eSecurity Planet

DECEMBER 1, 2021

Businesses that have spent the past three-plus years adapting to the European Union’s far-reaching data privacy law now have to decide how they will respond to a similar law in China that has been criticized as being more vague in its wording and harsher in its penalties. Also read: Top GRC Tools & Software for 2021. PIPL vs. GDPR.

Data privacy 130

Data privacy Data collection Accountability Software 130

Security Affairs

NOVEMBER 15, 2022

“Google misled its users into thinking they had turned off location tracking in their account settings, when, in fact, Google continued to collect their location information. Location data represent the core of the digital advertising business of the IT giant. ” reads the DoJ’s press release. not hidden); and.

Consumer Protection 98

Consumer Protection Accountability Data collection Advertising 98

Security Affairs

NOVEMBER 16, 2018

Hong Kong, 16.11.2018 – Group-IB, an international company that specializes in preventing cyber attacks, presented the findings of its latest Hi-Tech Crime Trends 2018 report at the FinTech Security Conference in Hong Kong organized by Binary Solutions Limited in partnership with Group-IB. Attacks on Crypto.

Cybercrime 108

Cybercrime Hacking Banking Phishing 108

Security Affairs

NOVEMBER 17, 2018

link ) was posted on Pastebin , the hacker claims to have compromised user’s email and also accused ProtonMail of sending user’s decrypted data to American servers. AmFearLiathMor also wrote that ProtonMail hasn’t configured the mandatory Subresource Integrity ( SRI ) allowing tampering and data collection.

Scams 111

Scams Hacking Data collection Advertising 111

Security Affairs

OCTOBER 10, 2018

Security firm Group-IB has estimated that in H2 2017-H1 2018 cyber attacks caused $49.4 Group-IB, an international company that specializes in preventing cyber attacks, has estimated that in H2 2017-H1 2018 cyber attacks caused $49.4 million (2.96 billion rubles) of damage to Russia’s financial sector. million (2.96 million (2.96

Cyber Attacks 108

Cyber Attacks Banking Cyber threats Phishing 108

Security Affairs

NOVEMBER 17, 2018

Group-IB Threat Intelligence continuously detects and analyses data uploaded to card shops all over the world,” – said Dmitry Shestakov, Head of Group-IB ?ybercrime According to Group-IB’s annual Hi-Tech Crime Trends 2018 report, on average, from June 2017 to August 2018, 1.8 ybercrime research unit.

Banking 111

Banking Cybercrime Advertising Data collection 111

Security Affairs

JANUARY 2, 2023

Google misled its users into thinking they had turned off location tracking in their account settings, when, in fact, Google continued to collect their location information. According to the article, there are two settings responsible for the location data collection, the “Location History” and “Web & App Activity”.

Consumer Protection 98

Consumer Protection Surveillance Data collection Accountability 98

Security Affairs

OCTOBER 15, 2018

This information was first made public by experts from Group-IB’s Brand Protection team at the CyberCrimeCon 2018 international cybersecurity conference. Scammers create fake websites of known brands, fraudulent promotional campaigns, and fake accounts on social media. billion in 2017, compared to $1.2 billion in 2016.

Marketing 104

Marketing Media Phishing Engineering 104

Malwarebytes

MAY 31, 2023

Another employee noticed and reported it to their supervisor who allegedly told them that it was "normal" for an engineer to view so many accounts. However, Ring continued to allow hundreds of other employees and third-party contractors access to all video data, regardless of whether they actually needed it in order to perform their jobs.

Engineering 98

Engineering Data collection Government Accountability 98

Malwarebytes

DECEMBER 16, 2021

The fine covers the period from July 2018, when the “Law on the Processing of Personal Data (Personal Data Act)” was established, until April 2020, when Grindr changed the consent solution. Nevertheless, this is the highest fee to date from the Norwegian Data Protection Authority.

Advertising 120

Advertising Marketing Data collection Mobile 120

Schneier on Security

MARCH 13, 2019

It even collects what it calls " shadow profiles " -- data about you even if you're not a Facebook user. This data is combined with other surveillance data the company buys, including health and financial data. Collecting and saving less of this data would be a strong indicator of a new direction for the company.

Advertising 243

Advertising Surveillance Engineering Encryption 243

Security Affairs

MARCH 7, 2019

” In April 2018, Akamai reported that threat actors compromised 65,000 home routers by exploiting vulnerabilities in Universal Plug’N’Play (UPnP) , experts tracked the botnet as UPnProxy. In December 2018 the company provided an update to its initial analysis revealing a disconcerting scenario, UPnProxy is still up and running.

Cyber Attacks 107

Cyber Attacks Advertising Firmware Data collection 107

eSecurity Planet

APRIL 26, 2022

Company Sector Year Status Vicarius Vulnerability management 2022 Private Dragos ICS and OT security 2021 Private Safeguard Cyber Risk management 2021 Private CyberGRX Risk management 2019 Private Signifyd Fraud protection 2018 Private RedOwl Security analytics 2015 Acquired: Forcepoint. Accel Investments. Andreessen Horowitz (a16z).

Cybersecurity 127

Cybersecurity Technology Marketing Healthcare 127

eSecurity Planet

SEPTEMBER 24, 2021

Rapid7 combines threat intelligence , security research, data collection, and analytics in its comprehensive Insight platform, but how does its detection and response solution – InsightIDR – compare to other cybersecurity solutions? On Gartner Peer Insights, Rapid7 has nearly 700 reviews in a handful of solution categories.

DNS 120

DNS Technology Cybersecurity Data collection 120

CyberSecurity Insiders

APRIL 30, 2021

where fraudsters impersonated a trusted business partner , manipulat ing the CEO into transferring $243,000 to the scammers’ account. . Deepfakes first came into prominence in 2018 when a developer adapted AI techniques to create software that can swap one person’s face for another.

Technology 93

Technology Authentication Media Accountability 93

Malwarebytes

JANUARY 16, 2024

Together, CWRU and the FBI were able to identify that an IP address with which the malware was communicating had also been used to access the alumni email account of a man called Phillip Durachinsky. The IP address was linked to the malware using data collected by CWRU, Malwarebytes, and AT&T.)

Malware 127

Malware Passwords Identity Theft Data collection 127

Malwarebytes

MARCH 3, 2021

Detailed credentials for more than 21 million mobile VPN app users were swiped and advertised for sale online last week, offered by a cyber thief who allegedly stole user data collected by the VPN apps themselves. The data leak of SuperVPN, GeckoVPN, and ChatVPN. link] — Troy Hunt (@troyhunt) February 28, 2021.

VPN 145

VPN Passwords Internet Internet 145

Thales Cloud Protection & Licensing

MAY 22, 2024

The regulation didn't just introduce new rules—it upended the entire approach to data privacy. Users should be able to opt in and agree to specific data collection while consenting to the scoped processing purpose. Implementing MFA adds an extra layer of security, ensuring that only authorized users can access their accounts.

Data collection 62

Data collection Data privacy Encryption Authentication 62

Troy Hunt

DECEMBER 19, 2017

The site asks you for some personal information when you create the account which it then stores in a database. Who now owns that data? This is an important question because it drives the way organisations then treat that data. Data Collection Should be Minimised, Not Maximisation. The cat site?

Data breaches 138

Data breaches Data collection B2B Mobile 138

SecureList

OCTOBER 7, 2022

In late 2018, we discovered a sophisticated espionage framework, which we dubbed “ TajMahal “ It consists of two different packages, self-named “Tokyo” and “Yokohama”, and is capable of stealing a variety of data, including data from CDs burnt on the victim’s machine and documents sent to the printer queue.

Malware 145

Malware Computers and Electronics Telecommunications Encryption 145

Centraleyes

DECEMBER 19, 2024

million fine by the Dutch Data Protection Authority (DPA). The fine stems from the company’s failure to clearly explain its data practices to users between 2018 and 2020highlighting a key issue that has been in the spotlight ever since the GDPR was introduced. Netflix has been hit with a 4.75 What Went Wrong? Whats Next?

Data privacy 52

Data privacy Data collection Accountability 52

CyberSecurity Insiders

MAY 2, 2023

It amends the 2018 California Consumer Privacy Act (CCPA) introduced in response to rising consumer data privacy concerns. It has significantly impacted data collection and handling practices, giving consumers more control over how businesses handle their data. On the other hand, the CPRA relies on opt-out consent.

Data collection 52

Data collection Data breaches Password Management Data privacy 52

eSecurity Planet

FEBRUARY 16, 2024

Reconnaissance Reconnaissance is the starting point of Volt Typhoon’s cyber campaign, characterized by thorough planning and data collection. LotL emerged in 2018 and became a popular strategy among malicious actors due to its effectiveness in ensuring covert persistence and discovery evasion.

Internet 111

Internet Internet Network Security Cybersecurity 111

eSecurity Planet

OCTOBER 11, 2022

In the world of cybersecurity, the path of least resistance has consistently been shown to be the human element, specifically user accounts with enough access privileges or credentials for the cybercriminal to execute their plan. Compromised employee account login information was also the costliest infection vector for enterprises.

Advertising 125

Advertising Cybersecurity DDOS Data breaches 125

SC Magazine

JULY 12, 2021

Jared Polis, at the time Colorado’s governor-elect, speaks at a 2018 election night rally. Of course, it can be tricky to know precisely what to teach when there are so many different privacy regulations to account for. The data is what is going to drive this,” said Rakoski. Photo by Rick T. Wilking/Getty Images).

Education 109

Education Security Awareness Data privacy Social Engineering 109

SecureList

FEBRUARY 16, 2023

For example, one website offered users to obtain a COVID vaccination certificate by entering their British National Health Service (NHS) account credentials. Scammers abused legitimate survey services by creating polls in the name of various organization to profit from victims’ personal, including sensitive, data.

Phishing 127

Phishing Scams Accountability Energy and Utilities 127

Security Affairs

JANUARY 27, 2020

JavaScript-sniffers (JS-sniffers) targeting ecommerce websites is a type of malicious JavaScript code, designed to steal customer payment and personal data such as credit card numbers, names, addresses, logins, phone numbers, and credentials from payment systems, and etc. Group-IB has been tracking the GetBilling JS-sniffer family since 2018.

Cybercrime 105

Cybercrime Marketing eCommerce Advertising 105

SecureList

MARCH 29, 2023

BlueNoroff developed an elaborate phishing campaign that targeted startups and distributed malware for stealing all crypto in the account tied to the device. It presents a continuation of our previous annual financial threat reports ( 2018 , 2019 , 2020 , 2021 ), which provide an overview of the latest trends across the threat landscape.

Banking 111

Banking Phishing Cryptocurrency Mobile 111

Centraleyes

OCTOBER 10, 2024

The General Data Protection Regulation (GDPR) is a comprehensive data protection law enacted by the European Union (EU) in 2018. Its primary aim is to safeguard the personal data of EU residents and regulate how businesses and organizations process this data.

Data collection 52

Data collection Data breaches Data privacy Risk 52

SecureList

OCTOBER 25, 2023

This archive is discreetly hosted on legitimate websites, cleverly disguised as firmware binaries for enigmatic devices labeled “m100” The Bitbucket repository was created on June 21, 2018, under the account of Julie Heilman, and it remains the sole repository associated with this profile.

Malware 137

Malware DNS Encryption Cryptocurrency 137

SecureList

SEPTEMBER 28, 2022

As we noted in 2018, there are many similarities between their ATM and PoS versions. With the patch in place, the malware collects the data from TRACK2, such as the account number and expiration date, in addition to other cardholder information needed to perform fraudulent transactions. Initial infection vector.

Malware 139

Malware Banking Software Encryption 139

eSecurity Planet

MARCH 17, 2022

Unlimited cloud accounts and users, and monthly down to hourly cloud scans Data retention options between 30 days and 18 months Business hours support and compliance reports for GDPR , PCI, HIPAA, and more Container scanning with CI/CD and registry integrations Infrastructure-as-Code (IaC) security scanning for Terraform and AWS CloudFormation.

Penetration Testing 109

Penetration Testing Software Risk Firewall 109

Elie

APRIL 23, 2018

the talk I gave at RSA 2018. This struggle to collect abusive content accurately exists all across the board whether it is for reviews, comments, fake accounts or network attacks. Collecting ground truth with honeypots : Honeypots. controlled settings ensure you that they will only collect attacks. slides here.

Phishing 90

Phishing Data collection Accountability Architecture 90

Spinone

JULY 3, 2020

and you interact with their data in any way – you fall under the GDPR. You can remember the massive story with Facebook’s misuse of customer information in 2018; other big players like British Airways and Marriott International have also suffered from €200 million and €99 million GDPR fines , respectively.

Data breaches 52

Data breaches Marketing Data collection Antivirus 52

Security Boulevard

MAY 21, 2024

As described in his talk, account takeover is not limited to Mimikatz. Attackers can take over accounts via many techniques within the Credential Access Tactic category, such as LSASS Credential Dumping , Token Impersonation (not sure why this is not considered a Credential Access Technique), etc.

Computers and Electronics 59

Computers and Electronics Engineering Accountability System Administration 59

Krebs on Security

JULY 18, 2022

Namely, the ability to route one’s malicious traffic through a computer that is geographically close to the consumer whose credit card they’re about to charge at some website, or whose bank account they’re about to empty. Others are fairly opaque about their data collection and retention policies. ”

VPN 326

VPN Computers and Electronics Antivirus Software 326

Krebs on Security

JANUARY 11, 2022

In 2018, Wazawaka registered a slew of domains spoofing the real domain for the Hydra dark web market. In 2014, Wazawaka confided to another crime forum member via private message that he made good money stealing accounts from drug dealers on these marketplaces. The Weblancer account says Wazawaka is currently 33 years old.

DDOS 302

DDOS Accountability Cybercrime Ransomware 302