Security Affairs

APRIL 22, 2019

The experts also observed a significant increase in the number of unique bots and trolls (+48%) from the previous day, a circumstance that suggests the involvement of an army of dormant Twitter bot accounts previously created. Data collected by SafeGuard confirm the intensification of the presence of Russian bots on Twitter.

Advertising 103

Advertising Media Data collection Accountability 103

eSecurity Planet

DECEMBER 1, 2021

Businesses that have spent the past three-plus years adapting to the European Union’s far-reaching data privacy law now have to decide how they will respond to a similar law in China that has been criticized as being more vague in its wording and harsher in its penalties. Also read: Top GRC Tools & Software for 2021. PIPL vs. GDPR.

Data privacy 131

Data privacy Data collection Accountability Software 131

Security Affairs

NOVEMBER 15, 2022

“Google misled its users into thinking they had turned off location tracking in their account settings, when, in fact, Google continued to collect their location information. Location data represent the core of the digital advertising business of the IT giant. ” reads the DoJ’s press release. not hidden); and.

Consumer Protection 98

Consumer Protection Accountability Data collection Advertising 98

Security Affairs

NOVEMBER 19, 2019

Ransomware accounted for over half of all malicious mailings in H1 2019, Troldesh aka Shade being the most popular tool among cybercriminals. In 2017, password-protected archives accounted for only 0.08% of all malicious objects. In 2018, their number grew to 3.6%, while in H1 2019 saw an unusual rise of up to 27.8%.

Ransomware 90

Ransomware Antivirus Malware Banking 90

Security Affairs

NOVEMBER 16, 2018

Hong Kong, 16.11.2018 – Group-IB, an international company that specializes in preventing cyber attacks, presented the findings of its latest Hi-Tech Crime Trends 2018 report at the FinTech Security Conference in Hong Kong organized by Binary Solutions Limited in partnership with Group-IB. Attacks on Crypto.

Cybercrime 106

Cybercrime Hacking Banking Phishing 106

Security Affairs

NOVEMBER 17, 2018

link ) was posted on Pastebin , the hacker claims to have compromised user’s email and also accused ProtonMail of sending user’s decrypted data to American servers. AmFearLiathMor also wrote that ProtonMail hasn’t configured the mandatory Subresource Integrity ( SRI ) allowing tampering and data collection.

Scams 111

Scams Hacking Data collection Advertising 111

Security Affairs

OCTOBER 10, 2018

Security firm Group-IB has estimated that in H2 2017-H1 2018 cyber attacks caused $49.4 Group-IB, an international company that specializes in preventing cyber attacks, has estimated that in H2 2017-H1 2018 cyber attacks caused $49.4 million (2.96 billion rubles) of damage to Russia’s financial sector. million (2.96 million (2.96

Cyber Attacks 105

Cyber Attacks Banking Cyber threats Phishing 105

Security Affairs

NOVEMBER 17, 2018

Group-IB Threat Intelligence continuously detects and analyses data uploaded to card shops all over the world,” – said Dmitry Shestakov, Head of Group-IB ?ybercrime According to Group-IB’s annual Hi-Tech Crime Trends 2018 report, on average, from June 2017 to August 2018, 1.8 ybercrime research unit.

Banking 111

Banking Cybercrime Advertising Data collection 111

Security Affairs

JANUARY 2, 2023

Google misled its users into thinking they had turned off location tracking in their account settings, when, in fact, Google continued to collect their location information. According to the article, there are two settings responsible for the location data collection, the “Location History” and “Web & App Activity”.

Consumer Protection 98

Consumer Protection Surveillance Data collection Accountability 98

Schneier on Security

MARCH 13, 2019

It even collects what it calls " shadow profiles " -- data about you even if you're not a Facebook user. This data is combined with other surveillance data the company buys, including health and financial data. Collecting and saving less of this data would be a strong indicator of a new direction for the company.

Advertising 244

Advertising Surveillance Engineering Encryption 244

Security Affairs

OCTOBER 15, 2018

This information was first made public by experts from Group-IB’s Brand Protection team at the CyberCrimeCon 2018 international cybersecurity conference. Scammers create fake websites of known brands, fraudulent promotional campaigns, and fake accounts on social media. billion in 2017, compared to $1.2 billion in 2016.

Marketing 97

Marketing Media Phishing Engineering 97

Malwarebytes

DECEMBER 16, 2021

The fine covers the period from July 2018, when the “Law on the Processing of Personal Data (Personal Data Act)” was established, until April 2020, when Grindr changed the consent solution. Nevertheless, this is the highest fee to date from the Norwegian Data Protection Authority.

Advertising 110

Advertising Marketing Data collection Mobile 110

eSecurity Planet

SEPTEMBER 24, 2021

Rapid7 combines threat intelligence , security research, data collection, and analytics in its comprehensive Insight platform, but how does its detection and response solution – InsightIDR – compare to other cybersecurity solutions? On Gartner Peer Insights, Rapid7 has nearly 700 reviews in a handful of solution categories.

DNS 131

DNS Technology Cybersecurity Data collection 131

Security Affairs

MARCH 7, 2019

” In April 2018, Akamai reported that threat actors compromised 65,000 home routers by exploiting vulnerabilities in Universal Plug’N’Play (UPnP) , experts tracked the botnet as UPnProxy. In December 2018 the company provided an update to its initial analysis revealing a disconcerting scenario, UPnProxy is still up and running.

Cyber Attacks 102

Cyber Attacks Advertising Firmware Data collection 102

eSecurity Planet

APRIL 26, 2022

Company Sector Year Status Vicarius Vulnerability management 2022 Private Dragos ICS and OT security 2021 Private Safeguard Cyber Risk management 2021 Private CyberGRX Risk management 2019 Private Signifyd Fraud protection 2018 Private RedOwl Security analytics 2015 Acquired: Forcepoint. Accel Investments. Andreessen Horowitz (a16z).

Cybersecurity 128

Cybersecurity Technology Marketing Healthcare 128

CyberSecurity Insiders

APRIL 30, 2021

where fraudsters impersonated a trusted business partner , manipulat ing the CEO into transferring $243,000 to the scammers’ account. . Deepfakes first came into prominence in 2018 when a developer adapted AI techniques to create software that can swap one person’s face for another.

Technology 93

Technology Authentication Media Accountability 93

Troy Hunt

DECEMBER 19, 2017

The site asks you for some personal information when you create the account which it then stores in a database. Who now owns that data? This is an important question because it drives the way organisations then treat that data. Data Collection Should be Minimised, Not Maximisation. The cat site?

Data breaches 157

Data breaches Data collection B2B Mobile 157

Malwarebytes

MARCH 3, 2021

Detailed credentials for more than 21 million mobile VPN app users were swiped and advertised for sale online last week, offered by a cyber thief who allegedly stole user data collected by the VPN apps themselves. The data leak of SuperVPN, GeckoVPN, and ChatVPN. link] — Troy Hunt (@troyhunt) February 28, 2021.

VPN 145

VPN Passwords Internet Internet 145

Thales Cloud Protection & Licensing

MAY 22, 2024

The regulation didn't just introduce new rules—it upended the entire approach to data privacy. Users should be able to opt in and agree to specific data collection while consenting to the scoped processing purpose. Implementing MFA adds an extra layer of security, ensuring that only authorized users can access their accounts.

Data collection 62

Data collection Data privacy Encryption Authentication 62

SecureList

OCTOBER 7, 2022

In late 2018, we discovered a sophisticated espionage framework, which we dubbed “ TajMahal “ It consists of two different packages, self-named “Tokyo” and “Yokohama”, and is capable of stealing a variety of data, including data from CDs burnt on the victim’s machine and documents sent to the printer queue.

Malware 145

Malware Computers and Electronics Telecommunications Encryption 145

CyberSecurity Insiders

MAY 2, 2023

It amends the 2018 California Consumer Privacy Act (CCPA) introduced in response to rising consumer data privacy concerns. It has significantly impacted data collection and handling practices, giving consumers more control over how businesses handle their data. On the other hand, the CPRA relies on opt-out consent.

Data collection 52

Data collection Data breaches Password Management Data privacy 52

eSecurity Planet

OCTOBER 11, 2022

In the world of cybersecurity, the path of least resistance has consistently been shown to be the human element, specifically user accounts with enough access privileges or credentials for the cybercriminal to execute their plan. Compromised employee account login information was also the costliest infection vector for enterprises.

Advertising 125

Advertising Cybersecurity DDOS Data breaches 125

eSecurity Planet

FEBRUARY 16, 2024

Reconnaissance Reconnaissance is the starting point of Volt Typhoon’s cyber campaign, characterized by thorough planning and data collection. LotL emerged in 2018 and became a popular strategy among malicious actors due to its effectiveness in ensuring covert persistence and discovery evasion.

Internet 113

Internet Internet Network Security Cybersecurity 113

Malwarebytes

JANUARY 16, 2024

Together, CWRU and the FBI were able to identify that an IP address with which the malware was communicating had also been used to access the alumni email account of a man called Phillip Durachinsky. The IP address was linked to the malware using data collected by CWRU, Malwarebytes, and AT&T.)

Malware 112

Malware Passwords Identity Theft Data collection 112

SC Magazine

JULY 12, 2021

Jared Polis, at the time Colorado’s governor-elect, speaks at a 2018 election night rally. Of course, it can be tricky to know precisely what to teach when there are so many different privacy regulations to account for. The data is what is going to drive this,” said Rakoski. Photo by Rick T. Wilking/Getty Images).

Education 109

Education Security Awareness Data privacy Social Engineering 109

SecureWorld News

MAY 4, 2021

Three years ago, on May 25, 2018, the European Union's General Data Protection Regulation (GDPR) went into effect. California led the charge, adopting the California Consumer Privacy Act of 2018 (CCPA), followed by revisions to the CCPA in November 2020 with the ballot initiative, the California Privacy Rights Act (CPRA).

Data privacy 98

Data privacy Data collection Government Accountability 98

Centraleyes

DECEMBER 19, 2024

million fine by the Dutch Data Protection Authority (DPA). The fine stems from the company’s failure to clearly explain its data practices to users between 2018 and 2020highlighting a key issue that has been in the spotlight ever since the GDPR was introduced. Netflix has been hit with a 4.75 What Went Wrong? Whats Next?

Data privacy 52

Data privacy Data collection Accountability 52

Security Affairs

JANUARY 27, 2020

JavaScript-sniffers (JS-sniffers) targeting ecommerce websites is a type of malicious JavaScript code, designed to steal customer payment and personal data such as credit card numbers, names, addresses, logins, phone numbers, and credentials from payment systems, and etc. Group-IB has been tracking the GetBilling JS-sniffer family since 2018.

Cybercrime 101

Cybercrime Marketing eCommerce Advertising 101

Centraleyes

OCTOBER 10, 2024

The General Data Protection Regulation (GDPR) is a comprehensive data protection law enacted by the European Union (EU) in 2018. Its primary aim is to safeguard the personal data of EU residents and regulate how businesses and organizations process this data.

Data collection 52

Data collection Data breaches Data privacy Risk 52

Thales Cloud Protection & Licensing

JULY 11, 2019

Since the General Data Protection Regulation (GDPR) took effect on May 25th last year, data protection has become a very hot topic. On May 22, 2019, the European Commission published an infographic on compliance with and enforcement of the GDPR from May 2018 to May 2019 and it is clear that a lot of work still needs to be done.

Risk 97

Risk Encryption Accountability Government 97

SecureList

MARCH 13, 2024

Global detection figures: affected users Using global and regional statistics, Kaspersky has been able to compare data collected in 2023 with the previous four years. Diagram 1 below shows how this number varied year to year starting in 2018. Do not share your online account passwords with anyone.

Mobile 107

Mobile Passwords Surveillance Technology 107

SecureList

OCTOBER 25, 2023

This archive is discreetly hosted on legitimate websites, cleverly disguised as firmware binaries for enigmatic devices labeled “m100” The Bitbucket repository was created on June 21, 2018, under the account of Julie Heilman, and it remains the sole repository associated with this profile.

Malware 145

Malware DNS Encryption Ransomware 145

SecureList

SEPTEMBER 28, 2022

As we noted in 2018, there are many similarities between their ATM and PoS versions. With the patch in place, the malware collects the data from TRACK2, such as the account number and expiration date, in addition to other cardholder information needed to perform fraudulent transactions. Initial infection vector.

Malware 138

Malware Banking Software Encryption 138

eSecurity Planet

MARCH 17, 2022

Unlimited cloud accounts and users, and monthly down to hourly cloud scans Data retention options between 30 days and 18 months Business hours support and compliance reports for GDPR , PCI, HIPAA, and more Container scanning with CI/CD and registry integrations Infrastructure-as-Code (IaC) security scanning for Terraform and AWS CloudFormation.

Penetration Testing 109

Penetration Testing Software Risk Firewall 109

Elie

APRIL 23, 2018

the talk I gave at RSA 2018. This struggle to collect abusive content accurately exists all across the board whether it is for reviews, comments, fake accounts or network attacks. Collecting ground truth with honeypots : Honeypots. controlled settings ensure you that they will only collect attacks. slides here.

Phishing 90

Phishing Data collection Accountability Architecture 90

Spinone

JULY 3, 2020

and you interact with their data in any way – you fall under the GDPR. You can remember the massive story with Facebook’s misuse of customer information in 2018; other big players like British Airways and Marriott International have also suffered from €200 million and €99 million GDPR fines , respectively.

Data breaches 52

Data breaches Marketing Data collection Antivirus 52

Security Boulevard

MAY 21, 2024

As described in his talk, account takeover is not limited to Mimikatz. Attackers can take over accounts via many techniques within the Credential Access Tactic category, such as LSASS Credential Dumping , Token Impersonation (not sure why this is not considered a Credential Access Technique), etc.

Computers and Electronics 59

Computers and Electronics Engineering Accountability System Administration 59