy.

Microsoft Warns of Office 365 Phishing Attacks

Data Breach Today

Fraudsters Using Evasive Techniques to Bypass Secure Email Gateways Microsoft's Security Intelligence team is warning users of the Office 365 suite about an ongoing phishing campaign that appears to be harvesting victims' credentials.