databreach   419

« earlier    

The Customs and Border Protection Data Breach Was Inevitable - The Atlantic
U.S. Customs and Border Protection announced yesterday afternoon that hackers had stolen an undisclosed number of license-plate images and travelers’ ID photos from a subcontractor.
databreach  hacking  security  US  government 
3 days ago by corrickwales
Verizon Data Breach Investigations Report: Make It Harder for Hackers
Another area where hackers find they have to do relatively little for a big payoff is by using stolen credentials to compromise cloud-based email accounts. The report found that compromise of web-based email accounts using stolen credentials rose to 16% of all breaches this year, from just 3% last year.

To protect against social engineering attacks, IT professionals can block employees from clicking on macro-enabled Office documents, Windows executables and most links on the email gateway. Another important step is to encourage reporting.

To help prevent ransomware, Bassett recommends requiring employees who deal with the outside world to use a sandbox platform.
cloud  password  databreach  cybersecurity 
5 days ago by bwiese
Code Repository Companies Pledge to Share Attack Data | Decipher
On May 2, some BitBucket, GitHub, and GitLab users discovered their repositories had been wiped and replaced with a ransom note asking for Bitcoin. The fact that users were across all three platforms raised the possibility of a large operation where the attackers had figured out a way to compromise all the providers. After some investigation, the three providers confirmed independently that the attackers had compromised every single one of the ransomed repositories with legitimate credentials. In some cases, the attackers had the username and passwords; in other cases, they had application passwords, API keys, and personal access tokens.

“After getting access to the user accounts, the attackers performed command-line Git commits, which resulted in overwriting the source code in repositories with the ransom note,” the companies wrote in their analysis.

Instead, the collection of passwords and keys came from the repositories themselves, as users had saved (mistakenly?) files containing these secrets to the repositories. The fact that users save files containing API keys and passwords to cloud storage services and code repositories is a known—and big—problem.
passwords  github  atlassian  databreach 
17 days ago by bwiese
The Value Of Quickly Disclosing A Data Breach | Cozen O'Connor - JDSupra
Umm, not always ...
Therefore, the compromised company needs to get ahead of things to control the narrative. We oftentimes forget that a company that has been hacked is a victim. A timely public announcement can help to remind the public of that fact. An announcement that acknowledges the problem, provides a meaningful recourse for those affected, and emphasizes the company’s commitment to work with law enforcement can help to shift the focus toward those who invaded the company’s systems. Delaying announcement until after a breach is already publicly discovered robs the company of the opportunity to frame itself as part of the solution rather than part of the problem.
DataBreach  PrivacyCommunications  NeverendingGuide  from twitter
5 weeks ago by loughlin

« earlier    

related tags

00000  1.4  2018  4ir  @tools  academia  addresses  advice  aggregator  alexa  amazon  android  api  ashley  atlassian  ba  banking  bas  bcrypt  billion  booter  breach  business  census  charity  china  cloud  compilation  complaints  compliance  compromise  contentmill  critique  cybersecurity  data  database  databreaches  datahorrorstories  dataprotection  datasecurity  ddos  dixons  dowjones  download  dropbox  dx  edtech  email  encryption  enforcement  engine  equifax  eu  example  exfil  facebook  fema  fine  forum  fraud  gambling  gaming  gdpr  geek  germany  github  google  googlebreach  government  guide  hackers  hacking  haveibeenpwned  health  hiv  icloud  ico  idpc  india  informationisbeautiful  infosec  instagram  ipb  ireland  isdp  javascript  k12cybersecure  lasc  leak  leakedsource  legalaction  libraries  linkedin  lookup  madison  magecart  malware  marriott  mate1  maximumsecurity  md5  medical  medicalrecords  microsoft  minecraft  mumsnet  mybb  myspace  ncsc  neverendingguide  news  notforprofit  oscommerce  outlook  passport  password  passwords  personaldata  phishing  plaintext  politics  porn  privacy  privacycommunications  ransomware  reddit  regulation  reporting  runescape  russia  salt  search  searchengine  security  securityexploits  settlement  sha  singapore  socialmedia  software  spyware  subjectaccessrequests  technology  tool  tools  tumblr  twitter  uk  uncategorized  us  usps  vehicles  visualisation  vulnerability  webinar  whistleblowing  yahoo  yale 

Copy this bookmark: