WizCase’s team of ethical hackers, led by Ata Hakçıl, has found a major breach exposing a number of US cities, all of them using the same web service provider aimed at municipalities. Original post at https://www.wizcase.com/blog/us-municipality-breach-report/ What’s Happening? Over a 100 US cities appeared to be using the same product, mapsonline.net, provided by an American company named PeopleGIS. […]

Researchers from Cyber News Team have spotted threat actors offering for sale 600 million LinkedIn profiles scraped from the platform, again. Original post: https://cybernews.com/news/threat-actors-scrape-600-million-linkedin-profiles-and-are-selling-the-data-online-again/ For the third time in the past four months, LinkedIn seems to have experienced another massive data scrape conducted by a malicious actor. Once again, an archive of data collected from hundreds of millions of LinkedIn user […]

So, how do organizations find the right balance when it comes to data security? Here are three tips to help organizations navigate this challenge: Security and Usability: Designing Secure Systems that People Can Use

The growing reliance on public cloud services as both a source and repository of mission-critical information means data owners are under pressure to deliver effective protection for cloud-resident applications and data. Indeed, cloud is now front of mind for many IT organisations. According to recent research by Enterprise Strategy Group (ESG) cloud is “very well-perceived by data […]

Records and Information Management: Fundamentals of Professional Practice, Fourth Edition presents principles and practices for systematic management of recorded information. It is an authoritative resource for newly appointed records managers and information governance specialists as well as for experienced records management and information governance professionals who want a review of specific topics. It is also a […]

How to Become a Data Protection Officer The role of a Data Protection Officer (DPO) is a fairly new one in many companies. What’s more, the need to hire a DPO often comes as a response to the General Data Protection Regulations (GDPR) which were implemented back in 2018.As such, the responsibilities, reporting and structure […]

TikTok is again being accused of illegally processing children’s personal data. The latest claim has been brought by Anne Longfield, the former children’s commissioner for England, who is suing the video-sharing app on behalf of 3.5 million children in the UK. She alleges that TikTok is violating the GDPR (General Data Protection Regulation) by collecting excessive data […]

Ata Hakcil led the team of white hat hackers from WizCase in identifying a major data leak on online trading broker FBS’ websites. The data from FBS.com and FBS.eu comprised millions of confidential records including names, passwords, email addresses, passport numbers, national IDs, credit cards, financial transactions and more. Were such detailed personally identifiable information (PII) to […]

Data hygiene consists of actions that organizations can, and should, take as a matter of following not only compliance requirements, but also as part of basic risk management program practices. Consistent, risk-specific data hygiene practices supports not only a very wide range and number of data protection compliance requirements, but performing data hygiene activities also […]

Choosing the right data security solution Jean Le Bouthillier, CEO of Canadian data security startup Q​ohash​, says that organizations have had many issues with solutions that generate large volumes of (often) not relevant and not actionable data. “My first piece of advice for organizations looking for the right data security solutions would be to consider whether […]

OVH, one of the largest hosting providers in the world, has suffered this week a terrible fire that destroyed its data centers located in Strasbourg. The French plant in Strasbourg includes 4 data centers, SBG1, SBG2, SBG3, and SBG4 that were shut down due to the incident, and the fire started in SBG2 one. The fire impacted the services […]

In this post, we are going to talk about MITRE ATT&CK® technique T1001 – Data Obfuscation. As the name indicates, this technique consists in making data, usually sent over Command and Control (C&C) communications, more difficult to detect and decode. There are countless ways to do that, but here we are going to focus on disguising […]

For the second time in as many years, Google is working to fix a weakness in its Widevine digital rights management (DRM) technology used by online streaming sites like Disney, Hulu and Netflix to prevent their content from being pirated. The latest cracks in Widevine concern the encryption technology’s protection for L3 streams, which is used for […]

Experts observed a new tactic adopted by Magecart groups, they used Telegram to exfiltrate stolen payment details from compromised websites Source: Hackers use e-skimmer that exfiltrates payment data via Telegram CISA Webinar: E-Skimming This Is How Easy It Is To Get Hacked | VICE on HBO Download a Security Risk Assessment Steps paper! Security Risk […]

Apple planned to release a fix for the Safari bug by Spring 2021, delaying it for one year. The bug allows stealing local data files. Source: Safari Bug That Allows Stealing Data Disclosed After Apple Delays A Patch Data Loss/Leak Prevention | Security Basics

  5 Common Accidental Sources of Data Leaks – Nightfall AI How do bad actors gain access to a company’s data? Most of the time, well-meaning everyday people are the real source of data insecurity. In cybersecurity and infosec, it’s common to assume that criminals are behind all data breaches and major security events. Bad […]

More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts. Source: 15 billion credentials available in the cybercrime marketplaces Exploring the Dark Web Explore the subject of Cyber Attack Download a Security Risk Assessment Steps paper! Subscribe to DISC InfoSec blog by Email Take […]