2010, Data, Information Security and Security - Information Management Today

BORN Ontario data breach impacted 3.4 million newborns and pregnancy care patients

Security Affairs

SEPTEMBER 26, 2023

The Better Outcomes Registry & Network (BORN), the Ontario birth registry disclosed a data breach affecting some 3.4 The BORN funded by the government of Ontario disclosed a data breach that impacts some 3.4 During the breach, unauthorized copies of files containing personal health information were taken from BORN’s systems.”

Data breaches

Data breaches Ransomware Data collection Cybersecurity

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Security Affairs

AUGUST 6, 2023

The Colorado Department of Higher Education (CDHE) finally disclosed a data breach impacting students, past students, and teachers after the June attack. In June a ransomware attack hit the Colorado Department of Higher Education (CDHE), now the organization disclosed a data breach.

Education

Education Data breaches Ransomware Access

Hospitality Chain McMenamins discloses data breach after ransomware attack

Security Affairs

JANUARY 4, 2022

Hospitality chain McMenamins disclosed a data breach after a recent ransomware attack. Hospitality chain McMenamins discloses a data breach after a ransomware attack that took place on December 12. According to the company, threat actors have stolen data of individuals employed between July 1, 2010, and December 12, 2021.

Data breaches

Data breaches Ransomware Insurance Sales

Webinars

Improving the Accuracy of Generative AI Systems: A Structured Approach

MORE WEBINARS

Volvo Cars suffers a data breach. Is it a ransomware attack?

Security Affairs

DECEMBER 10, 2021

Swedish automotive manufacturer Volvo Cars revealed that has suffered a cyberattack that resulted in the theft of R&D data. Swedish automotive manufacturer Volvo Cars revealed that threat actors have stolen R&D data from its systems. ” reads the notice of cyber security breach published by Volvo.

Data breaches

Data breaches Ransomware IT Manufacturing

Magecart hackers hide stolen credit card data into images and bogus CSS files

Security Affairs

JULY 12, 2021

Magecart hackers continuously improve their exfiltration techniques to evade detection, they are hiding stolen credit card data into images. Magecart hackers have devised a new technique to obfuscating the malware within comment blocks and hide stolen credit card data into images evading detection. php echo ""."h"."e"."".""."llo"."w"."o"."".""."r"."l"."d"."";

Marketing

Marketing Security Cybersecurity Information Security

Wikileaks founder Julian Assange is free

Security Affairs

JUNE 25, 2024

He left Belmarsh maximum security prison on the morning of 24 June, after having spent 1901 days there. He published thousands of classified diplomatic and military documents on WikiLeaks in 2010. Julian Assange is free after five years in Belmarsh prison, the WikiLeaks founder has been released in the U.K.

Military

Military Passwords Access Government

US-based children’s clothing maker Hanna Andersson discloses a data breach

Security Affairs

JANUARY 21, 2020

The US-based children’s clothing maker Hanna Andersson has disclosed a data breach that affected its customers. The US-based children’s clothing maker and online retailer Hanna Andersson discloses a data breach, attackers planted an e-skimmer on its e-commerce platform. Hannah Anderson was breached.

Data breaches

Data breaches Retail Cloud Insurance

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Krebs on Security

JANUARY 24, 2023

The blog featured musings on the challenges of running a company that sells “security and anonymity services to customers around the world,” and even included a group photo of RSOCKS employees. “Thanks to you, we are now developing in the field of information security and anonymity!,” Kloster’s blog enthused. “We

IoT

IoT Data breaches Ransomware Access

Key aerospace player Safran Group leaks sensitive data

Security Affairs

MARCH 15, 2023

Original post at [link] The Cybernews research team recently discovered that the French-based multinational aviation company, the eighth largest aerospace supplier worldwide, was leaking sensitive data due to a misconfiguration of its systems. The vulnerability left the company at risk from cyberattacks over an extended period of time.

Manufacturing

Manufacturing Access Risk IT

SBOMs: Securing the Software Supply Chain

eSecurity Planet

OCTOBER 26, 2021

This article looks at software bills of materials, file data, existing standards, benefits, use cases, and what SBOMs mean for cybersecurity. The SBOM framework is about the units of software identified by developers and suppliers known as components and associated data known as attributes. What’s in a SBOM File?

Security

Security Risk Compliance Cybersecurity

Maryland Department of Labor discloses a data breach

Security Affairs

JULY 9, 2019

The Maryland Department of Labor announced it has suffered a data breach announced that exposed personally identifiable information. . The Maryland Department of Labor suffered a data breach, hackers accessed databases containing personally identifiable information (PII). ” continues the Department. . .

Data breaches

Data breaches Insurance Access Security

German Federal Office for Information Security Issues Draft Framework Paper on Information Security for Cloud Computing

Hunton Privacy

OCTOBER 11, 2010

On September 28, 2010, the German Federal Office for Information Security , (the Bundesamt für Sicherheit in der Informationstechnik or “BSI”) released a draft framework paper on information security issues related to cloud computing. Service provider security management requirements. Emergency management.

Information Security

Information Security Paper Cloud Security

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

Krebs on Security

SEPTEMBER 24, 2022

A native of Omsk, Russia, Kloster came into focus after KrebsOnSecurity followed clues from the RSOCKS botnet master’s identity on the cybercrime forums to Kloster’s personal blog , which featured musings on the challenges of running a company that sells “security and anonymity services to customers around the world.”

Data breaches

Data breaches Ransomware Information Security Security

European Network and Information Security Agency Publishes Report on Data Breach Notification in the EU

Hunton Privacy

JANUARY 17, 2011

On January 14, 2011, the European Network and Information Security Agency (“ENISA”), which was created to enhance information security within the European Union, published a report entitled “ Data breach notifications in the EU ” (the “Report”).

Data breaches

Data breaches Information Security Security Privacy

MI5 chief warns of Chinese cyber espionage reached an unprecedented scale

Security Affairs

OCTOBER 22, 2023

During a meeting of security chiefs of the Five Eyes alliance held in California, McCallum told BBC that the Chinese cyber espionage reached an epic scale. “Another Chinese company is believed to have acquired stolen research data from a top UK university. ” reported BBC.

Military

Military Government Access Cybersecurity

British Court rejects the US’s request to extradite Julian Assange

Security Affairs

JANUARY 4, 2021

WikiLeaks founder Julian Assange should not be extradited to the US to stand trial, the Westminster Magistrates’ Court has rejected the US government’s request to extradite him on charges related to illegally obtaining and sharing classified material about national security. Pierluigi Paganini.

Military

Military Government Risk Passwords

German Federal Office for Information Security Issues Document on Data Protection and RFID

Hunton Privacy

JULY 20, 2010

On July 7, 2010, the German Federal Office for Information Security, the Bundesamt für Sicherheit in der Informationstechnik (“BSI”) , published a basic paper on data security and data protection for radio-frequency identification (“RFID”) applications.

Information Security

Information Security Paper Security Privacy

Microsoft seized 42 domains used by the China-linked APT15 cyberespionage group

Security Affairs

DECEMBER 7, 2021

APT15 has been active since at least 2010, it conducted cyber espionage campaigns against targets worldwide in several industries, including defense, high tech, energy, government, aerospace, and manufacturing. The seizure of the domains allowed Microsoft to sinkhole them to gather information about the victims of the cyberespionage group.

Manufacturing

Manufacturing Phishing Government Security

330K stolen payment cards and 895K stolen gift cards sold on dark web

Security Affairs

APRIL 8, 2021

The data included victims’ billing address and partial payment card data, including payment card number, expiration date, and bank name, but did not include the CVV or cardholder name. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here. .” ” concludes the post.”

Sales

Sales Security Information Security IT

Ex CIA employee Joshua Adam Schulte sentenced to 40 years in prison

Security Affairs

FEBRUARY 2, 2024

Olsen, the Assistant Attorney General for National Security; and James Smith, the Assistant Director in Charge of the New York Field Office of the Federal Bureau of Investigation (“FBI”), announced today that JOSHUA ADAM SCHULTE was sentenced to 40 years in prison by U.S. ” reads the press release published by DoJ.

Computer and Electronics

Computer and Electronics Data breaches IoT Archiving

VMware fixes critical SSRF flaw in Workspace ONE UEM Console

Security Affairs

DECEMBER 17, 2021

VMware released security patches for a critical server-side request forgery (SSRF) vulnerability in Workspace ONE UEM console. An attacker with network access to UEM could exploit the vulnerability to access sensitive data in the management console. and above 2010 Workspace ONE UEM patch 20.10.0.23 and above. .”

Access

Access Authentication Cloud Security

The author of FastPOS PoS malware pleads guilty

Security Affairs

AUGUST 1, 2020

Chiochiu was a member of the Infraud global cybercrime organization involved in stealing and selling credit card and personal identity data. The group is active since 2010, when it created in Ukraine by Svyatoslav Bondarenko. The main website was a crime forum that was founded in 2010, it first operated at infraud.cc

Personal data

Personal data Sales IT Access

China-linked APT BlackTech was spotted hiding in Cisco router firmware

Security Affairs

SEPTEMBER 27, 2023

BlackTech is a Chinese APT group that has been active since at least 2010 and that known for conducting cyber espionage campaigns in Asia aimed at entities in Hong Kong, Japan, and Taiwan. According to a joint cybersecurity advisory from the United States National Security Agency (NSA), the U.S. ” reads the joint advisory.

Cybersecurity

Cybersecurity Systems administration Access Government

FBI and CISA joint alert blames Russia’s Energetic Bear APT for US government networks hack

Security Affairs

OCTOBER 23, 2020

The US government declared that Russia-linked APT group Energetic Bear has breached US government networks and exfiltrated data. has been active since at least 2010 most of the victims of the group are organizations in the energy and industrial sectors. ” reads the advisory. printing access badges.

Government

Government Passwords Access Cybersecurity

German intelligence agency warns of China-linked APT27 targeting commercial organizations

Security Affairs

JANUARY 26, 2022

The APT27 group (aka Emissary Panda , TG-3390 , Bronze Union , and Lucky Mouse ) has been active since 2010, it targeted organizations worldwide, including U.S. defense contractors , financial services firms, and a national data center in Central Asia. .” reads the advisory published by the German intelligence.

Financial Services

Financial Services Access IT Security

ChromeLoader campaign uses VHD files disguised as cracked games and pirated software

Security Affairs

FEBRUARY 27, 2023

Researchers from Ahnlab Security Emergency Response Center ( ASEC ) recently uncovered a malware campaign distributing the ChromeLoader using VHD files. The malicious extension redirects users to an advertisement website and collects browsing data and credentials. ” reads the analysis published by ASEC.

Search queries

Search queries Ransomware Security IT

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

Data Matters

MARCH 12, 2019

Over the last few years, States have enacted increasingly aggressive legislation concerning data privacy and security, raising concerns that companies will be subject to a patchwork of different standards. Aligning the Safeguards Rule with State Regimes.

Privacy

Privacy IT Information Security Insurance

Experts linked ransomware attacks to China-linked APT27

Security Affairs

JANUARY 4, 2021

Researchers from security firms Profero and Security Joes linked a series of ransomware attacks to the China-linked APT27 group. Security researchers from security firms Profero and Security Joes investigated a series of ransomware attacks against multiple organizations and linked them to China-linked APT groups.

Ransomware

Ransomware Encryption Financial Services Cybersecurity

Russia-linked Energetic Bear APT behind San Francisco airport attacks

Security Affairs

APRIL 15, 2020

Security researchers from ESET revealed that the infamous Russian hacker group known as Energetic Bear is behind the hack of two San Francisco International Airport (SFO) websites. The Energetic Bear APT group has been active since at least 2010 most of the victims of the group are organizations in the energy and industrial sectors.

Passwords

Passwords Data breaches Access Security

Massachusetts Revises Information Security Regulations and Extends Deadline for Compliance

Hunton Privacy

AUGUST 20, 2009

On August 17, 2009, Massachusetts announced revisions to its information security regulations and extended the deadline for compliance with those regulations. ” First and foremost, the revisions emphasize a more flexible, risk-based approach to developing an information security program. .”

Information Security

Information Security Compliance Security Computer and Electronics

China-linked Budworm APT returns to target a US entity

Security Affairs

OCTOBER 13, 2022

The China-linked APT27 group has been active since 2010, it targeted organizations worldwide, including U.S. defense contractors , financial services firms, and a national data center in Central Asia. The attacks aimed at stealing sensitive data from the victims and attempted to launch supply chain attacks targeting their customers.

File names

File names Financial Services Manufacturing Libraries

CISA adds Ruckus bug and another six flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

MAY 16, 2023

US Cybersecurity and Infrastructure Security Agency (CISA) added seven new flaws to its Known Exploited Vulnerabilities catalog. It can also be exploited by supplying data to APIs in the specified component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. We are in the final!

IT

IT Cybersecurity Communications Security

The OpenSSL Project addressed three vulnerabilities

Security Affairs

FEBRUARY 18, 2021

The OpenSSL Project released security patches to address three vulnerabilities, two denial-of-service (DoS) flaws, and an incorrect SSLv2 rollback protection issue. In 2010, the Open SSL project addressed three vulnerabilities, including two DDoS issues rated high severity. The issue affects servers using OpenSSL 1.0.2

Encryption

Encryption Security IT Information Security

PoC Released for Critical CVE-2020-1147 flaw, SharePoint servers exposed to hack

Security Affairs

JULY 23, 2020

CVE-2020-1147 is a critical vulnerability in.NET Framework, SharePoint, and Visual Studio that was recently addressed by Microsoft with the release of the July 2020 Patch Tuesday security updates. ” reads the security advisory published by Microsoft. The CVE-2020-1147 vulnerability impacts.NET Core 2.1,NET NET Framework 2.0

Security

Security IT Information Security

Russian authorities arrested the kingpin of cybercrime Infraud Organization

Security Affairs

JANUARY 24, 2022

.’ In February 2008, the US authorities dismantled the global cybercrime organization tracked as Infraud Organization, which was involved in stealing and selling credit card and personal identity data. The group has been active since 2010 and was created in Ukraine by Svyatoslav Bondarenko. ” continues the press agency.

Ransomware

Ransomware Personal data IT Security

SAP systems are targeted within 72 hours after updates are released

Security Affairs

APRIL 6, 2021

On-premises SAP systems are targeted by threat actors within 72 hours after security patches are released, security SAP security firm Onapsis warns. According to a joint study published by Onapsis and SAP, on-premises SAP systems are targeted by threat actors within 72 hours after security patches are released.

Honeypots

Honeypots Compliance Cybersecurity Risk

Payment solutions giant Edenred announces malware infection

Security Affairs

NOVEMBER 22, 2019

The Group is independent since June 2010 following the split with Accor. The post Payment solutions giant Edenred announces malware infection appeared first on Security Affairs. Edenred is a French company specialized in prepaid corporate services. The company is reporting the incident to government regulators and authorities.

Cybersecurity

Cybersecurity Government IT Security

CIA elite hacking unit was not able to protect its tools and cyber weapons

Security Affairs

JUNE 17, 2020

A CIA elite hacking unit that developed cyber-weapons failed in protecting its operations, states an internal report on the Vault 7 data leak. “These shortcomings were emblematic of a culture that evolved over years that too often prioritized creativity and collaboration at the expense of security,” according to the report.

IT

IT Data breaches Systems administration Security

Privacy and Data Security Risks in Cloud Computing

Hunton Privacy

FEBRUARY 5, 2010

Cloud computing raises complex legal issues related to privacy and information security. In an article published on February 3, 2010, Lisa Sotto , Bridget Treacy and Melinda McLellan explore U.S. In an article published on February 3, 2010, Lisa Sotto , Bridget Treacy and Melinda McLellan explore U.S.

Cloud

Cloud Privacy Risk Security

Experts found 20 Million tax records for Russian citizens exposed online

Security Affairs

OCTOBER 1, 2019

Experts discovered an unprotected Elasticsearch cluster containing personally identifiable and tax information of Russian citizens exposed online. Security experts from Comparitech along with security researcher Bob Diachenko discovered 20 million tax records belonging to Russian citizens exposed online in clear text and without protection.

Phishing

Phishing Risk Access Security

The Cathay Pacific Breach: Is Data Protection and Cyber Security Law in Hong Kong About to Receive an Upgrade?

HL Chronicle of Data Protection

JUNE 17, 2019

On 6 June, 2019, the Privacy Commissioner for Personal Data (the “ PCPD “) issued an enforcement notice against Cathay Pacific Airways (and its affiliate Hong Kong Dragon Airlines) (together, “ Cathay Pacific “) in respect of a data breach concerning unauthorized access to the personal data of some 9.4

Personal data

Personal data Data breaches Security Compliance

M&A Due Diligence: The Devil in Their Data

Data Matters

NOVEMBER 16, 2017

Data Factor Drivers. Fifteen years ago, the risk of material business or legal exposure from state data breach notification and data protection laws in the US, EU and elsewhere was profoundly different than it is today. From customer lists to pricing models, data assets are increasingly invaluable to modern businesses.

Data breaches

Data breaches Cybersecurity Risk Compliance

OCR Issues Penalty for Noncompliance with HIPAA Privacy and Security Rules

Hunton Privacy

FEBRUARY 3, 2017

million civil monetary penalty against Children’s Medical Center of Dallas (“Children’s”) for alleged ongoing violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy and Security Rules, following two consecutive breaches of patient electronic protected health information (“ePHI”).

Privacy

Privacy Security Insurance Encryption

Most organizations have yet to fix CVE-2020-0688 Microsoft Exchange flaw

Security Affairs

MARCH 16, 2020

Security experts Simon Zuckerbraun from Zero Day Initiative published technical details on how to exploit the Microsoft Exchange CVE-2020-0688 along with a video PoC. The vulnerability impacts Microsoft Exchange 2010, 2013, 2016, and 2019. ” reads the report published by Kenna Security. This was not encouraging.

Authentication

Authentication Access Security Cybersecurity

BORN Ontario data breach impacted 3.4 million newborns and pregnancy care patients

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Webinars

Trending Sources

Hospitality Chain McMenamins discloses data breach after ransomware attack

Webinars

Volvo Cars suffers a data breach. Is it a ransomware attack?

Magecart hackers hide stolen credit card data into images and bogus CSS files

Wikileaks founder Julian Assange is free

US-based children’s clothing maker Hanna Andersson discloses a data breach

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Key aerospace player Safran Group leaks sensitive data

SBOMs: Securing the Software Supply Chain

Maryland Department of Labor discloses a data breach

German Federal Office for Information Security Issues Draft Framework Paper on Information Security for Cloud Computing

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

European Network and Information Security Agency Publishes Report on Data Breach Notification in the EU

MI5 chief warns of Chinese cyber espionage reached an unprecedented scale

British Court rejects the US’s request to extradite Julian Assange

German Federal Office for Information Security Issues Document on Data Protection and RFID

Microsoft seized 42 domains used by the China-linked APT15 cyberespionage group

330K stolen payment cards and 895K stolen gift cards sold on dark web

Ex CIA employee Joshua Adam Schulte sentenced to 40 years in prison

VMware fixes critical SSRF flaw in Workspace ONE UEM Console

The author of FastPOS PoS malware pleads guilty

China-linked APT BlackTech was spotted hiding in Cisco router firmware

FBI and CISA joint alert blames Russia’s Energetic Bear APT for US government networks hack

German intelligence agency warns of China-linked APT27 targeting commercial organizations

ChromeLoader campaign uses VHD files disguised as cracked games and pirated software

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

Experts linked ransomware attacks to China-linked APT27

Russia-linked Energetic Bear APT behind San Francisco airport attacks

Massachusetts Revises Information Security Regulations and Extends Deadline for Compliance

China-linked Budworm APT returns to target a US entity

CISA adds Ruckus bug and another six flaws to its Known Exploited Vulnerabilities catalog

The OpenSSL Project addressed three vulnerabilities

PoC Released for Critical CVE-2020-1147 flaw, SharePoint servers exposed to hack

Russian authorities arrested the kingpin of cybercrime Infraud Organization

SAP systems are targeted within 72 hours after updates are released

Payment solutions giant Edenred announces malware infection

CIA elite hacking unit was not able to protect its tools and cyber weapons

Privacy and Data Security Risks in Cloud Computing

Experts found 20 Million tax records for Russian citizens exposed online

The Cathay Pacific Breach: Is Data Protection and Cyber Security Law in Hong Kong About to Receive an Upgrade?

M&A Due Diligence: The Devil in Their Data

OCR Issues Penalty for Noncompliance with HIPAA Privacy and Security Rules

Most organizations have yet to fix CVE-2020-0688 Microsoft Exchange flaw

Stay Connected