breach   1068

« earlier    

IBM’s 2018 Data Breach Study Shows Why We’re In A Zero Trust World Now
"The report is a quick read and the data provided is fascinating. One can’t help but reflect on how legacy security technologies designed to protect digital businesses decades ago isn’t keeping up with the scale, speed and sophistication of today’s breach attempts. The most common threat surface attacked is compromised privileged credential access. 81% of all breaches exploit identity according to an excellent study from Centrify and Dow Jones Customer Intelligence, CEO Disconnect is Weakening Cybersecurity (31 pp, PDF, opt-in)."
business  featured  posts  technology  software  trends  &  concepts  centrify  cybersecurity  enterprise  security  ibm  2018  cost  of  a  data  breach  study  louis  columbus  next-gen  access 
6 days ago by jonerp
Reddit Breach Highlights Limits of SMS-Based Authentication — Krebs on Security today disclosed that a data breach exposed some internal data, as well as email addresses and passwords for some Reddit users. As Web site breaches go, this one doesn’t seem too severe. What’s interesting about the incident is that it showcases once again why relying on mobile text messages (SMS) for two-factor authentication (2FA) can lull companies and end users into a false sense of security.
In a post to Reddit, the social news aggregation platform said it learned on June 19 that between June 14 and 18 an attacker compromised a several employee accounts at its cloud and source code hosting providers.
Reddit said the exposed data included internal source code as well as email addresses and obfuscated passwords for all Reddit users who registered accounts on the site prior to May 2007. The incident also exposed the email addresses of some users who had signed up to receive daily email digests of specific discussion threads.
security  privacy  breach  hack  2FA  data  krebs 
12 days ago by rgl7194
Reddit Hacked – Emails, Passwords, Private Messages Stolen
Another day, another significant data breach.
This time the victim is Reddit... seems someone is really pissed off with Reddit's account ban policy or bias moderators.
Reddit social media network today announced that it suffered a security breach in June that exposed some of its users' data, including their current email addresses and an old 2007 database backup containing usernames and hashed passwords.
According to Reddit, the unknown hacker(s) managed to gain read-only access to some of its systems that contained its users' backup data, source code, internal logs, and other files.
security  privacy  breach  hack  2FA  data 
12 days ago by rgl7194
Reddit Announces Security Breach After Hackers Bypassed Staff's 2FA
Reddit announced today a security breach. The social platform says a hacker(s) breached the accounts of several employees after bypassing two-factor authentication (2FA) and stole information such as some email addresses, logs, and a 2007 database backup containing old salted and hashed password.
The hack took place between June 14 and June 18. Reddit said it discovered the breach the next day, on June 19.
Reddit said the hacker never got "write access" to its servers.
"They were not able to alter Reddit information, and we have taken steps since the event to further lock down and rotate all production secrets and API keys, and to enhance our logging and monitoring systems," the company said.
security  privacy  breach  hack  2FA  data 
12 days ago by rgl7194
Timehop Hacked — Hackers Stole Personal Data Of All 21 Million Users
And the hacks just keep on coming.
Timehop social media app has been hit by a major data breach on July 4th that compromised the personal data of its more than 21 million users.
Timehop is a simple social media app that collects your old photos and posts from your iPhone, Facebook, Instagram, Twitter and Foursquare and acts as a digital time machine to help you find—what you were doing on this very day exactly a year ago.
The company revealed on Sunday that unknown attacker(s) managed to break into its Cloud Computing Environment and access the data of entire 21 million users, including their names, email addresses, and approximately 4.7 million phone numbers attached to their accounts.
"We learned of the breach while it was still in progress, and were able to interrupt it, but data was taken. Some data was breached," the company wrote in a security advisory posted on its website.
social_media  apps  security  privacy  breach  data  hack 
13 days ago by rgl7194
Timehop Security Breach Affects the Company’s Entire 21 Million Userbase
Timehop, a mobile app that surfaces old social media posts from the same day but from previous years, has announced a security breach affecting its entire userbase of over 21 million users.
Not all users were affected to the same extent. The company said a hacker gained access to its infrastructure and stole details on its users that included usernames, emails, telephone numbers, and access keys.
social_media  apps  security  privacy  breach  data  hack 
13 days ago by rgl7194
How I gained commit access to Homebrew in 30 minutes
Since the recent NPM, RubyGems, and Gentoo incidents, I’ve become increasingly interested, and concerned, with the potential for package managers to be used in supply chain attacks to distribute…
security  homebrew  breach  credentials  token  github  jenkins 
14 days ago by floehopper
New Rules to Protect Data Privacy: Where to Focus, What to Avoid | Electronic Frontier Foundation
For many years, EFF has urged technology companies and legislators to do a better job at protecting the privacy of technology users and other members of the public. We hoped the companies, particularly mature players, would realize the importance of implementing meaningful privacy protections. But this year’s Cambridge Analytica scandal, following on the heels of many others, was the last straw.  Corporations are willfully failing to respect the privacy of technology users, and we need new approaches to give them real incentives to do better—and that may include updating our privacy laws.
To be clear, any new regulations must be judicious and narrowly tailored, avoiding tech mandates and expensive burdens that would undermine competition—already a problem in some tech spaces. To accomplish that, policymakers must start by consulting with technologists as well as lawyers.  After the passage of SESTA/FOSTA, we know Congress can be insensitive about the potential consequences of the rules it embraces. Looking to experts would help.
EFF  data  privacy  security  opt-in  sharing  breach  gov2.0 
15 days ago by rgl7194
Have I Been Pwned: Check if your email has been compromised in a data breach
Have I Been Pwned allows you to search across multiple data breaches to see if your email address has been compromised.
pwned  security  passwords  1password  privacy  breach 
16 days ago by jmsmrgn
RT : Suffering from ' fatigue'? Stay strong and don't let your guard down! Here, BlackBerry CTO C…
cybersecurity  breach  from twitter
20 days ago by kcarruthers
What Mueller’s Latest Indictment Reveals About Russian and U.S. Spycraft
The U.S. Government Is Very Good at Tracking Bitcoin
The indictment accuses the Russians of conspiring to “launder the equivalent of more than $95,000 through a web of transactions structured to capitalize on the perceived anonymity of cryptocurrencies such as bitcoin.”
“Whistleblowers go to significant efforts to get us material, and often very significant risks,” Assange said. “There’s a 27-year-old, works for the DNC, who was shot in the back, murdered, just a few weeks ago, for unknown reasons as he was walking down the street in Washington.”

WikiLeaks did not respond to a request for comment.
USA  Security  breach  bitcoin  NSA  Russland  hack  Wikileaks  Assange_Julian  Mord 
28 days ago by snearch
Timehop Security Incident, July 4th, 2018
Excellent example of transparency around a security breach.
breach  security  example  bestpractices  transparency 
4 weeks ago by jonathan

« earlier    

related tags

&  105k  14  1password  2018  21  2fa  4  5.9m  a  access  action  additional  admin  admits  advertising  affecting...  affecting  after  alexa  analytica  announces  api  app  applogy  apps  assange_julian  authentication  bank  banking  bbc  beaches  before  bestpractices  bigdata  bitcoin  breaches  broken  broken_promises  browser  business  byline=louis  bypassed  cadwalladr  cambridge  canada  card  cards  careem  carphone  centrify  check  children  classified  cloud  cloudleak  columbus  comp3911  compliance  complyright  compromised  concepts  corporate  cost  credentials  credit_cards  credit_report  crime  cyber  cybersecurity  data  databases  databreach  dataethics  dataprotection  delete  delete_facebook  detection  digital  discloses  disclosure  dixons  dod  dump  eavesdropping  eff  elasticsearch  email  energy  enterprise  equifail  equifax  ethics  example  experian  extortion  facebook  fail  failure  featured  financial  fine  forensics  fraud  freeze  fuite  gdpr  github  gov2.0  government  govt  grindr  guardian  hack  hackers  hacking  hacks  health  history  hole  homebrew  ibm  ico  identity  identity_theft  in  incident  industry  infographic  infographics  infosec  internet  investigate  ip  javascript  jenkins  jm  js  july  knew  kogan  krebs  law  leak  learning  legal  liberty  linux  little  log  louis  machine  management  mark  marketing  million  mistakes  mmm  months...  months  monzo  mord  netsec  network  news  newsletter  next-gen  npm  nsa  nz  of  online  opt-in  panera  panerabread  password  passwords  payment  people  personal  personaldata  petrol  pfe  pin  plan  post-mortem  posts  priv  privacy  privacykit  product  protection  pwned  reddit  refund  report  restaurants  reveals  ride-hailing  rootkit  russland  safety  says  scam  scrape  scraping  sec  securite  security  services  sharing  shodan  singapore  sms  social_media  software  soverign  spying  spyware  staff's  stolen  store  study  sunshine  surveillance  taking  tax  tech  techcrunch  technology  test  testing  that  theft  ticketmaster  timehop  token  tools  tour  transparancy  transparency  trends  trust  uk  unaccountable  uoe  us  usa  users  verification  was  web  webinar  website  were  which  wikileaks  wired  wylie  yubi  yubikey  z  zero  zuckerberg     

Copy this bookmark: