#data-breaches

#data-breaches

IBM acquired the Israeli firm founded in 2021 to grow its relevance in the nascent realm of data security posture management, or DSPM.In an effort to grow its hybrid cloud and artificial intelligence capabilities, IBM announced on Tuesday that it was acquiring Polar Security, an Israel-based company specializing in data security posture management.

Cloud-based DevOps has become a popular approach to software development in today's technology-driven world, enabling organizations to build and deploy software faster and more efficiently.However, this new approach also brings a range of security risks that must be considered.Having robust security measures in place is essential when using cloud computing services to facilitate software application development, testing, and deployment.

We are coming to the end of the year, Black Friday has been and gone and the shops are full of Christmas offers.And the scammers, of course, are having a field day sending emails offering enticing deals, often with pictures of the items on offer and links to online shops.Many of those emails will carry malicious content or the links will connect to websites delivering a malicious payload.

By: Arick Goomanovsky  on  
While ransomware has been the leading concern for enterprise security teams over the few past years, software vulnerabilities are nipping at its heels.The boom in cloud-based apps and services and increased digitization of work have been a boon for hackers, who are taking advantage of developers' and DevOps teams' attempts to work faster and smarter to keep up with demand.

1Password is announcing today that, one day soon, it will support the option to create and unlock 1Password accounts using biometric-based passkey technology, ditching the feature that is the name of its entire product."For passkeys to be the way forward, it's not enough for them to replace some of your passwords," said 1Password chief product officer Steve Won.

Password-driven security may not be the perfect solution, but the alternatives haven't gained much traction.This policy defines best practices that will make password protection as strong and manageable as possible.From the policy:
Employee passwords are the first line of defense in securing the organization from inappropriate or malicious access to data and services.

In today's ExchangeWire new's digest: Google may be forced to sell off part of its ad tech business; Apple threatens to remove Damus from the App Store over Bitcoin tipping; and a study finds that the majority of APAC consumers prefer dealing with companies who collect their data directly.Google may have to break up ad business
Google may have to sell part of its ad tech business after the EU Commission ruled that it had engaged in anti-competitive practices.

T-Mobile US today said someone abused an API to download the personal information of 37 million subscribers.A regulatory filing [PDF] disclosed one or more miscreants were able to access potentially the "name, billing address, email, phone number, date of birth, T-Mobile account number and information such as the number of lines on the account and plan features" of each affected customer.

Millions of Americans have had their personal information compromised this year in various data breaches.One VERIFY reader told us a family member's credit score dropped after they were notified that their information was compromised in a data breach.The reader wondered if there is a connection.If a company has a data breach and I'm on the list of possibly compromised customers, will my credit score drop just based on that?

Hackers have demanded $10m to stop releasing sensitive medical information on dark web.Australian authorities have blamed Russia-based hackers for a cyberattack that exposed the personal information of private health insurance customers, including details of abortions and treatments for addiction and HIV.

France's privacy watchdog doled out further penalties to US firm Clearview AI Wednesday for failing to pay a 20-million-euro fine imposed last year over data breaches.The company collects images of faces from the internet without seeking permission and sells access to a trove of billions of pictures to clients, including law enforcement agencies.

Are you looking for an exciting and challenging career that is in high demand?Look no further than cyber security.With the increasing frequency of cyber attacks and data breaches, companies and organizations are in desperate need of skilled cyber security professionals to protect their networks and data.

When Amazon released Alexa in 2014, the company had big dreams for the technology.The voice assistant, the company suggested, could succeed smartphones as the next essential consumer interface.Alexa, which was embedded in Amazon's voice-activated Echo smart speakers, soon became one of the most popular voice assistants, alongside Apple's Siri and Google's Assistant.

Critics say burgeoning technology is invasive, dangerous and undermines basic rights.As guests arrive at eastern Australia's Warilla Hotel, a small camera equipped with facial recognition software scans their faces as part of a scheme to tackle problem gambling.The tech  which uses artificial intelligence (AI) to identify addicts who have asked to be barred from betting sites  is set to be rolled out across gambling venues in the state of New South Wales next year.

Mirantis, cloud-native infrastructure expert, just announced the release of the latest version of their virtualized Infrastructure-as-a-Service offering, Mirantis OpenStack for Kubernetes (MOSK), with improved OpenStack security and enhanced user experience.OpenStack, the world's foremost open-source, private cloud IaaS framework, offers a feature-rich environment for hosting virtual machines, networks, and storage.

If you need to protect sensitive information and follow data privacy regulations, it's critical to obfuscate your log data, which means obscuring personally identifiable information (PII).But effectively concealing PII in logs might take time to implement, can increase compute resources, and might not work well with all types of logs.

According to CNCF's annual survey, 96% of organizations are using or evaluating Kubernetes, while 93% are using or planning to use containers in production already.Kubernetes is a robust platform that can orchestrate containers at scale.However, security is critical when using Kubernetes, and companies need strict guidelines and strategies to ensure system safety.

T-Mobile on Monday said it experienced a hack that exposed account PINs and other customer data in the company's second network intrusion this year and the ninth since 2018.The intrusion, which started on February 24 and lasted until March 30, affected 836 customers, according to a notification on the website of Maine Attorney General Aaron Frey.

Maxwell, the mortgage fintech backed by Wells Fargo and Fin Capital, has launched Maxwell Single-Sign On, an SSO (single sign-on) tool for lenders to enhance security and reduce the risk of data breaches, the company announced on Monday.The tool is designed to address the issue of sensitive data being handled by lenders and loan officers on a daily basis, including social security numbers, paystubs, and tax returns.

STR/NurPhoto via Getty Images
The FBI is dealing with another attack on its digital infrastructure, although the severity isn't yet clear.The law enforcement agency tells CNN it has "contained" a recent cybersecurity incident on its network.The bureau isn't commenting on the perpetrator, scope or damage, but says it's gathering "additional information."

Age verification systems are surveillance systems.Mandatory age verification, and with it, mandatory identity verification, is the wrong approach to protecting young people online.It would force websites to require visitors to prove their age by submitting information such as government-issued identification.

A ransomware attack compromised the data of current and former employees at Canada's biggest bookstore chain, Indigo Books & Music Inc. says.In a statement on its website, Indigo said the breach on Feb. 8 left no indication that personal customer information, such as credit card numbers, had been accessed, but that "some employee data was."

/
Last month, the company announced that threat actors had accessed "certain elements" of customer info.Just as many US workers are leaving for a holiday break, the company reveals that meant their encrypted passwords.LastPass has a doozy of an updated announcement about a recent data breach: the company - which promises to keep all your passwords in one, secure place - is now saying that hackers were able to "copy a backup of customer vault data," meaning they theoretically now have access to all those passwords if they can crack the stolen vaults ( via TechCrunch).

Data is becoming increasingly important for modern businesses.As it becomes more accessible, using data to drive business decisions is no longer a good case practice - it's a new norm.If you don't use data to inform your strategy, you'll be quickly outcompeted by others who do.The ever-increasing importance of data in driving product outcomes led to the birth of new data approaches.

One of the cries for Montefiore employees rallying against the hospital administrators in recent years is "profits over patients," the notion that recent decisions by management to cut programs and underpay and overwork its nurses and hospital staff are indicative of a corporation, and not a health care provider.

An Garda Siochana and the Fastway delivery firm are among the organisations that were reprimanded over data breaches, according to a watchdog's annual report.ardai reported a breach to the Data Protection Commission (DPC) involving the names and addresses of 108 individuals, some of whom were children, processed at Kilmainham Garda Station.

Breaching Whales
Hackers plundered the health records of millions of customers from Australian health insurance provider Medibank, then dumped them on the dark web after Medibank refused to pay the demanded ransom.The hack first came to light in October, when it was unclear how much the hackers demanded in ransom money or how much data had been compromised.

The Federal Trade Commission filed a complaint on Monday against education technology provider Chegg, which has experienced four data breaches since 2017 ( via The New York Times).In one 2018 incident, a former Chegg contractor gained access to one of its third-party cloud databases, exposing personal information such as names, email addresses, and passwords in addition to students' religion, sexual orientation, disabilities, and parents' income.

Leah Klafczynski/Akron Beacon Journal/Tribune News Service via Getty Images  You may trust Chegg with your textbooks or tutoring, but regulators aren't quite so confident.The Federal Trade Commission has filed a complaint accusing education tech provider Chegg of "careless" security practices that compromised personal data since 2017.

Ride-sharing giant Uber, which saw an ex-executive convicted in October for covering up one data loss years ago and got hit with another one in September, is now dealing with the fallout from more information being stolen, this time through one of its vendors.A cybercriminal calling themselves "UberLeaks" over the weekend leaked data on BreachForums, a site that popped up in April after another site, RaidForums, was shut down.

Wall to Wall
Apple is planning on broadening its end-to-end data encryption services, closing a privacy loophole that previously allowed law enforcement to access a wide-reaching swath of data, including photos and messages, stored in user iCloud accounts.But while proponents of the change are applauding the change as a win for user privacy, its detractors - which include a little organization known as the FBI - are none too thrilled.

Ireland's Data Protection Commission hit Meta with a €265 million fine (about $276 million USD) after an April 2021 data leak exposed the information of more than 533 million users.The DPC started the investigation shortly after news of the leak broke and involved an examination into whether Facebook complied with Europe's General Data Protection Regulation (GDPR) laws.

A TikTok user has sparked widespread debate after criticizing businesses that force remote workers to show up in person multiple times per week.In a self-described rant, Deran Christian, who works with brands to create user-generated content, argues that being required to regularly work from his employer's office provides no actual benefit.

In today's ExchangeWire news digest: a meme tweeted by Elon Musk sees Dogecoin's value soar by USD$2bn (~£1.7bn);Chinese retail giant Shein is set to open a physical shop in Japan; and the FTC orders edtech giant Chegg to inform users of data breaches.Musk tweet takes Dogecoin to six-month high
One of the world's largest cryptocurrencies, Dogecoin, skyrocketed in value on Tuesday (1st  November) after a tweet from Elon Musk .

Ransomware changes rapidly.At a technical level, attack infrastructure can change by the minute, operationally changing attack techniques while strategically targeting certain sectors, industries or regions at appropriate times.Access brokers work across multiple groups, operators switch botnets, and malware developers continuously refine their techniques.