A threat actor is flooding a hacker forum with databases exposing expose over 386 million user records that they claim were stolen from eighteen companies during data breaches.
Source: Hacker leaks 386 million user records from 18 companies for free
Jul 29 2020
A threat actor is flooding a hacker forum with databases exposing expose over 386 million user records that they claim were stolen from eighteen companies during data breaches.
Source: Hacker leaks 386 million user records from 18 companies for free
Jul 23 2020
Names, credit card data, addresses, and information on transactions as recent as yesterday are being sold online.
As of Wednesday, sellers in two dark web stores were offering information from what appeared to be 278,531 accounts, although some of those may be duplicates or not genuine. As of April, Instacart had “millions of customers across the US and Canada,” according to a company spokesperson.
Source: Instacart Customers’ Personal Info Is Being Sold Online
Personal info of 200K+ Instacart users being sold on the dark web; Instacart says it wasn’t breached
httpv://www.youtube.com/watch?v=IA2kSg7-ACM
PCI DSS – Data Security Standard
Download a Security Risk Assessment Steps paper!
Subscribe to DISC InfoSec blog by Email
Take an awareness quiz to test your basic cybersecurity knowledge
DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles
Jul 14 2020
EXCLUSIVE: The MGM Resorts 2019 data breach is much larger than initially reported.
Source: A hacker is selling details of 142 million MGM hotel guests on the dark web | ZDNet
According to the ad, the hacker is selling the details of 142,479,937 MGM hotel guests for a price just over $2,900. The hacker claims to have obtained the hotel’s data after they breached DataViper, a data leak monitoring service operated by Night Lion Security.
MGM Exposes over 10,000,000 Profiles to Hackers – Feb 21, 2020
httpv://www.youtube.com/watch?v=vlPE-4Tjnrc
Protect Your Organization Against Massive Data Breaches and Their Consequences
Download a Security Risk Assessment Steps paper!
Subscribe to DISC InfoSec blog by Email
Take an awareness quiz to test your basic cybersecurity knowledge
DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles
Jul 09 2020
More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts.
Source: 15 billion credentials available in the cybercrime marketplaces
Exploring the Dark Web
httpv://www.youtube.com/watch?v=BN1NU0ivzj8
Explore the subject of Cyber Attack
Download a Security Risk Assessment Steps paper!
Subscribe to DISC InfoSec blog by Email
Take an awareness quiz to test your basic cybersecurity knowledge
DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles
May 31 2020
As hackers shift tactics, business owners can take steps to prevent attacks and minimize damage.
Source: How hoteliers can mitigate data breaches
The 5 Most Dangerous New Attack Techniques and How to Counter Them
httpv://www.youtube.com/watch?v=xz7IFVJf3Lk
Data Breaches: Crisis and Opportunity
Download a Security Risk Assessment Checklist paper!
Subscribe to DISC InfoSec blog by Email
May 25 2020
More than two dozen SQL databases stolen from online shops in various countries are being offered for sale on a public website. In total, the seller provides over 1.5 million rows of records but the damage is likely much larger.
Source: Hacker extorts online shops, sells databases if ransom not paid
More than two dozen SQL databases stolen from online shops in various countries are being offered for sale on a public website. In total, the seller provides over 1.5 million rows of records but the amount of stolen data is much larger.
The attacker is hacking into insecure servers that are reachable over the public web, copies the databases, and leaves a note asking for a ransom in return of the stolen data.
Victims have 10 days to pay BTC 0.06 ($525 at current price) a wallet provided in the ransom note, else the hacker makes the database public or uses it as they please.
Hacked! What to do with an extortion email
httpv://www.youtube.com/watch?v=CQS-fSsIQbo
Bitcoin Email Blackmail Ransom Scam
httpv://www.youtube.com/watch?v=H40C7Hbpdqw
Download a CyberAware cheat sheet
May 21 2020
Santander Consumer Bank, the Belgian branch of the bank, had a misconfiguration in its blog domain that was allowing its files to be indexed.
Source: Santander, one of the biggest European banks, was leaking sensitive data on their website
A Santander Consumer spokesperson said:
“The incident highlighted relates specifically to the Santander Consumer Bank Belgium blog only. The blog contains only public information and articles, and therefore no customer data or critical information from the blog  has been compromised. Our security team has already fixed the issue to ensure the blog is secure.”
When we visited the Santander blog on its Belgian domain, we noticed that the www endpoint of the blog subdomain had a misconfiguration that allowed all of its files to be indexed by search engines
Included in these indexed files was an important info.json file that seemed to contain its Cloudfront API keys.
Download a CyberAware Cheat Sheet
Jul 26 2019
Discover how to write a GDPR data breach notification procedure to help you with your GDPR compliance. Including a free template example. Read now
Source: How to write a GDPR data breach notification procedure – with template example – IT Governance Blog
Organizations must create a procedure that applies in the event of a personal data breach under Article 33 – “Notification of a personal data breach to the supervisory authority” – and Article 34 of the GDPR – “Communication of a personal data breach to the data subject”.
The picture above is an example of what a data breach notification might look like – available from the market-leading EU GDPR Documentation Toolkit – which sets out the scope of the procedure, responsibilities and the steps that will be taken by the organization to communicate the breach from: