Sat.Nov 16, 2019 - Fri.Nov 22, 2019

article thumbnail

Data Enrichment, People Data Labs and Another 622M Email Addresses

Troy Hunt

Until this month, I'd never heard of People Data Labs (PDL). I'd certainly heard of the sector they operate in - "Data Enrichment" - but I'd never heard of the company itself. I've become more familiar with this sector over recent years due to the frequency with which it's been suffering data breaches that have ultimately landed in my inbox. For example, there's Dun & Bradstreet's NetProspex which leaked 33M records in 2017 , Exactis who had 132M records breached last year and the Apollo dat

article thumbnail

110 Nursing Homes Cut Off from Health Records in Ransomware Attack

Krebs on Security

A ransomware outbreak has besieged a Wisconsin based IT company that provides cloud data hosting, security and access management to more than 100 nursing homes across the United States. The ongoing attack is preventing these care centers from accessing crucial patient medical records, and the IT company’s owner says she fears this incident could soon lead not only to the closure of her business, but also to the untimely demise of some patients.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Iran Has Shut Off the Internet

Schneier on Security

Iran has gone pretty much entirely offline in the wake of nationwide protests. This is the best article detailing what's going on; this is also good. AccessNow has a global campaign to stop Internet shutdowns.

Internet 256
article thumbnail

Security pros explain Black Friday best practices for consumers and businesses

Tech Republic Security

Consumers have to make sure not to fall prey to fraudulent coupons or deceptively spoofed retailer websites.

Retail 199
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Welcoming the Norwegian Government to HIBP

Troy Hunt

Over the last couple of years, I've been increasingly providing governments with better access to their departments' data exposed in breaches by giving them free and unfettered API access to their domains. As I've been travelling around the world this year, I've been carving out time to spend with governments to better understand the infosec challenges they're facing and the role HIBP can play in helping them tackle those challenges.

article thumbnail

DDoS-for-Hire Boss Gets 13 Months Jail Time

Krebs on Security

A 21-year-old Illinois man was sentenced last week to 13 months in prison for running multiple DDoS-for-hire services that launched millions of attacks over several years. This individual’s sentencing comes more than five years after KrebsOnSecurity interviewed both the defendant and his father and urged the latter to take a more active interest in his son’s online activities.

DDOS 207

More Trending

article thumbnail

Business Email Compromise: 5 ways this fraud could happen and what can be done to prevent it

Tech Republic Security

Millions of dollars and loads of personal information is being stolen through a growing threat known as Business Email Compromise (BEC).

194
194
article thumbnail

When Bank Communication is Indistinguishable from Phishing Attacks

Troy Hunt

You know how banks really, really want to avoid their customers falling victim to phishing scams? And how they put a heap of effort into education to warn folks about the hallmarks of phishing scams? And how banks are the shining beacons of light when it comes to demonstrating security best practices? Ok, that final one might be a bit of a stretch , but the fact remains that people have high expectations of how banks should communicate to ensure that they themselves don't come across as phishers

Banking 236
article thumbnail

E-Skimming Strikes Again: Macy’s Confirms Magecart Data Breach

Adam Levin

Macy’s has informed customers of an e-skimming data breach following the discovery of Magecart malware on its website. In a letter to affected customers, the retailer said that it had detected malware on its e-commerce website on October 15 and that it had been active for a little over a week. . “The unauthorized code was highly specific and only allowed the third party party to capture information submitted by customers,” stated the letter, explaining that user-submitted data on the site’s chec

article thumbnail

Security Vulnerabilities in Android Firmware

Schneier on Security

Researchers have discovered and revealed 146 vulnerabilities in various incarnations of Android smartphone firmware. The vulnerabilities were found by scanning the phones of 29 different Android makers, and each is unique to a particular phone or maker. They were found using automatic tools, and it is extremely likely that many of the vulnerabilities are not exploitable -- making them bugs but not security concerns.

Firmware 230
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

SHARED INTEL: How ‘memory attacks’ and ‘firmware spoilage’ circumvent perimeter defenses

The Last Watchdog

What does Chinese tech giant Huawei have in common with the precocious kid next door who knows how to hack his favorite video game? Related: Ransomware remains a scourge The former has been accused of placing hidden backdoors in the firmware of equipment distributed to smaller telecom companies all across the U.S. The latter knows how to carry out a DLL injection hack — to cheat the game score.

Firmware 174
article thumbnail

Weekly Update 165

Troy Hunt

Yes, I'm in my car. I'm completely disorganised, rushing to the next event and really didn't plan this very well. But hey, what an awesome little soundproof booth it is! That said, I did keep this week deliberately concise. until I went to edit it and then Adobe Premiere (or the NVIDIA drivers on my laptop) decided to turn a 16 minute video clip into a multi-hour s**t-fight.

VPN 189
article thumbnail

Air Force hires Trueface for facial recognition on bases

Tech Republic Security

Trueface will provide Air Force bases with systems that can identify faces, license plates and guns.

161
161
article thumbnail

GPS Manipulation

Schneier on Security

Long article on the manipulation of GPS in Shanghai. It seems not to be some Chinese military program, but ships who are stealing sand. The Shanghai "crop circles," which somehow spoof each vessel to a different false location, are something new. "I'm still puzzled by this," says Humphreys. "I can't get it to work out in the math. It's an interesting mystery.

219
219
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Personal and social information of 1.2B people exposed on an open Elasticsearch install

Security Affairs

Security duo discovered personal and social information 1.2 billion people exposed online on an unsecured Elasticsearch server. Researchers Bob Diachenko and Vinny Troia discovered an unsecured Eslasticsearch server containing an unprecedented 4 billion user accounts. The database, discovered on October 16, 2019, contained more than 4 terabytes of data is the largest data leaks from a single source organization in history.

article thumbnail

1.2 Billion Records Found Exposed Online in a Single Server 

WIRED Threat Level

Here's the next jumbo data leak, complete with Facebook, Twitter, and LinkedIn profiles.

145
145
article thumbnail

Business Email Compromise: 5 ways this fraud could happen and what can be done to prevent it

Tech Republic Security

Millions of dollars and loads of personal information is being stolen through a growing threat known as Business Email Compromise (BEC).

148
148
article thumbnail

Game Company Wizards of the Coast Suffers Data Breach

Adam Levin

Data belonging to more than 450,000 players of popular online games were exposed on an unprotected database accessible online. Wizards of the Coast, the company behind games such as Magic: The Gathering , MTG Arena , and Magic Online accidentally left a database unprotected on an online Amazon Web Services storage bucket. The first and last names, email addresses, and passwords of 452,634 players and 470 employees were exposed.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

ENISA publishes a Threat Landscape for 5G Networks

Security Affairs

ENISA, the European Union Agency for Cybersecurity publishes a Threat Landscape for 5G Networks, assessing the threats related to the fifth generation of mobile telecommunications networks (5G). ENISA with the support of the Member States, the European Commission and an Expert Group, published an extensive report on threats relating to 5G networks. An EU-wide Coordinated Risk Assessment of 5G networks has been published on the 9 th October 2019.

article thumbnail

BEST PRACTICES: Resurgence of encrypted thumb drives shows value of offline backups — in the field

The Last Watchdog

Encrypted flash drives, essentially secure storage on a stick, are a proven technology that has been readily available for at least 15 years. A few years back, it seemed like they would fade into obsolescence, swept aside by the wave of streaming services and cloud storage. Related: Can Europe’s GDPR restore data privacy? And yet today there is a resurgence in demand for encrypted flash drives.

Backups 133
article thumbnail

82% of SMB execs expect employees to put business devices at risk with holiday shopping

Tech Republic Security

Nearly half of executives surveyed don't believe their employees would be able to spot a bad actor posing as an online retailer, Zix-AppRiver found.

Retail 142
article thumbnail

Leaks of NSA, CIA Tools Have Leveled Nation-State Cybercriminal Capabilities

Dark Reading

The wide availability of tools leaked by the Shadow Brokers and WikiLeaks in 2016 and 2017 have given emerging cyber powers a way to catch up, DarkOwl says.

132
132
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

French Rouen hospital hit by a ransomware attack

Security Affairs

The University Hospital Center (CHU) of Rouen was hit by the malware last week, the ransomware had a severe impact on the operations during the weekend. The AFP news agency reported that a ransomware attack on a hospital in Rouen last week caused “very long delays in care.” Medical staff at the hospital were not able to use the PCs and servers that were crippled by ransomware, they returned to the “ old-fashioned method of paper and pencil.” The management of the hospital

article thumbnail

Data-Enriched Profiles on 1.2B People Exposed in Gigantic Leak

Threatpost

Although the data was legitimately scraped by legally operating firms, the security and privacy implications are numerous.

131
131
article thumbnail

75% of developers worry about app security, but half lack dedicated security experts on their team

Tech Republic Security

The majority of developers view security as integral to the coding and development process, but lack the support of a security expert, Whitehat Security found.

141
141
article thumbnail

1.2B Records Exposed in Massive Server Leak

Dark Reading

A single server leaked 4 terabytes of personal data, including social media profiles, work histories, and home and mobile phone numbers.

Mobile 118
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

T-Mobile discloses data breach affecting prepaid wireless customers

Security Affairs

Bad news for T-Mobile prepaid customer, the US-based telecom giant T-Mobile today disclosed a new data breach incident. The US branch of the telecommunications giant T -Mobile disclosed a security breach that according to the company impacted a small number of customers of its prepaid service. The cybersecurity team at T-Mobile discovered an unauthorized access to information associated with a limited number of its prepaid wireless account customers. “We want to let you know about an incid

Wireless 138
article thumbnail

Critical Flaws in VNC Threaten Industrial Environments

Threatpost

Some of the bugs allow remote code-execution.

122
122
article thumbnail

Want to attain and retain customers? Adopt data privacy policies

Tech Republic Security

Customers won't buy services or products from companies if they don't trust how their data will be used, Cisco found.

article thumbnail

Iran’s APT33 Hackers Are Targeting Industrial Control Systems

WIRED Threat Level

The recent focus on ICS raises the possibility that Iran's APT33 is exploring physically disruptive cyberattacks.

Hacking 111
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!