Information Security Awareness News From Around The Web

60,000 Android devices hit by battery-saving app attack

Computer security experts have discovered an unusual attack targeting users of Android devices. As researchers Yonathan Klijnsma and Aaron Inness explain on the RIskIQ blog, the attack starts with a relatively pedestrian fake warning message that popped-up on some Android users’ devices as they browsed the web.

Krebs on Security

The U.S. Supreme Court today ruled that the government needs to obtain a court-ordered warrant to gather location data on mobile device users. The decision is a major development for privacy rights, but experts say it may have limited bearing on the selling of real-time customer location data by the wireless carriers to third-party companies.

Krebs on Security

In the wake of a scandal involving third-party companies leaking or selling precise, real-time location data on virtually all Americans who own a mobile phone, AT&T, Sprint and Verizon now say they are terminating location data sharing agreements with third parties.

MD Anderson Cancer Center Fined $4.3 M For Data Breach

An administrative judge fined The University of Texas MD Anderson Cancer Center $4.3 million Monday. The fine is for violations of the Health Insurance Portability and Accountability Act. Judge Steven Kessel with U.S. Health and Human Services fined the Houston cancer center for losing more than 33,000 patients health records in 2012 and 2013.

Krebs on Security

In the days following revelations last September that big-three consumer credit bureau Equifax had been hacked and relieved of personal data on nearly 150 million people, many Americans no doubt felt resigned and powerless to control their information. But not Jessamyn West. The 49-year-old librarian from a tiny town in Vermont took Equifax to court.

Yahoo fined £250,000 over 2014 data breach

Yahoo’s British subsidiary has been fined £250,000 by the UK’s data watchdog after losing the data of more than half a million people. The fine is equivalent to just less than 50p for ever British user who was affected by the attack and follows another fine of $35m (£26m) issued by the US Securities and Exchange Commission.

Krebs on Security

MyHeritage, an Israeli-based genealogy and DNA testing company, disclosed today that a security researcher found on the Internet a file containing the email addresses and hashed passwords of more than 92 million of its users. MyHeritage says it has no reason to believe other user data was compromised, and it is urging all users to change their passwords.

Data breach disrupts concert ticketing service Ticketfly

PROVIDENCE, R.I. — Concert ticketing service Ticketfly says it’s working to get its system back online after a data breach leaked users’ personal information and disrupted services at live music venues. A check of the Ticketfly website Sunday night shows the website unavailable with the following announcement: “Due to a recent cyber incident, ticketfly.com is offline.”

The genius of GDPR is that it forces companies to police each other

The European Union’s far-reaching General Data Protection Regulation (GDPR) launched last Friday amid major fanfare and the clogging of millions of inboxes with heartfelt pleas. But the genius behind GDPR isn’t just what it means for consumer rights, it’s about how the threat of massive fines means companies themselves will do most of the heavy lifting when…

They said they were priests. Then they asked for iTunes gift cards for the needy.

Some Catholics in the Tampa Bay area have been hit by scammers sending requests, purportedly from their parish priests, for iTunes gift cards. Father John Tapp of Nativity Catholic Church in Brandon alerted the Roman Catholic Diocese of St. Petersburg after he learned that his staff had received such requests.

Canadian Hacker Jailed for 5 Years Following Yahoo Breach

Breach Response , Cyberwarfare / Nation-state attacks , Data Breach Hacker-for-Hire Karim Baratov Fed Stolen Passwords to Alleged Russian Officer A Canadian citizen has received a U.S. federal prison sentence after he admitted to working for alleged Russian intelligence officers who have been tied to a massive breach of search giant Yahoo.

Krebs on Security

The Federal Bureau of Investigation (FBI) is warning that a new malware threat has rapidly infected more than a half-million consumer devices. To help arrest the spread of the malware, the FBI and security firms are urging home Internet users to reboot routers and network-attached storage devices made by a range of technology manufacturers.

An average data breach will cost an enterprise $1.23M and an SMB $120K, here’s why

Research from Kaspersky Lab presents bad news for those concerned about data breaches: They’re rapidly becoming more expensive (registration required for report download). For enterprises, that expense is up 24% from 2017 to around $1.23 million per breach, according to the Kaspersky research report.

Hackers infected over 500,000 routers with potential to cut off internet

More than half a million routers and network devices in 54 countries have been infected with sophisticated malware, researchers from Cisco’s Talos Intelligence Group warn. The malware, which the security researchers are calling VPNFilter, can steal logins and passwords, can monitor industrial controls and contains a killswitch for routers.

Email Is Dangerous

That brings us back to last week, and the release of Efail. The hack is simple and brilliant: It uses the fact that your email client thinks it’s a web browser. An attacker sending mail can steal the content of secret messages you may have sent or received.

State regulators unveil nationwide crackdown on suspicious cryptocurrency investment schemes

Securities regulators across the United States and Canada announced dozens of investigations Monday into potentially deceitful cryptocurrency investment products, the largest coordinated crackdown to date by state and provincial officials on bitcoin scams. As many as 70 investigations have been opened in the sweep, with more expected in the coming weeks, said the North American Securities Administrators Association, which helped coordinate the probes.

UK businesses think GDPR will make them more competitive

With the deadline for GDPR fast approaching, new research has revealed that 75 per cent of UK IT decision makers and CIOS believe the upcoming regulation could improve the competitiveness of their business.

Inside an Apple phishing attack

Today on Salted Hash, we’re going to look at a phishing attack from two sides. The first side will be what the victim sees. After that, we’re going to see what the criminal sees. We’ll also discuss some steps administrators can take to uncover these attacks in their own environments.

Lawyer Suing Facebook: ‘This Could Be the Largest Data Breach’ Ever | National Law Journal

Lean Adviser Legal Think Lean Daily Message “The Lean Law Program seeks to make the existing talent pool more efficient and effective. That doesn’t mean working more hours while operating the same way as before. What it means is this: Don’t lean on your lawyers, make them lean.

Healthcare Data Security Programs Get Short Shrift in IT Budgets

Source: Thinkstock – Healthcare data security programs continue to be underfunded and understaffed, a Black Book Market Research cybersecurity survey of close to 2,500 healthcare security professionals found. Almost all of the respondents agreed that cyberattackers are outpacing healthcare organizations in funding and technology, leaving providers far behind in the race to protect patient data.

Nuance Communications Breach Affected 45,000 Patients

Breach Notification , Data Breach , Data Loss Former Employee Allegedly Accessed Personal Data From Several Nuance Clients Nuance Communications, which specializes in speech recognition software, says an unauthorized third party accessed one of its medical transcription platforms, exposing 45,000 individuals’ records. See Also: Why is the CISO Role the Most Difficult Job in the World?

Uhh, Google Assistant Impersonating a Human on the Phone Is Scary as Hell to Me

Google could soon have a feature that lets your phone impersonate people-because consumer-facing artificial intelligence isn’t terrifying enough. Called Duplex, it’s intended to make people’s lives easier by handling standard phone calls that are necessary, but not especially personal.

Equifax denied passport numbers were involved in its data breach in February. Now it’s admitting they were.

In a reversal of its previous denials, Equifax last week admitted that passports were involved in the data breach that exposed the data of millions of its customers. The credit reporting agency last September revealed thata data breach had left the personal information of about half of the American population exposed.

Twitter Support on Twitter

We recently found a bug that stored passwords unmasked in an internal log. We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password. https://t.co/RyEDvQOTaZ

Krebs on Security

Take care when typing a domain name into a browser address bar, because it’s far too easy to fat-finger a key and wind up somewhere you don’t want to go.

Ransomware attack hits city of Atlanta

Ransomware is a malicious software that prevents or limits users from accessing their system by locking them out until a ransom is paid. NBC affiliate WXIA reported that the city received a ransom demand in bitcoin for $6,800 per unit or $51,000 to unlock the entire system.

Equifax found additional breach victim | Engadget Today

An additional 2.4 million people were found to be impacted. Subscribe to Engadget on YouTube: http://engt.co/subscribe Get More Engadget: * Like us on Facebook: http://www.facebook.com/engadget * Follow us on Twitter: http://www.twitter.com/engadget * Follow us on Instagram: http://www.instagram.com/engadget * Add us on Snapchat: https://www.snapchat.com/add/engadgetHQ * Read more: http://www.engadget.com Engadget is the definitive guide to this connected life.

50 Cent realizes he’s a Bitcoin millionaire thanks to sales of a 2014 album

Call him the ultimate hodler. After being one of the first musicians to accept Bitcoin all the way back in 2014, Rapper 50 Cent (a.k.a. Curtis Jackson) appears to have accumulated a small fortune in the volatile digital currency.

5 warning signs your email has been hacked

Do you think you’d be able to tell the difference between a real email and a fake from hackers trying to access your personal information? TODAY national investigative correspondent Jeff Rossen goes out on the street to reveal the top five red flags that could be in your inbox right now, like misspellings and grammatical errors.

US short of options to punish NKorea for serious cyberattack

WASHINGTON (AP) – The Trump administration vowed Tuesday that North Korea would be held accountable for a May cyberattack that affected 150 countries, but it didn’t say how, highlighting the difficulty of punishing a pariah nation already sanctioned to the hilt for its nuclear weapons program.

Will Equifax Ever Be Held Accountable For Its ‘Rookie Mistakes’?

For a few bracing weeks this fall, consumers harmed by Equifax, Wells Fargo or another financial institution had the right to their day in court. But in late October, Senate Republicans voted to overturn the newly minted rule by the Consumer Financial Protection Bureau, which gave consumers the right to join class-action lawsuits against banks, credit bureaus and lenders.

Data Breach Notifications Can Now Be Brought to You

Typically when a large data breach occurs, those possibly affected by it often have to jump through hoops to find out if their information was compromised. A new initiative from popular web browser Firefox and password manager 1Password bring information about data breaches straight to the user, reports Engadget.

PDQ reports credit card hack

Florida-based PDQ reported on its website this weekend that it was the victim of a cyber-attack between May 19, 2017, and April 20, 2018. The chain said that it learned on June 8, 2018, that customers’ credit card information and…

Firefox Is Back. It’s Time to Give It a Try.

Do you ever feel that the web is breaking? When shopping online for a toaster oven, you can expect an ad for that oven to stalk you from site to site. If you have just a few web browser tabs open, your laptop battery drains rapidly.

The Ransomware Attack On Your Firm Is Coming And You’re Probably Not Prepared

It’s a healthy instinct to harbor a good deal of skepticism in this world. That holds doubly true when it comes to the style of overhyped, “Which brand of soda will give your kids syphilis?” headlines that local news outlets use to stir up anxious suburbanites.

Apple will disable iPhone Lightning ports after an hour, closing device cracking loophole

( Reuters) – Apple said on Wednesday it will change its iPhone settings to undercut the most popular means for law enforcement to break into the devices. The company told Reuters it was aiming to protect all customers, especially in countries where phones are readily obtained by police or by criminals with extensive resources, and to head off further spread of the attack technique.

GDPR: The Biggest Data Breaches And The Shocking Fines (That Would Have Been)

By looking at some of the largest data breaches in history, it’s clear that the new GDPR requirements that went into effect this May are significant and would have cost these companies greatly if GDPR was enacted at the time of the breach.

Facebook shares data with Chinese firms

Facebook has confirmed it has a data-sharing partnership with Chinese firms including Huawei, a company US intelligence previously flagged as a security threat. The agreements gave the Chinese firms some access to users’ data to help them build Facebook “experiences” on their own platforms. Facebook said all the data collected remained on users’ phones not servers.

Mich. county official falls for phishing scam, quits

Owosso, Mich. – An official in a small Michigan county has resigned after being tricked into wiring $50,000 to an overseas bank account. Shiawassee County apparently was the victim of a phishing scam. Financial administrator Patricia Fitnich believed that she was replying to an email from another county official about paying a bill.

Could GDPR be used to the advantage of cyber-criminals?

Security expert Colin Larkin asks if GDPR can be used as a cybercrime tool. Many businesses aren’t yet serious about GDPR. But this will change when the Data Protection Commissioner (DPC) starts issuing penalty notices later this year. When that happens, businesses could flip to the other extreme, suspending services at the first hint of an attack rather than risking GDPR penalties.

IRS warns tax professionals about phishing emails

The IRS is warning tax practitioners about phishing emails posing as state accounting and professional associations. Tax professionals sent reports to the IRS about emails they received trying to trick them into disclosing their email usernames and passwords. Cybercriminals targeted tax practitioners in Iowa, Illinois, North Carolina and New Jersey.

California’s strict data breach law moves forward

Shortly after passing a super-strict net neutrality bill, the California senate OK’d, by 21-13, another key tech measure, allowing any consumer affected by a data breech to sue for damages. People don’t even have to be customers or users of a service to sue (as previously required), which lets them take action against third-party data brokers like the infamously leaky Equifax.

Papua New Guinea to ban Facebook for a month

The country of Papua New Guinea is reportedly planning a month-long national ban of Facebook. Why? To research the effect that the addictive social network has on the South Pacific island’s populace, and to root out “fake users.” But important questions remain unanswered.

Facebook suggests no compensation for European users affected by data breach

BRUSSELS: Facebook is unlikely to compensate the 2.7 million European users whose data was improperly shared with political consultancy Cambridge Analytica because sensitive bank account data had not been shared, the company said on Wednesday.

Chrome Has a Built In Malware Scanner, Here’s How to Use It

Lots of malware tries to bog down your browser, but Google Chrome isn’t defenseless-on Windows there’s a built-in scanner called Cleanup. This software runs in the background periodically, but you can manually run a scan right now by heading to the URL chrome://settings/cleanup in your browser, or by going to Settings > Reset and clean up > Clean up computer.

LifeBridge data breach exposes personal information of 500,000 patients

LifeBridge Health has notified 500,000 patients that their personal information may have been exposed in a cyber attack recently discovered by the health system. Indication of an attack was first detected in March and an investigation by a national forsenic firm hired by the hospital determined that the data breach took place Sept.

SunTrust Data Theft Effects Florida Customers

If you’re a SunTrust Bank customer, your personal information may be at risk.

Chrome is killing its ‘Secure’ URL label in September

The Chrome browser’s upcoming versions will focus on highlighting its negative security indicators, even going as far as sunsetting its positive ones. Chrome Security Product Manager Emily Schechter has announced that Chrome 69, which will be available in September, will stop marking HTTPS sites as “Secure” on the address bar.

California High Schooler Changes Grades After Phishing Teachers, Gets 14 Felonies for His Efforts

Police in Concord, California arrested a teenager earlier this week and charged him with 14 felony counts after discovering the high schooler launched a phishing campaign directed at teachers in order to steal their passwords and change grades.

Kaspersky Lab plays Swiss gambit in attempt to assuage Russian spying fears

Kaspersky Lab has announced that it is moving some of its core infrastructure from Russia to Switzerland. The relocation is part of the company’s latest attempt to allay fears that the Kaspersky anti-virus company can be coerced by the Kremlin to spy on customers – fuelled by recommendations from the US , UK , and now Dutch governments that the software not be used.

The comprehensive IT security guide for CIOs from Information Age

In the face of increasing cyber attacks and more complex, stringent data privacy laws, IT security has become an increasingly important discussion for the boardrooms of organisations across industries. The IT security responsibility should lie with the CIO, but the culture of security should be adopted by a whole organisation.

Yahoo, now named Altaba, is fined $35 million over giant data breach

The Securities and Exchange Commission announced the action Tuesday against the company, which is now called Altaba Inc. after its email and other digital services were sold to Verizon Communications Inc. for $4.48 billion last year. The Sunnyvale, Calif., company, which no longer is publicly traded, neither admitted nor denied the allegations but did agree to refrain from further violations of securities laws.

Why cyberinsurance can help businesses survive after an attack or data breach

Jenny Soubra, US head of cyber atAllianz Global Corporate & Specialty, spoke with TechRepublic’s Dan Patterson about the growth of the cyber-insurance industry, and how businesses can determine the right options for their own cybersecurity. Here’s part of their conversation: Patterson: I wonder if we could start by defining the scope, the scale of not just the cybersecurity challenge, but the cybersecurity insurance industry.

Malware attack at Chili’s compromised some customers’ credit and debit card information

Chili’s is the latest restaurant chain to be impacted by a data breach. The casual dining chain’s parent company, Brinker International, announced Saturday that customer credit and debit card information had been compromised at some Chili’s locations between March and April. However, the company is still assessing the scope of the incident.

GDPR Compliance Countdown: The Final Checklist | Information Security Buzz

Having caused IT teams – and indeed businesses – turmoil throughout the past number of months, the dreaded General Data Protection Regulation (GDPR) enforcement deadline is now just a matter of weeks away from implementation. 25th May marks the day that European industries will see if their exhaustive preparations will finally come to fruition, and find …

Krebs on Security

Panerabread.com, the Web site for the American chain of bakery-cafe fast casual restaurants by the same name, leaked millions of customer records – including names, email and physical addresses, birthdays and the last four digits of the customer’s credit card number – for at least eight months before it was yanked offline earlier today, KrebsOnSecurity has learned.

Here’s what Facebook, Netflix, Candy Crush and other apps know about you

Facebook, Netflix, Candy Crush and other apps on your phone may have a lot more information about you than you think, including your location and other private details. In lengthy privacy agreements that most users don’t read, many of these apps say they cannot guarantee the safety of this information.

Krebs on Security

Almost 20 percent of Americans froze their credit file with one or more of the big three credit bureaus in the wake of last year’s data breach at Equifax, costing consumers an estimated $1.4 billion, according to a new study. The findings come as lawmakers in Congress are debating legislation that would make credit freezes free in every state.

EU plans new tax for tech giants up to 5 percent of gross revenues

BRUSSELS (Reuters) – The European Commission wants to tax large digital companies’ revenues based on where their users are located rather than where they are headquartered at a common rate between 1 and 5 percent, a draft Commission document showed.

YouTube

null

Florida hack exposed files of up to 30,000 Medicaid patients

TALLAHASSEE, Fla. (AP) – Florida officials say hackers may have accessed the personal information and medical records of up to 30,000 Medicaid recipients two months ago. The state’s Agency for Health Care Administration said in a Friday evening news release that one of its employees “was the victim of a malicious phishing email” on Nov.

Krebs on Security

The U.S. Justice Department on Tuesday unsealed the guilty pleas of two men first identified in January 2017 by KrebsOnSecurity as the likely co-authors of Mirai, a malware strain that remotely enslaves so-called “Internet of Things” devices such as security cameras, routers, and digital video recorders for use in large scale attacks designed to knock Web sites and entire networks offline (including multiple major attacks against this site).

CEOs: The Data Breach Is Your Fault

Chief executives and boards of directors are realizing that cybersecurity failures are catastrophic to their businesses. The risk component of cybersecurity makes it a top priority in meeting business objectives and should no longer be left solely within the purview of the CIO and IT department.

Phishing scam claims to deliver WannaCry, demands bitcoin ransom | ZDNet

A new phishing campaign falsely claims to infect PCs with WannaCry ransomware and then demands users pay a bitcoin ransom in order to prevent their files from being deleted.

Shred-it Study Exposes Employee Negligence as Top Information Security Risk to U.S. Businesses

When assessing the cause of data breaches, the report found that employee negligence or accidental loss is a main cause. Nearly half of C-Suite Executives (C-Suites) (47 percent) and Small Business Owners (SBOs) (42 percent) reported that human error or accidental loss by an employee was the cause of a data breach.

Agencies Step Up to Data Security Challenge – Security Boulevard

Agencies Step Up to Data Security Challenge Data-level security is not just another mandate. It’s a necessity. That was a recurring theme during a roundtable discussion held in advance of the Data Security Summit at Spire in Washington, D.C. The theme of the summit, sponsored by Thales eSecurity, was “IT Modernization: The New Cyber Agenda.”

People are still data security’s weakest link-but training can help

The purpose of any effective network data security system is to identify, repel and defeat known security threats. That’s why so many cyber attacks are aimed squarely at humans, who may unwittingly be helping bad actors to hack their company networks.

Why cryptomining is the new ransomware, and businesses must prepare for it

For years, ransomware has been the bane of the enterprise, with cyber criminals literally holding data hostage unless a ransom is paid. Some verticals in the enterprise can breathe a sigh of relief, however, because now there is less ransomware in play, but individuals and small businesses are the newest target as cryptomining becomes the hottest trend in cyber attacks.

CrowdStrike customers that suffer data breach can claim up to $1 million in coverage | ZDNet

When data breaches occur, often, the problem can be traced down to third-parties in a supply chain, or basic, lax security processes in IT environments. The most common response from victim companies to impacted customers is to sign up for credit monitoring services, and no or little compensation is on offer.

Ohio cities face increasing ransomware, cyber attacks

When two ransomware attacks hit the city of Riverside in April and May, it wasn’t the first time the city’s public safety servers lost data because of a malicious virus, this newspaper found in a review of city records.

What Alphabet Won’t Tell You About The GDPR

Alphabet ( GOOG) was announced in 2015 as a holding company to help separate Google’s advertising business from the sprawling investments in Fiber internet, cloud computing, smart home products and connected car products.

How Hospitals Can Protect Themselves Against Ransomware

Future Tense is a partnership of Slate, New America, and Arizona State University that examines emerging technologies, public policy, and society. This article is part of Update or Die , a series from Future Tense about how businesses and other organizations keep up with technological change-and the cost of falling behind.

Canadian banks warn data breach may have affected 90,000 customers

Cybercriminals may have the stolen data of nearly 90,000 customers from two of Canada’s largest banks in what appears to be the first significant cyberattack on a Canadian financial institution. Bank of Montreal and Canadian Imperial Bank of Commerce (CIBC) both announced Monday they had each been contacted by fraudster’s claiming to have stolen personal and financial information of a limited number of the bank’s customers.

Know if Your Password Has Been Leaked in a Data Breach With This Chrome Extension

At this point, it seems like there’s a new data breach every week where users usernames, passwords, and other personal information has been exposed to hackers. Keeping track of them all can be quite the undertaking.

Facebook Sites Dominate Social Network Phishing in Q1 2018: Kaspersky Lab

Woburn, MA – May 23, 2018 – In the first quarter of 2018, Kaspersky Lab’s anti-phishing technologies prevented more than 3.7 million attempts to visit fraudulent social network pages, of which 60 percent were fake Facebook pages, according to Kaspersky Lab’s ‘Spam and Phishing in Q1 2018’ report.

The Wayback Machine is Deleting Evidence of Malware Sold to Stalkers

Image: Shutterstock / Remix: Jason Koebler This story is part of When Spies Come Home , a Motherboard series about powerful surveillance software ordinary people use to spy on their loved ones. The Internet Archive’s goal, according to its website, is “universal access to all knowledge.”

Chase Bank sues Landry’s for $20M over data breach

JP Morgan Chase Bank is suing Landry’s for $20 million in costs related to a 2015 credit card data breach affecting several of the Houston-based hospitality company’s restaurants and entertainment venues.

University fined £120,000 for data breach

The University of Greenwich has been fined £120,000 ($160,000) by the Information Commissioner. The fine was for a security breach in which the personal data of 19,500 students was placed online.

Understanding The Seven Types Of A Data Breach

Data is today’s commercial currency. So, it stands to reason that criminals today will use every means necessary to breach your security in order to access your data. In order for your organization to be protected from a data breach, you will need a comprehensive understanding of the types of data breaches or attack vectors available to cyber criminals.

This cryptocurrency phishing attack uses new trick to drains wallets | ZDNet

A criminal group keen to take advantage of the potentially lucrative opportunities offered by the boom in cryptocurrency has developed a sophisticated new scheme to hijack Ethereum wallets and steal the contents in a first-of-its-kind attack.

Krebs on Security

Much of the fraud involving counterfeit credit, ATM debit and retail gift cards relies on the ability of thieves to use cheap, widely available hardware to encode stolen data onto any card’s magnetic stripe. But new research suggests retailers and ATM operators could reliably detect counterfeit cards using a simple technology that flags cards which appear to have been altered by such tools.

Worcester Bosch admits data breach affecting ‘tens of thousands’

British boiler-maker Worcester Bosch has suffered a data breach that has inadvertently revealed the home addresses of “tens of thousands” of customers. A “systems issue” on Sunday morning caused multiple emails with addresses and names of customers to be sent out by accident.

Shoppers worry about data security with smart speakers – Bizwomen

Although they love it when she tells them jokes, lets them know Amazon packages have arrived, or reads to their kids, consumers apparently aren’t as confident about Alexa doing their shopping. According to Statista, data security is a major reason.

76% Of IT Security Breaches Are Motivated By Money First

Share to email Share to facebook Share to twitter Share to linkedin Share to google Opinions expressed by Forbes Contributors are their own. Tweet This These and many other fascinating insights are from the 11 th edition of Verizon’s 2018 Data Breach Investigations Report. The report is available for download here (PDF, 68 pp., no opt-in).

Facebook suspends ~200 suspicious apps out of “thousands” reviewed so far

Did you just notice a Facebook app has gone AWOL? After reviewing “thousands” of apps on its platform following a major data misuse scandal that blew up in March, Facebook has announced it’s suspended around 200 apps – pending what it describes as a “thorough investigation” into whether or not their developers misused Facebook user data.

Security Awareness Training and How it Impacts Reported Suspicious Emails – Security Boulevard

Security Awareness Training and How it Impacts Reported Suspicious Emails It should not be a surprise, but 95 percent of breaches come through phishing attacks. Nothing more than a simple lure email lands in one of your users inboxes, they click it, and everything unravels from there.

Data breach hits Lord & Taylor’s, Saks: 5 million credit, debit card records compromised

CLOSE Hackers have stolen the personal and financial information of customers who shop at Lord and Taylor and Saks Fifth Avenue in the latest of a string of data breaches in recent years. Records for more than five million credit and debit cards used at all the chains’ North American locations were compromised, according to Gemini Advisory, a cybersecurity firm.

San Diego city attorney sues Experian over massive data breach, saying consumers were never told

San Diego City Attorney Mara Elliott has filed a lawsuit against consumer credit giant Experian, contending the company suffered a massive data breach that affected 250,000 people in San Diego and millions more – but never told customers about it.

Cambridge Analytica controversy: Was there a Facebook data breach?

By now you’ve probably seen some of the hundreds of headlines about Cambridge Analytica, the shady data analytics firm which managed to get its paws on information about some 50 million Facebook users collected via a personality testing app. Some have suggested that the information could have helped influence Facebook users into voting for Donald Trump in the US presidential election.

Why printers add secret tracking dots

On 3 June, FBI agents arrived at the house of government contractor Reality Leigh Winner in Augusta, Georgia. They had spent the last two days investigating a top secret classified document that had allegedly been leaked to the pres s.

Burger King | Whopper Neutrality

The repeal of Net Neutrality is a hot topic in America, but it can be very difficult to understand. That’s why the BURGER KING® brand created WHOPPER® Neutrality, a social experiment that explains the effects of the repeal of Net Neutrality by putting it in terms anyone can understand: A WHOPPER® sandwich.

Here Are All The Available Fixes You Need For Those Huge Chip Hacks — UPDATED

A vast number of tech firms are warning about the Meltdown and Spectre vulnerabilities. Some are getting patches out, but consumers may have to wait for most problems to be fixed.

New PayPal Phishing Campaign Targeting Users | Information Security Buzz

It has been reported that con artists have been targeting PayPal users with fake payment confirmations, according to the Better Business Bureau. The emails contain links that allow the scammers to install malicious malware on users computers. BBB says the scams look like legitimate emails, and con artists use those emails to access banking and …

Thanatos ransomware: Free decryption tool released for destructive file-locking malware | ZDNet

Victims of a destructive form of ransomware, which fails to unlock files even if the ransom is paid, can now retrieve their files for free with a new file decryptor released by security researchers. Thanatos ransomware first started targeting Windows systems in February and multiple versions of it have been released in the months since, indicating that those behind it remain an active threat.

Business pros beware: Phishing attacks are impersonating Netflix and Citibank

Email phishing attempts are not a new phenomenon, but cybercriminals are getting creative. The month of May alone saw over 10,000 unique phishing attempts, and June has already seen 2,000 attempted attacks, according to a report from cybersecurity company Barracuda on Monday.

Tesla Hit By ‘Damaging Sabotage’ By Employee | Information Security Buzz

On Sunday night, Tesla CEO Elon Musk sent an email to all employees alleging there was a saboteur within the company’s ranks. Musk said this person had conducted “quite extensive and damaging sabotage” to the company’s operations, including by changing code to an internal product and exporting data to outsiders.

Oregon state employees unable to email the public after computer ‘hijacked’ by phishing email

Oregon’s state technology workers are scrambling to fix a problem that is preventing thousands of government employees from corresponding with members of the public via email. Several private email providers have blacklisted the state email domain Oregon.gov after a state employee apparently clicked on a phishing email earlier this month that allowed a hacker to access the state’s computer system.

Google assures cloud security amid data privacy concerns, calls it ‘bedrock’

Tech giant Google today said security is the “bedrock” of its cloud services, which have seen significant adoption by enterprises in India over the last few months.

Phishing theft of $93G at clean energy agency went unreported for months

A cyber scammer stole nearly $94,000 in public funds from the Massachusetts Clean Energy Center last year, with news of the theft-by-email taking 8 months to reach the quasi-public agency’s board of directors, according to a state audit.A review by State Auditor Suzanne M.

44 percent of organizations have suffered a data breach in the last year

In the last 12 months, 44 percent of organizations have suffered at least one data breach. More worrying is that of those reporting a data breach, the average was almost 30 data breaches per organization in the last year. This is according to a study from identity management company SailPoint, released at this week’s Infosecurity Europe.

Ransomware Attacks Topped List of Cyber Insurance Claims

Source: Thinkstock – More than one-quarter of cyber insurance claims received by AIG last year were the result of ransomware attacks, the largest percentage of any cyberattack type, according to the insurance giant’s 2017 cyber insurance claim statistics.

Data protection laws are shining a needed light on a secretive industry | Bruce Schneier

When Marc Zuckerberg testified before both the House and the Senate last month, it became immediately obvious that few US lawmakers had any appetite to regulate the pervasive surveillance taking place on the internet. Right now, the only way we can force these companies to take our privacy more seriously is through the market.

Do Data Breaches Permanently Affect Business Reputations?

Breach Preparedness , Breach Response , Data Breach Hint: Ashley Madison, Equifax and Uber Are Thriving Massive data breaches make headlines, trigger stock price slips and often lead to executives getting fired. Some companies, however, not only recover from breaches, but end up thriving after the dust settles, says Eric Pinkerton, regional director for Sydney-based information security consultancy Hivint.

How Facebook protects data with physical security

Thorough cybersecurity takes more than tech: That’s the thinking at Facebook, where Chief Global Security Officer Nick Lovrien deploys physical security to protect data. Yes, canine units and human guards stereotypically keep people safe, but when properly integrated, physical security protects information as well.

The Cost Of A Data Breach Hits $1.23M | PYMNTS.com

New research from Kaspersky Lab shows that the average cost of experiencing a data breach globally is on the rise. The annual Kaspersky Lab Corporate IT Security Risks survey is a worldwide survey of IT business decision makers, which this year had a total of 6,614 respondents from 29 countries.

A New Reason to Not Buy These Cheap Android Devices: Complimentary Malware

Researchers at Avast Threat Labs say that more than 100 different low-cost Android devices from manufacturers like ZTE, Archos, and myPhone come with malware pre-installed. Users in more than 90 countries, including the US, are said to be infected. The good news is there’s a fix.

90 percent of financial institutions targeted by ransomware in the last year

Robbing a bank used to involve a mask, a gun and a fast car, but these days it’s more likely to be done via the safer and no less lucrative means of a cyberattack. A new report from cloud sec…

The Modern Day Hacker – A Cautionary Tale – Security Boulevard

J0hn_D0ugh$ – So there I was once again enjoying my victory. I wasn’t technically done yet, however all of the hard stuff had already been done. I’m not a hacker just for the money. I’ve made enough of that already. Such is the life for a modern day hacker.

OCR proposes to share HIPAA data breach settlements with victims – Data Protection Report

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) plans to issue an advance notice of proposed rulemaking this November on potentially sharing HIPAA breach settlements with victims. The notice would solicit public opinion on creating a process for sharing a percentage of any penalty or settlement with those harmed …

How can Office 365 phishing threats be addressed? – Help Net Security

With the rapid expansion of Office 365, more and more threats can emerge within its infrastructure, particularly via email. This is due in part to the size and ease of compromising Office 365 accounts and comes to the detriment of the same broad audience among which Office 365 has seen such massive adoption.

Businesses: Watch out for Phishing, SMShing and Vishing

Add to favorites Companies face an increasing risk of social engineering-based threats to their security and data, Christoper Hadnagy, “Chief Human Hacker” of social-engineer.com, emphasised in his keynote speech on day two of UC Expo 2018, warning that it is often cheaper and more effective than technical hacks for criminals.

Health Data Breach Tally: The Latest Additions

Cybercrime , Data Breach , Fraud Management, Cybercrime Largest Incident: Break-In at California State Agency That Affected 582,000 The number of health data breach victims added to the official federal tally so far in 2018 has doubled in recent weeks to more than 2 million.

FBI begins investigation of ransomware attack at Roseburg Public Schools

ROSEBURG, Ore. — The superintendent of Roseburg Public Schools has issued an update regarding the recent ransomware attack on the district’s computers. Superintendent Gerry Washburn says the district continues to recover from the attack and is making progress on restoring the systems. The FBI has begun an investigation into the attack, Washburn said in his statement.

Rail Europe had a three-month long credit card breach

If you booked train tickets for a European getaway in the past few months, you might want to check your bank statements. Rail Europe, a site used by Americans to buy train tickets in Europe, has revealed a three-month data breach of credit cards and debit cards.

Another Facebook privacy scandal – three million users’ data exposed by quiz

A new Facebook data leak has been revealed where some three million people have had their personal information and answers to a personality quiz left relatively unsecured on a third-party website, despite supposed protections in place to restrict access to the data to approved research partners only.

Lawyers preparing for mandatory data-breach reporting | Law Times

Lawyers say they are ramping up in anticipation of the rollout of new mandatory data-breach reporting rules going into effect in Canada. The focus initially was to prepare Canadian companies doing business in the European Union dealing with its residents’ data in order to be compliant with the new requirements under that continent’s General Data Protection Regulation coming into force May 25.

Reported Data Breaches Falling Fast; Cryptojacking and GDPR Likely ‘Culprits’ – Security Boulevard

The number of reported data breaches dipped in the first quarter of 2018, even as the total of records compromised in the quarter remaining high, at 1.4 billion. Researchers were intrigued by the numbers, but Bitdefender telemetry might hold some clues about the drop, while the looming General Data Protection Regulation (GDPR) is likely also responsible for the swoon.

Under Armour says 150 million MyFitnessPal accounts breached

Under Armour Inc said on Thursday that data from some 150 million MyFitnessPal diet and fitness app accounts was compromised in February, in one of the biggest hacks in history, sending shares of the athletic apparel maker down 3 percent in after-hours trade.

Facebook Admits It May Collect Data About Your Calls and Text Messages. Here’s How to Turn It Off

The social media company says users gave it permission to collect their data, but most people were unaware they were agreeing to have their cell phone history harvested.

How to protect your data from fake hotel WiFi scams

Hackers can create WiFi networks that appear to be operated by a hotel-but once you sign in, the cybercriminals can monitor your online activity and steal your personal information.

Police warn Netflix users of email scam

CLOSE PHOENIX – Netflix users, beware. The Grand Rapids (Mich.) Police Department is warning the streaming service’s millions of subscribers of an email phishing scam that’s trying to gather their personal information. According to the post, the suspicious emails tell Netflix customers that their account has been deactivated because the company “could not validate billing information.”

New phishing scam targets Netflix customers

If you receive an email from Netflix informing you that your credit card no longer works, be very careful how you respond. Mailguard, an Australian cyber-security firm, is warning that fraudsters are using “brandjacking” emails in hopes of capturing consumers’ credit card information.

New security feature reveals if Facebook mails are legit

New security feature reveals if Facebook mails are legit

Tampa Bay Rays part-owner Randy Frankel victimized in internet hacking scam based in Nigeria

A member of the Tampa Bay Rays ownership group was the victim of an internet hacking scheme originating in Nigeria that led to the theft of nearly $40,000 and the subsequent arrest of a couple in Texas, police said. Randy Frankel, one of 18 investors in the team, told St.

ELC Information Security