2011, Data, Information Security and Security - Information Management Today

Twitter to Pay $150 Million to Settle Allegations of Data Misuse

Hunton Privacy

MAY 31, 2022

On May 25, 2022, Twitter reached a proposed $150 million settlement with the Department of Justice (“DOJ”) and the Federal Trade Commission to resolve allegations that the company deceptively used nonpublic user contact information obtained for account security purposes to serve targeted ads to Twitter users.

Privacy

Privacy Information Security Data Privacy Compliance

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Security Affairs

AUGUST 6, 2023

The Colorado Department of Higher Education (CDHE) finally disclosed a data breach impacting students, past students, and teachers after the June attack. In June a ransomware attack hit the Colorado Department of Higher Education (CDHE), now the organization disclosed a data breach.

Education

Education Data breaches Ransomware Access

Happy 10th Birthday, Security Affairs

Security Affairs

NOVEMBER 15, 2021

I launched Security Affairs for passion in 2011 and millions of readers walked with me. Ten years ago I launched Security Affairs, the blog over the past decade obtained important successes in the cyber security community, but the greatest one is your immense affection. SecurityAffairs – hacking, Security Affairs).

Security

Security Cybersecurity IT Data breaches

Webinars

Improving the Accuracy of Generative AI Systems: A Structured Approach

MORE WEBINARS

Air India suffered a data breach, 4.5 million customers impacted

Security Affairs

MAY 22, 2021

Air India disclosed a data breach that impacted roughly 4.5 Air India has disclosed a data breach that impacted 4.5 million of its customers, exposed data includes the personal information of customers registered between August. 26, 2011 and February. Air India has disclosed a data breach that impacted 4.5

Data breaches

Data breaches Passwords Personal data Cybersecurity

NUVOLA: the new Cloud Security tool

Security Affairs

SEPTEMBER 28, 2022

nuvola is the new open-source cloud security tool to address the privilege escalation in cloud environments. nuvola is the new open source security tool made by the Italian cyber security researcher Edoardo Rosa ( @_notdodo_ ), Security Engineer at Prima Assicurazioni. Cloud Security Context.

Cloud

Cloud Security Metadata Data breaches

Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities

Security Affairs

APRIL 22, 2024

The threat actor said that he stole the database in March and threatened to publish the data online. The threat actors shared a portion of the stolen data with TechCrunch as proof of the hack, it includes records on current and former government officials, diplomats, and politically exposed people. LSEG acquired Refinitiv is 2021.

Risk

Risk Archiving Access Privacy

Facebook (Meta) to settle Cambridge Analytica data leak for $725M

Security Affairs

DECEMBER 27, 2022

Facebook (Meta) has agreed to pay $725 million to settle the class-action lawsuit filed in 2018 over the Cambridge Analytica data leak. Facebook (Meta) has agreed to pay $725 million to settle a class-action lawsuit filed in 2018 over the Cambridge Analytica data leak. data privacy class action. Pierluigi Paganini.

Privacy

Privacy Analytics Data Privacy Personal data

Facebook (Meta) to settle Cambridge Analytica data leak for $725M

Security Affairs

DECEMBER 27, 2022

Facebook (Meta) has agreed to pay $725 million to settle the class-action lawsuit filed in 2018 over the Cambridge Analytica data leak. Facebook (Meta) has agreed to pay $725 million to settle a class-action lawsuit filed in 2018 over the Cambridge Analytica data leak. data privacy class action. Pierluigi Paganini.

Privacy

Privacy Analytics Data Privacy Personal data

Email accounts of the International Monetary Fund compromised

Security Affairs

MARCH 18, 2024

The International Monetary Fund (IMF) disclosed a security breach, threat actors compromsed 11 email accounts earlier this year. The impacted email accounts were re-secured. ” The agency has already secured the compromised email accounts and added that it is not aware of further compromise beyond them.

Cybersecurity

Cybersecurity Security IT Data breaches

Mitsubishi Electric discloses data breach, media blame China-linked APT

Security Affairs

JANUARY 20, 2020

Mitsubishi Electric disclosed a security breach that might have exposed personal and confidential corporate information. Mitsubishi Electric disclosed a security breach that might have exposed personal and confidential corporate data. “According to people involved, Chinese hackers Tick may have been involved.

Data breaches

Data breaches Computer and Electronics Government Manufacturing

April 2021 Security Patch Day fixes a critical flaw in SAP Commerce

Security Affairs

APRIL 15, 2021

April 2021 Security Patch Day includes 14 new security notes and 5 updates to previously released notes, one of them fixes a critical issue in SAP Commerce. SAP Security Note #3040210 , tagged with a CVSS score of 9.9 SAP Security Note #3040210 , tagged with a CVSS score of 9.9

Security

Security IT Information Security

Key aerospace player Safran Group leaks sensitive data

Security Affairs

MARCH 15, 2023

Original post at [link] The Cybernews research team recently discovered that the French-based multinational aviation company, the eighth largest aerospace supplier worldwide, was leaking sensitive data due to a misconfiguration of its systems. The vulnerability left the company at risk from cyberattacks over an extended period of time.

Manufacturing

Manufacturing Access Risk IT

Critical bug in decoder used by popular chipsets exposes 2/3 of Android devices to hack

Security Affairs

APRIL 21, 2022

Security researchers at Check Point Research have discovered a critical remote code execution that affects the implementation of the Apple Lossless Audio Codec (ALAC) in Android devices running on Qualcomm and MediaTek chipsets. The ALAC is an audio coding format developed by Apple for lossless data compression of digital music.

Access

Access Cybersecurity Security IT

Sotto Discusses Epsilon Breach with Information Security Media Group

Hunton Privacy

APRIL 19, 2011

On April 5, 2011, Lisa Sotto , partner and head of the Privacy and Data Security practice at Hunton & Williams LLP, discussed the Epsilon email breach in an interview with Tracy Kitten of Information Security Media Group. Download the podcast now.

Information Security

Information Security Security Privacy

German Federal Office for Information Security Issues Draft Framework Paper on Information Security for Cloud Computing

Hunton Privacy

OCTOBER 11, 2010

On September 28, 2010, the German Federal Office for Information Security , (the Bundesamt für Sicherheit in der Informationstechnik or “BSI”) released a draft framework paper on information security issues related to cloud computing. Service provider security management requirements. ID and rights management.

Information Security

Information Security Paper Cloud Security

US man sentenced to 4 years in prison for his role in Infraud scheme

Security Affairs

MAY 29, 2022

A man from New York was sentenced to four years in prison for trading stolen credit card data and assisting the Infraud Organization. The transnational cybercrime ring was engaged in the mass acquisition and sale of fraud-related goods and services, including stolen identities, compromised credit card data, and computer malware.

Sales

Sales Personal data Cybersecurity Security

European Network and Information Security Agency Publishes Report on Data Breach Notification in the EU

Hunton Privacy

JANUARY 17, 2011

On January 14, 2011, the European Network and Information Security Agency (“ENISA”), which was created to enhance information security within the European Union, published a report entitled “ Data breach notifications in the EU ” (the “Report”).

Data breaches

Data breaches Information Security Security Privacy

ENISA published “Proactive detection – Measures and information sources” report

Security Affairs

MAY 31, 2020

The EU Agency for Cybersecurity ENISA has published a new report and accompanying repository on measures and information sources that could help security experts and operators of IT and critical infrastructure to proactively detect network security incidents in the EU. 2- Report – Measures and information sources.

Cybersecurity

Cybersecurity Security IT Information Security

Peruvian Privacy Law Expected by July 28, 2011

Hunton Privacy

JUNE 14, 2011

On June 7, 2011, the Congress of the Republic of Peru passed the Personal Data Protection Law ( Ley de Protección de Datos Personales, Proyecto de Ley 4079/2009-PE). Require consent for the processing of personal data. Restrict the cross-border transfer of personal data. Restrict the monitoring of communications.

Privacy

Privacy Personal data Communications Government

US Treasury FinCEN linked $5.2 billion in BTC transactions to ransomware payments

Security Affairs

OCTOBER 16, 2021

FinCEN analyzed a data set composed of 2,184 SARs filed between 1 January 2011 and 30 June 2021 and identified 177 CVC (convertible virtual currency) wallets addresses that were used in ransomware operations associated with the above ransomware variants. ” reads the report published by FinCEN. Pierluigi Paganini.

Ransomware

Ransomware Security Information Security IT

US DoJ indicts four members of China-linked APT40 cyberespionage group

Security Affairs

JULY 19, 2021

US DoJ indicted four members of the China-linked cyberespionage group known as APT40 for hacking various entities between 2011 and 2018. The malware was used to gain an initial foothold in the target network, establish persistence, make lateral movements, and steal sensitive data. Ltd. (????) . ” states DoJ. Pierluigi Paganini.

Government

Government Cybersecurity Security Access

VMware fixes critical SSRF flaw in Workspace ONE UEM Console

Security Affairs

DECEMBER 17, 2021

VMware released security patches for a critical server-side request forgery (SSRF) vulnerability in Workspace ONE UEM console. An attacker with network access to UEM could exploit the vulnerability to access sensitive data in the management console. and above 2011 Workspace ONE UEM patch 20.11.0.40 and above. .”

Access

Access Authentication Cloud Security

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Data Matters

JUNE 24, 2021

In the Order, the SEC alleges that First American’s disclosures concerning the vulnerability were deficient because senior executives were not provided all available and relevant information, specifically that First American’s information security personnel had identified and failed to remediate the vulnerability months earlier in January 2019.

Cybersecurity

Cybersecurity Financial Services Risk Compliance

Anonymous hacked Russian PSCB Commercial Bank and companies in the energy sector

Security Affairs

APRIL 29, 2022

OpRussia continues, less than a week after my last update Anonymous has hacked other Russian companies and leaked their data via DDoSecrets. The #OpRussia launched by Anonymous on Russia after the criminal invasion of Ukraine continues, the collective claims to have published more than 6 TB of Russian data via DDoSecrets.

ECM

ECM Archiving Government Cybersecurity

Privacy Blog Ranked as One of Best Legal Blogs

Hunton Privacy

DECEMBER 8, 2016

Hunton & Williams LLP is proud to announce our Privacy & Information Security Law Blog has been named the top Cybersecurity and Information Privacy blog by The Expert Institute and #2 overall Best AmLaw Blog of 2016. Judges noted that the “privacy blog influences global privacy and data security developments.”.

Privacy

Privacy Information Security Cybersecurity Security

Google obtained a temporary court order against CryptBot distributors

Security Affairs

APRIL 28, 2023

CryptBot malware is active since at least 2019, it allows operators to steal sensitive data from the Google Chrome of the infected systems. The malware allows operators to steal login credentials from popular services such as social media platforms and cryptocurrency wallets, then stolen data is sold on cybercrime forums by the operators.

Blockchain

Blockchain Mining Education IT

Three Italian universities hacked by LulzSec_ITA collective

Security Affairs

FEBRUARY 13, 2020

The hacktivists claim that once hacked the universities did not disclose the data breach and attempted to hide the incident, violating the European Privacy Law GDPR. If the concept of security does not start from our schools, how can we have a better ruling class than the current one? Pierluigi Paganini.

Data breaches

Data breaches GDPR Education Passwords

Crooks use carding bots to check stolen card data ahead of the holiday season

Security Affairs

NOVEMBER 17, 2019

With the advent of this year’s holiday shopping season are cybercriminals are using carding bots to test stolen payment card data before using them. Cybercriminals need to test the validity of the stolen card data before carrying out fraudulent transactions or selling them during the holiday shopping season. Pierluigi Paganini.

Retail

Retail Cloud Access IT

Facebook’s $90M Privacy Deal Gets Final Nod Over Objections

Hunton Privacy

NOVEMBER 16, 2022

million will be for attorney fees, and delete certain “wrongfully collected” data. This settlement brings an end to litigation going back to 2011. Under the order granting plaintiffs’ motion for final approval of the class action settlement and attorney fees, Facebook must pay $90 million dollars in settlements, of which $26.1

Privacy

Privacy Information Security Security

Hundreds of millions of Facebook users’ phone numbers exposed online

Security Affairs

SEPTEMBER 5, 2019

The data was found by Sanyam Jain, a security researcher and member of the GDI Foundation, who contacted TechCrunch because he was able to contact the owner of the archive. . Data were contained in multiple databases stored on an unsecured server exposed online. SecurityAffairs – privacy, data leak). Pierluigi Paganini.

Privacy

Privacy Archiving Passwords Access

YTStealer info-stealing malware targets YouTube content creators

Security Affairs

JUNE 29, 2022

Once gained access to the YouTube studio, the malware grabs information about the user’s channels, including the channel name, the number of subscribers, their creation date, its verification status and if it is monetized. Aparat is an Iranian video-sharing site that was founded in 2011. All the results were under the domain aparat[.]com.

Authentication

Authentication Libraries Encryption Marketing

Privacy Blog Nominated – Vote to Help Us Win!

Hunton Privacy

NOVEMBER 11, 2016

Hunton & Williams LLP is proud to announce our Privacy & Information Security Law Blog has been nominated in The Expert Institute’s 2016 Best Legal Blog Contest for Best AmLaw Blog of 2016. It was noted that the “privacy blog influences global privacy and data security developments.”. Only Three Days Left to Vote!

Privacy

Privacy Information Security Security IT

Google disrupts the Glupteba botnet

Security Affairs

DECEMBER 7, 2021

The blockchain-enabled botnet has been active since at least 2011, researchers estimate that the Glupteba botnet is currently composed of more than 1 million Windows PCs around the world. The post Google disrupts the Glupteba botnet appeared first on Security Affairs. ” reads the post published by Google. Pierluigi Paganini.

Blockchain

Blockchain Mining Cloud Access

Copycat Criminals mimicking Lockbit gang in northern Europe

Security Affairs

JANUARY 28, 2023

Once they have access, they use a variety of tools and techniques to move laterally throughout the network, compromising systems and stealing sensitive data. Once an environment is infected, the victim is sent to the gang payment site managed by the ransomware developers who threaten to leak the victim’s data to extort further payments.

Ransomware

Ransomware Phishing Encryption Access

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

Security Affairs

JANUARY 25, 2020

This week, Mitsubishi Electric disclosed a security breach that might have exposed personal and confidential corporate data. According to the company, attackers did not obtain sensitive information about defense contracts. ” reads the security advisory published by Trend Micro in October 2019. reported the Nikkei.

Manufacturing

Manufacturing Data breaches Sales Access

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Numerous strains of this destructive code have been the front-page news in global computer security chronicles for almost a decade now, with jaw-dropping ups and dramatic downs accompanying its progress. They added data theft to the classic encryption scenario. To top it off, some of them have created special websites for data dumps.

Ransomware

Ransomware Encryption Privacy Security awareness

Nominate Hunton’s Privacy Blog for the ABA Journal’s Web 100 Amici Award

Hunton Privacy

JULY 25, 2017

We hope you will continue to show your support for Hunton & Williams’ Privacy & Information Security Law blog by nominating the blog for this award. One commentator noted that the Hunton “privacy blog influences global privacy and data security developments.”.

Privacy

Privacy Information Security Cybersecurity Access

Privacy Blog Nominated for Best AmLaw Blog of 2016 – Please Vote To Help Us Win!

Hunton Privacy

OCTOBER 27, 2016

Hunton & Williams LLP is proud to announce our Privacy & Information Security Law Blog has been nominated in The Expert Institute’s 2016 Best Legal Blog Contest for Best AmLaw Blog of 2016. It was noted that the “privacy blog influences global privacy and data security developments.”. Click to vote.

Privacy

Privacy Information Security Security IT

Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering

Security Affairs

MAY 6, 2024

Alexander Vinnik , a Russian national, pleaded guilty to conspiracy to commit money laundering for his involvement in operating the cryptocurrency exchange BTC-e from 2011 to 2017. BTC-e collected virtually no customer data at all, which made the exchange attractive to those who desired to conceal criminal proceeds from law enforcement.”

Computer and Electronics

Computer and Electronics Ransomware Marketing IT

Iran-linked APT35 accidentally exposed 40 GB associated with their operations

Security Affairs

JULY 17, 2020

Researchers at IBM X-Force Incident Response Intelligence Services (IRIS) discovered an unsecured server belonging to Iran-linked APT35 group (aka ITG18, Charming Kitten , Phosphorous, and NewsBeef ) containing data for many domains managed by the threat actor. Some of the videos were showing how to exfiltrate data (i.e.

Military

Military Authentication Cloud IT

Glupteba botnet is back after Google disrupted it in December 2021

Security Affairs

DECEMBER 19, 2022

The blockchain-enabled botnet has been active since at least 2011, researchers estimated that the Glupteba botnet was composed of more than 1 million Windows PCs around the world as of December 2021. The post Glupteba botnet is back after Google disrupted it in December 2021 appeared first on Security Affairs. Pierluigi Paganini.

Blockchain

Blockchain IT Mining Security

Essential guidance to implementing an effective IT Governance system

IT Governance

APRIL 5, 2018

While most organisations believe that their information security systems are secure, often the reality is that they are not. Faced with these increasing information security threats, organisations have an urgent need to adopt IT governance best practice strategies. What is IT governance?

Government

Government IT Compliance Information Security

PyMICROPSIA Windows malware includes checks for Linux and macOS

Security Affairs

DECEMBER 15, 2020

AridViper is an Arabic speaking APT group that is active in the Middle East since at least 2011. ’ PyMICROPSIA uses Python libraries to implements multiple operations, including data theft, Windows process and systems interaction. ” Pierluigi Paganini. SecurityAffairs – hacking, Arid Viper).

Communications

Communications Libraries IT Security

German authorities raid the offices of the FinFisher surveillance firm

Security Affairs

OCTOBER 14, 2020

Since 2011 it was employed in attacks aimed at Human Rights Defenders (HRDs) in many countries, including Bahrain, Ethiopia, UAE, and more. It allows to use the users’ devices as a spying tool, it can control both webcam and microphone, to spy on communications and exfiltrate data stored on the infected systems. Pierluigi Paganini.

Sales

Sales Communications Privacy IT

Twitter to Pay $150 Million to Settle Allegations of Data Misuse

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Webinars

Trending Sources

Happy 10th Birthday, Security Affairs

Webinars

Air India suffered a data breach, 4.5 million customers impacted

NUVOLA: the new Cloud Security tool

Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities

Facebook (Meta) to settle Cambridge Analytica data leak for $725M

Facebook (Meta) to settle Cambridge Analytica data leak for $725M

Email accounts of the International Monetary Fund compromised

Mitsubishi Electric discloses data breach, media blame China-linked APT

April 2021 Security Patch Day fixes a critical flaw in SAP Commerce

Key aerospace player Safran Group leaks sensitive data

Critical bug in decoder used by popular chipsets exposes 2/3 of Android devices to hack

Sotto Discusses Epsilon Breach with Information Security Media Group

German Federal Office for Information Security Issues Draft Framework Paper on Information Security for Cloud Computing

US man sentenced to 4 years in prison for his role in Infraud scheme

European Network and Information Security Agency Publishes Report on Data Breach Notification in the EU

ENISA published “Proactive detection – Measures and information sources” report

Peruvian Privacy Law Expected by July 28, 2011

US Treasury FinCEN linked $5.2 billion in BTC transactions to ransomware payments

US DoJ indicts four members of China-linked APT40 cyberespionage group

VMware fixes critical SSRF flaw in Workspace ONE UEM Console

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Anonymous hacked Russian PSCB Commercial Bank and companies in the energy sector

Privacy Blog Ranked as One of Best Legal Blogs

Google obtained a temporary court order against CryptBot distributors

Three Italian universities hacked by LulzSec_ITA collective

Crooks use carding bots to check stolen card data ahead of the holiday season

Facebook’s $90M Privacy Deal Gets Final Nod Over Objections

Hundreds of millions of Facebook users’ phone numbers exposed online

YTStealer info-stealing malware targets YouTube content creators

Privacy Blog Nominated – Vote to Help Us Win!

Google disrupts the Glupteba botnet

Copycat Criminals mimicking Lockbit gang in northern Europe

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Nominate Hunton’s Privacy Blog for the ABA Journal’s Web 100 Amici Award

Privacy Blog Nominated for Best AmLaw Blog of 2016 – Please Vote To Help Us Win!

Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering

Iran-linked APT35 accidentally exposed 40 GB associated with their operations

Glupteba botnet is back after Google disrupted it in December 2021

Essential guidance to implementing an effective IT Governance system

PyMICROPSIA Windows malware includes checks for Linux and macOS

German authorities raid the offices of the FinFisher surveillance firm

Stay Connected