Information Security Awareness News From Around The Web

UK businesses think GDPR will make them more competitive

With the deadline for GDPR fast approaching, new research has revealed that 75 per cent of UK IT decision makers and CIOS believe the upcoming regulation could improve the competitiveness of their business.

Inside an Apple phishing attack

Today on Salted Hash, we’re going to look at a phishing attack from two sides. The first side will be what the victim sees. After that, we’re going to see what the criminal sees. We’ll also discuss some steps administrators can take to uncover these attacks in their own environments.

Lawyer Suing Facebook: ‘This Could Be the Largest Data Breach’ Ever | National Law Journal

Lean Adviser Legal Think Lean Daily Message “The Lean Law Program seeks to make the existing talent pool more efficient and effective. That doesn’t mean working more hours while operating the same way as before. What it means is this: Don’t lean on your lawyers, make them lean.

Healthcare Data Security Programs Get Short Shrift in IT Budgets

Source: Thinkstock – Healthcare data security programs continue to be underfunded and understaffed, a Black Book Market Research cybersecurity survey of close to 2,500 healthcare security professionals found. Almost all of the respondents agreed that cyberattackers are outpacing healthcare organizations in funding and technology, leaving providers far behind in the race to protect patient data.

Nuance Communications Breach Affected 45,000 Patients

Breach Notification , Data Breach , Data Loss Former Employee Allegedly Accessed Personal Data From Several Nuance Clients Nuance Communications, which specializes in speech recognition software, says an unauthorized third party accessed one of its medical transcription platforms, exposing 45,000 individuals’ records. See Also: Why is the CISO Role the Most Difficult Job in the World?

Uhh, Google Assistant Impersonating a Human on the Phone Is Scary as Hell to Me

Google could soon have a feature that lets your phone impersonate people-because consumer-facing artificial intelligence isn’t terrifying enough. Called Duplex, it’s intended to make people’s lives easier by handling standard phone calls that are necessary, but not especially personal.

Equifax denied passport numbers were involved in its data breach in February. Now it’s admitting they were.

In a reversal of its previous denials, Equifax last week admitted that passports were involved in the data breach that exposed the data of millions of its customers. The credit reporting agency last September revealed thata data breach had left the personal information of about half of the American population exposed.

Twitter Support on Twitter

We recently found a bug that stored passwords unmasked in an internal log. We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password. https://t.co/RyEDvQOTaZ

Krebs on Security

Take care when typing a domain name into a browser address bar, because it’s far too easy to fat-finger a key and wind up somewhere you don’t want to go.

Ransomware attack hits city of Atlanta

Ransomware is a malicious software that prevents or limits users from accessing their system by locking them out until a ransom is paid. NBC affiliate WXIA reported that the city received a ransom demand in bitcoin for $6,800 per unit or $51,000 to unlock the entire system.

Equifax found additional breach victim | Engadget Today

An additional 2.4 million people were found to be impacted. Subscribe to Engadget on YouTube: http://engt.co/subscribe Get More Engadget: * Like us on Facebook: http://www.facebook.com/engadget * Follow us on Twitter: http://www.twitter.com/engadget * Follow us on Instagram: http://www.instagram.com/engadget * Add us on Snapchat: https://www.snapchat.com/add/engadgetHQ * Read more: http://www.engadget.com Engadget is the definitive guide to this connected life.

50 Cent realizes he’s a Bitcoin millionaire thanks to sales of a 2014 album

Call him the ultimate hodler. After being one of the first musicians to accept Bitcoin all the way back in 2014, Rapper 50 Cent (a.k.a. Curtis Jackson) appears to have accumulated a small fortune in the volatile digital currency.

5 warning signs your email has been hacked

Do you think you’d be able to tell the difference between a real email and a fake from hackers trying to access your personal information? TODAY national investigative correspondent Jeff Rossen goes out on the street to reveal the top five red flags that could be in your inbox right now, like misspellings and grammatical errors.

US short of options to punish NKorea for serious cyberattack

WASHINGTON (AP) – The Trump administration vowed Tuesday that North Korea would be held accountable for a May cyberattack that affected 150 countries, but it didn’t say how, highlighting the difficulty of punishing a pariah nation already sanctioned to the hilt for its nuclear weapons program.

Will Equifax Ever Be Held Accountable For Its ‘Rookie Mistakes’?

For a few bracing weeks this fall, consumers harmed by Equifax, Wells Fargo or another financial institution had the right to their day in court. But in late October, Senate Republicans voted to overturn the newly minted rule by the Consumer Financial Protection Bureau, which gave consumers the right to join class-action lawsuits against banks, credit bureaus and lenders.

Chrome is killing its ‘Secure’ URL label in September

The Chrome browser’s upcoming versions will focus on highlighting its negative security indicators, even going as far as sunsetting its positive ones. Chrome Security Product Manager Emily Schechter has announced that Chrome 69, which will be available in September, will stop marking HTTPS sites as “Secure” on the address bar.

California High Schooler Changes Grades After Phishing Teachers, Gets 14 Felonies for His Efforts

Police in Concord, California arrested a teenager earlier this week and charged him with 14 felony counts after discovering the high schooler launched a phishing campaign directed at teachers in order to steal their passwords and change grades.

Kaspersky Lab plays Swiss gambit in attempt to assuage Russian spying fears

Kaspersky Lab has announced that it is moving some of its core infrastructure from Russia to Switzerland. The relocation is part of the company’s latest attempt to allay fears that the Kaspersky anti-virus company can be coerced by the Kremlin to spy on customers – fuelled by recommendations from the US , UK , and now Dutch governments that the software not be used.

The comprehensive IT security guide for CIOs from Information Age

In the face of increasing cyber attacks and more complex, stringent data privacy laws, IT security has become an increasingly important discussion for the boardrooms of organisations across industries. The IT security responsibility should lie with the CIO, but the culture of security should be adopted by a whole organisation.

Yahoo, now named Altaba, is fined $35 million over giant data breach

The Securities and Exchange Commission announced the action Tuesday against the company, which is now called Altaba Inc. after its email and other digital services were sold to Verizon Communications Inc. for $4.48 billion last year. The Sunnyvale, Calif., company, which no longer is publicly traded, neither admitted nor denied the allegations but did agree to refrain from further violations of securities laws.

Why cyberinsurance can help businesses survive after an attack or data breach

Jenny Soubra, US head of cyber atAllianz Global Corporate & Specialty, spoke with TechRepublic’s Dan Patterson about the growth of the cyber-insurance industry, and how businesses can determine the right options for their own cybersecurity. Here’s part of their conversation: Patterson: I wonder if we could start by defining the scope, the scale of not just the cybersecurity challenge, but the cybersecurity insurance industry.

Malware attack at Chili’s compromised some customers’ credit and debit card information

Chili’s is the latest restaurant chain to be impacted by a data breach. The casual dining chain’s parent company, Brinker International, announced Saturday that customer credit and debit card information had been compromised at some Chili’s locations between March and April. However, the company is still assessing the scope of the incident.

GDPR Compliance Countdown: The Final Checklist | Information Security Buzz

Having caused IT teams – and indeed businesses – turmoil throughout the past number of months, the dreaded General Data Protection Regulation (GDPR) enforcement deadline is now just a matter of weeks away from implementation. 25th May marks the day that European industries will see if their exhaustive preparations will finally come to fruition, and find …

Krebs on Security

Panerabread.com, the Web site for the American chain of bakery-cafe fast casual restaurants by the same name, leaked millions of customer records – including names, email and physical addresses, birthdays and the last four digits of the customer’s credit card number – for at least eight months before it was yanked offline earlier today, KrebsOnSecurity has learned.

Here’s what Facebook, Netflix, Candy Crush and other apps know about you

Facebook, Netflix, Candy Crush and other apps on your phone may have a lot more information about you than you think, including your location and other private details. In lengthy privacy agreements that most users don’t read, many of these apps say they cannot guarantee the safety of this information.

Krebs on Security

Almost 20 percent of Americans froze their credit file with one or more of the big three credit bureaus in the wake of last year’s data breach at Equifax, costing consumers an estimated $1.4 billion, according to a new study. The findings come as lawmakers in Congress are debating legislation that would make credit freezes free in every state.

EU plans new tax for tech giants up to 5 percent of gross revenues

BRUSSELS (Reuters) – The European Commission wants to tax large digital companies’ revenues based on where their users are located rather than where they are headquartered at a common rate between 1 and 5 percent, a draft Commission document showed.

YouTube

null

Florida hack exposed files of up to 30,000 Medicaid patients

TALLAHASSEE, Fla. (AP) – Florida officials say hackers may have accessed the personal information and medical records of up to 30,000 Medicaid recipients two months ago. The state’s Agency for Health Care Administration said in a Friday evening news release that one of its employees “was the victim of a malicious phishing email” on Nov.

Krebs on Security

The U.S. Justice Department on Tuesday unsealed the guilty pleas of two men first identified in January 2017 by KrebsOnSecurity as the likely co-authors of Mirai, a malware strain that remotely enslaves so-called “Internet of Things” devices such as security cameras, routers, and digital video recorders for use in large scale attacks designed to knock Web sites and entire networks offline (including multiple major attacks against this site).

Understanding The Seven Types Of A Data Breach

Data is today’s commercial currency. So, it stands to reason that criminals today will use every means necessary to breach your security in order to access your data. In order for your organization to be protected from a data breach, you will need a comprehensive understanding of the types of data breaches or attack vectors available to cyber criminals.

This cryptocurrency phishing attack uses new trick to drains wallets | ZDNet

A criminal group keen to take advantage of the potentially lucrative opportunities offered by the boom in cryptocurrency has developed a sophisticated new scheme to hijack Ethereum wallets and steal the contents in a first-of-its-kind attack.

Krebs on Security

Much of the fraud involving counterfeit credit, ATM debit and retail gift cards relies on the ability of thieves to use cheap, widely available hardware to encode stolen data onto any card’s magnetic stripe. But new research suggests retailers and ATM operators could reliably detect counterfeit cards using a simple technology that flags cards which appear to have been altered by such tools.

Worcester Bosch admits data breach affecting ‘tens of thousands’

British boiler-maker Worcester Bosch has suffered a data breach that has inadvertently revealed the home addresses of “tens of thousands” of customers. A “systems issue” on Sunday morning caused multiple emails with addresses and names of customers to be sent out by accident.

Shoppers worry about data security with smart speakers – Bizwomen

Although they love it when she tells them jokes, lets them know Amazon packages have arrived, or reads to their kids, consumers apparently aren’t as confident about Alexa doing their shopping. According to Statista, data security is a major reason.

76% Of IT Security Breaches Are Motivated By Money First

Share to email Share to facebook Share to twitter Share to linkedin Share to google Opinions expressed by Forbes Contributors are their own. Tweet This These and many other fascinating insights are from the 11 th edition of Verizon’s 2018 Data Breach Investigations Report. The report is available for download here (PDF, 68 pp., no opt-in).

Facebook suspends ~200 suspicious apps out of “thousands” reviewed so far

Did you just notice a Facebook app has gone AWOL? After reviewing “thousands” of apps on its platform following a major data misuse scandal that blew up in March, Facebook has announced it’s suspended around 200 apps – pending what it describes as a “thorough investigation” into whether or not their developers misused Facebook user data.

Security Awareness Training and How it Impacts Reported Suspicious Emails – Security Boulevard

Security Awareness Training and How it Impacts Reported Suspicious Emails It should not be a surprise, but 95 percent of breaches come through phishing attacks. Nothing more than a simple lure email lands in one of your users inboxes, they click it, and everything unravels from there.

Data breach hits Lord & Taylor’s, Saks: 5 million credit, debit card records compromised

CLOSE Hackers have stolen the personal and financial information of customers who shop at Lord and Taylor and Saks Fifth Avenue in the latest of a string of data breaches in recent years. Records for more than five million credit and debit cards used at all the chains’ North American locations were compromised, according to Gemini Advisory, a cybersecurity firm.

San Diego city attorney sues Experian over massive data breach, saying consumers were never told

San Diego City Attorney Mara Elliott has filed a lawsuit against consumer credit giant Experian, contending the company suffered a massive data breach that affected 250,000 people in San Diego and millions more – but never told customers about it.

Cambridge Analytica controversy: Was there a Facebook data breach?

By now you’ve probably seen some of the hundreds of headlines about Cambridge Analytica, the shady data analytics firm which managed to get its paws on information about some 50 million Facebook users collected via a personality testing app. Some have suggested that the information could have helped influence Facebook users into voting for Donald Trump in the US presidential election.

Why printers add secret tracking dots

On 3 June, FBI agents arrived at the house of government contractor Reality Leigh Winner in Augusta, Georgia. They had spent the last two days investigating a top secret classified document that had allegedly been leaked to the pres s.

Burger King | Whopper Neutrality

The repeal of Net Neutrality is a hot topic in America, but it can be very difficult to understand. That’s why the BURGER KING® brand created WHOPPER® Neutrality, a social experiment that explains the effects of the repeal of Net Neutrality by putting it in terms anyone can understand: A WHOPPER® sandwich.

Here Are All The Available Fixes You Need For Those Huge Chip Hacks — UPDATED

A vast number of tech firms are warning about the Meltdown and Spectre vulnerabilities. Some are getting patches out, but consumers may have to wait for most problems to be fixed.

New PayPal Phishing Campaign Targeting Users | Information Security Buzz

It has been reported that con artists have been targeting PayPal users with fake payment confirmations, according to the Better Business Bureau. The emails contain links that allow the scammers to install malicious malware on users computers. BBB says the scams look like legitimate emails, and con artists use those emails to access banking and …

How can Office 365 phishing threats be addressed? – Help Net Security

With the rapid expansion of Office 365, more and more threats can emerge within its infrastructure, particularly via email. This is due in part to the size and ease of compromising Office 365 accounts and comes to the detriment of the same broad audience among which Office 365 has seen such massive adoption.

Businesses: Watch out for Phishing, SMShing and Vishing

Add to favorites Companies face an increasing risk of social engineering-based threats to their security and data, Christoper Hadnagy, “Chief Human Hacker” of social-engineer.com, emphasised in his keynote speech on day two of UC Expo 2018, warning that it is often cheaper and more effective than technical hacks for criminals.

Health Data Breach Tally: The Latest Additions

Cybercrime , Data Breach , Fraud Management, Cybercrime Largest Incident: Break-In at California State Agency That Affected 582,000 The number of health data breach victims added to the official federal tally so far in 2018 has doubled in recent weeks to more than 2 million.

FBI begins investigation of ransomware attack at Roseburg Public Schools

ROSEBURG, Ore. — The superintendent of Roseburg Public Schools has issued an update regarding the recent ransomware attack on the district’s computers. Superintendent Gerry Washburn says the district continues to recover from the attack and is making progress on restoring the systems. The FBI has begun an investigation into the attack, Washburn said in his statement.

Rail Europe had a three-month long credit card breach

If you booked train tickets for a European getaway in the past few months, you might want to check your bank statements. Rail Europe, a site used by Americans to buy train tickets in Europe, has revealed a three-month data breach of credit cards and debit cards.

Another Facebook privacy scandal – three million users’ data exposed by quiz

A new Facebook data leak has been revealed where some three million people have had their personal information and answers to a personality quiz left relatively unsecured on a third-party website, despite supposed protections in place to restrict access to the data to approved research partners only.

Lawyers preparing for mandatory data-breach reporting | Law Times

Lawyers say they are ramping up in anticipation of the rollout of new mandatory data-breach reporting rules going into effect in Canada. The focus initially was to prepare Canadian companies doing business in the European Union dealing with its residents’ data in order to be compliant with the new requirements under that continent’s General Data Protection Regulation coming into force May 25.

Reported Data Breaches Falling Fast; Cryptojacking and GDPR Likely ‘Culprits’ – Security Boulevard

The number of reported data breaches dipped in the first quarter of 2018, even as the total of records compromised in the quarter remaining high, at 1.4 billion. Researchers were intrigued by the numbers, but Bitdefender telemetry might hold some clues about the drop, while the looming General Data Protection Regulation (GDPR) is likely also responsible for the swoon.

Under Armour says 150 million MyFitnessPal accounts breached

Under Armour Inc said on Thursday that data from some 150 million MyFitnessPal diet and fitness app accounts was compromised in February, in one of the biggest hacks in history, sending shares of the athletic apparel maker down 3 percent in after-hours trade.

Facebook Admits It May Collect Data About Your Calls and Text Messages. Here’s How to Turn It Off

The social media company says users gave it permission to collect their data, but most people were unaware they were agreeing to have their cell phone history harvested.

How to protect your data from fake hotel WiFi scams

Hackers can create WiFi networks that appear to be operated by a hotel-but once you sign in, the cybercriminals can monitor your online activity and steal your personal information.

Police warn Netflix users of email scam

CLOSE PHOENIX – Netflix users, beware. The Grand Rapids (Mich.) Police Department is warning the streaming service’s millions of subscribers of an email phishing scam that’s trying to gather their personal information. According to the post, the suspicious emails tell Netflix customers that their account has been deactivated because the company “could not validate billing information.”

New phishing scam targets Netflix customers

If you receive an email from Netflix informing you that your credit card no longer works, be very careful how you respond. Mailguard, an Australian cyber-security firm, is warning that fraudsters are using “brandjacking” emails in hopes of capturing consumers’ credit card information.

New security feature reveals if Facebook mails are legit

New security feature reveals if Facebook mails are legit

Tampa Bay Rays part-owner Randy Frankel victimized in internet hacking scam based in Nigeria

A member of the Tampa Bay Rays ownership group was the victim of an internet hacking scheme originating in Nigeria that led to the theft of nearly $40,000 and the subsequent arrest of a couple in Texas, police said. Randy Frankel, one of 18 investors in the team, told St.

ELC Information Security