Archive for the ‘data security’ Category

T-Mobile to cough up $500 million over 2021 data breach

Just under a year ago, the US arm of telecomms giant T-Mobile admitted to a data breach after personal information about its customers was offered for sale on an underground forum. At the time, VICE Magazine claimed to have communicated with the hacker behind the breach via online chat, and to have been offered “T-Mobile USA. Full customer info.” VICE’s […]

Leave a Comment

Experts uncovered over 3.6M accessible MySQL servers worldwide

Researchers uncovered 3.6M accessible MySQL servers worldwide that represent a potential attack surface for their owners. Researchers from Shadow Server scanned the internet for publicly accessible MySQL server instances on port 3306/TCP and uncovered 3.6M installs worldwide responding to their queries. These publicly accessible MySQL server instances represent a potential attack surface for their owners. “These are instances that respond to our […]

Leave a Comment

Lapsus$ extortion gang claims to have stolen sensitive data from Okta

The Lapsus$ extortion group claims to have stolen sensitive data from the identity and access management giant Okta solutions. The gang announced the alleged hack through its Telegram channel and shared a series of screenshots as proof of the hack. Some of the images published by the threat actors appear to be related to the company’s […]

Leave a Comment

Open database leaves major Chinese ports exposed to shipping chaos

The freight logs of two major Chinese shipping ports have been leaking data, a problem which if left unresolved could disrupt the supply chain of up to 70,000 tonnes of cargo a day, with potentially serious consequences for international shipping. The cybernews® research team identified an open ElasticSearch database, which contained more than 243GB of […]

Leave a Comment

CISA and FBI warn of potential data wiping attacks spillover

US CISA and the FBI warned US organizations that data wiping attacks targeting Ukraine entities could spill over to targets worldwide. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) published a joint cybersecurity advisory to warn US organizations of data wiping attacks targeting Ukraine that could hit targets worldwide. […]

Leave a Comment

Experts disclose details of Apache Cassandra DB RCE

Researchers disclose a now-patched remote code execution (RCE) vulnerability in the Apache Cassandra database software. JFrog researchers publicly disclosed details of a now-patched high-severity security vulnerability (CVE-2021-44521) in Apache Cassandra database software that could be exploited by remote attackers to achieve code execution on affected installations. Apache Cassandra is an open-source NoSQL distributed database used […]

Leave a Comment

French data protection authority says Google Analytics is in violation of GDPR

French data protection authority says Google Analytics is in violation of GDPR The French national data protection authority, CNIL, issued a formal notice to managers of an unnamed local website today arguing that its use of Google Analytics is in violation of the European Union’s General Data Protection Regulation, following a similar decision by Austria last […]

Leave a Comment

Data Security Best Practice

Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World

Leave a Comment

List of data breaches and cyber attacks in December 2021 – 219 million records breached

List of data breaches and cyber attacks in December 2021 – 219 million records breached Luke Irwin  4th January 2022 2021 was a difficult year many of us, and with the hope that COVID-19 will dissipate in the spring, this is a new year more than any other where we want to look forwards, not backwards. […]

Leave a Comment

NIST PRIVACY FRAMEWORK: A TOOL FOR IMPROVING PRIVACY THROUGH ENTERPRISE RISK MANAGEMENT

The simplest, fastest, and most affordable way to comply with privacy legislation like the EU’s GDPR (General Data Protection Regulation), the CPRA (California Privacy Rights Act), New York’s SHIELD Act, and others. With Privacy as a Service, you can:  * Achieve scaled privacy compliance quickly* Remain one step ahead of legislative developments with affordable advice […]

Leave a Comment

Flaws in DataVault encryption software impact multiple storage devices

Researcher Sylvain Pelissier has discovered that the DataVault encryption software made by ENC Security and used by multiple vendors is affected by a couple of key derivation function issues. An attacker can exploit the flaws to obtain user passwords. This week Pelissier detailed the vulnerabilities at the Chaos Computer Club’s Remote Chaos Experience (rC3) virtual conference. DataVault […]

Leave a Comment

How Virtualization Helps Secure Connected Cars

Connected cars create opportunities to deliver enhanced customer experiences. At the same time, they also have the potential to provide high cost and revenue benefits. This is true for connected car companies, OEMs, suppliers and insurers (and much, much more). However, car companies haven’t really explored the opportunities to monetize customer data adequately. We can […]

Leave a Comment

China-linked LightBasin group accessed calling records from telcos worldwide

A China-linked hacking group, tracked as LightBasin (aka UNC1945), hacked mobile telephone networks around the globe and used specialized tools to access calling records and text messages from telecommunications companies. The cyberespionage group has been active since at least 2016, according to the CrowdStrike researchers it is using a very sophisticated toolset. CrowdStrike researchers reported that […]

Leave a Comment

Over 80 US Municipalities’ Sensitive Information, Including Resident’s Personal Data, Left Vulnerable in Massive Data Breach

WizCase’s team of ethical hackers, led by Ata Hakçıl, has found a major breach exposing a number of US cities, all of them using the same web service provider aimed at municipalities. Original post at https://www.wizcase.com/blog/us-municipality-breach-report/ What’s Happening? Over a 100 US cities appeared to be using the same product, mapsonline.net, provided by an American company named PeopleGIS. […]

Leave a Comment

Threat actors scrape 600 million LinkedIn profiles and are selling the data online

Researchers from Cyber News Team have spotted threat actors offering for sale 600 million LinkedIn profiles scraped from the platform, again. Original post: https://cybernews.com/news/threat-actors-scrape-600-million-linkedin-profiles-and-are-selling-the-data-online-again/ For the third time in the past four months, LinkedIn seems to have experienced another massive data scrape conducted by a malicious actor. Once again, an archive of data collected from hundreds of millions of LinkedIn user […]

Leave a Comment

3 tips for balancing data security and usability

So, how do organizations find the right balance when it comes to data security? Here are three tips to help organizations navigate this challenge: Security and Usability: Designing Secure Systems that People Can Use

Leave a Comment

Why Data Protection Cloud Strategies Are Now Mission-Critical

The growing reliance on public cloud services as both a source and repository of mission-critical information means data owners are under pressure to deliver effective protection for cloud-resident applications and data. Indeed, cloud is now front of mind for many IT organisations. According to recent research by Enterprise Strategy Group (ESG) cloud is “very well-perceived by data […]

Leave a Comment

Records and Information Management: Fundamentals of Professional Practice

Records and Information Management: Fundamentals of Professional Practice, Fourth Edition presents principles and practices for systematic management of recorded information. It is an authoritative resource for newly appointed records managers and information governance specialists as well as for experienced records management and information governance professionals who want a review of specific topics. It is also a […]

Leave a Comment

How to Become a Data Protection Officer

How to Become a Data Protection Officer The role of a Data Protection Officer (DPO) is a fairly new one in many companies. What’s more, the need to hire a DPO often comes as a response to the General Data Protection Regulations (GDPR) which were implemented back in 2018.As such, the responsibilities, reporting and structure […]

Leave a Comment

TikTok sued over its use of children’s personal data

TikTok is again being accused of illegally processing children’s personal data. The latest claim has been brought by Anne Longfield, the former children’s commissioner for England, who is suing the video-sharing app on behalf of 3.5 million children in the UK. She alleges that TikTok is violating the GDPR (General Data Protection Regulation) by collecting excessive data […]

Leave a Comment