Experian just fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address, KrebsOnSecurity has learned. Experian says it has plugged the data leak, but the researcher who reported the finding says he fears the same weakness may be present at countless other lending websites that work with the credit bureau.
Help us recognize the unsung heroes of the security industry by nominating a security leader to be named one of Security magazine's 2021 Most Influential People in Security! We are looking to highlight enterprise security executives, who through their own organizations and externally, have made significant and influential contributions to the enterprise security profession, continue to push security forward both inside their own organizations and in the industry as a whole.
Data breach and privacy incidents occur daily at organizations of all sizes. Just recently, hackers broke into a water treatment facility in Florida, gaining access to an internal ICS platform, and changed chemical levels; Syracuse University revealed that names and Social Security Numbers of about 9,800 students were exposed; 500 million LinkedIn accounts were leaked, and so on. It happens all too frequently. And while it is obvious that breaches continue impacting hundreds of thousands of lives, yet legal and compliance teams are not always brought in to manage each breach. With increased focus from regulators and law enforcement agencies to ensure organizations fulfill their obligations for post-breach notifications, legal teams can help quickly coordinate internal processes, and take swift action to begin the process of remediating damage and initiate immediate legal steps to protect the enterprise, and comply fully with all regulatory obligations. Here, we talk to AJ Samuel, co-Founder and Chief Product Officer at Exterro, about the many benefits of retaining legal counsel, who can better protect the integrity and confidentiality of the incident response.
Comparitech researchers set up honeypots on the web to lure in attackers and record their actions. They recorded 73,000 attacks in 24 hours. The honeypots were left unsecured so that no authentication was required to access and attack it. Using this method, Comparitech researchers sought to find out which types of attacks would occur, at what frequency, and where they come from.
While COVID-19 paused many activities in 2020, cybercriminals continued to keep busy evolving their arsenal of weapons for more lucrative cyberattacks. While companies adopted remote work models and third parties experienced heightened disruption, cyber risk skyrocketed with increased ransomware, credential stuffing, malware, and Virtual Private Network (VPN) exploitation. As a result, the number of data breaches in the U.S. reached 1001 cases last year, with over 155.8 million individuals affected. Now following the SolarWinds hack, President Biden is set to sign off on an executive action to address gaps in national cybersecurity. The move is causing many CSOs to look for ways to evolve beyond the reactive model to an “always-on” approach -- one that proactively mitigates potential threats and risks before they disrupt business.
An individual is selling the data of 500 million LinkedIn profiles on a popular cybercriminal forum, according to news reports. The leaked files contain information about the LinkedIn users whose data has been allegedly scraped by the threat actor, including their full names, email addresses, phone numbers, workplace information, and more, according to CyberNews.
Meet Jeremy Leasher, Security Solutions Architect at Axellio. Leasher believes the IT security industry is undergoing a serious skills crisis, threatening to undermine the security of commercial and government organizations. Here, we talk to Leasher about the best approach to solving this skills crisis.
Researchers at Rapid7 evaluated five areas of cybersecurity that are both critical to secure to continue doing business on and across the internet, and are squarely in the power of CISOs, their IT security staffs, and their internal business partners to address, in their new round of Internet Cyber-Exposure Reports (ICERs). These five facets of internet-facing cyber-exposure and risk include:
A new CISCO Talos Intelligence report explores how cybercriminals are increasingly abusing the communications platforms that many organizations use to facilitate employee communications. According to the report, communication platforms have allowed attackers to circumvent perimeter security controls and maximize infection capabilities. Over the past year, adversaries are increasingly relying on these platforms as part of the infection process.
The Pentagon’s Cyber Crime Center and bug bounty vendor HackerOne have launched the Defense Industrial Base Vulnerability Disclosure Program (DIB-VDP), an effort to share vulnerability data and boost digital hygiene within the defense industrial base. According to HackerOne, any information submitted to the DIB-VDP under this program will be used for defensive purposes – to mitigate or remediate vulnerabilities in DoD contractor information systems, networks, or applications.
The personal data and phone numbers of hundreds of millions of Facebook users were posted for free in a hacking forum over the weekend. The data includes personal information of 533 million Facebook users from 106 countries, including more than 32 million records on users in the U.S. 11 million on users in the U.K., and 6 million on users in India.
Those of us on the cyber threat frontlines at Keyavi Data view the entire FireEye-SolarWinds catastrophe through a very different lens. It’s a mile-high view that proves our entire thesis: why data must be smart and able to protect itself from cybercriminals – no matter where it goes, where it’s stored or who has it.
Take a look at CISO of DoorDash Justin Grudzien’s career in data privacy and security from building security teams from the ground up at Orbitz to solidifying best practices at DoorDash. Security talks to Grudzien about how he views security roles within the enterprise, how to avoid burnout, and how other security leaders can earn a seat at the C-Suite table.
Kroll has announced that the firm has promoted 18 colleagues to the managing director level in the United States, with a total of 31 practitioners promoted globally.
The Cloud Security Alliance (CSA) new survey, “State of Cloud Security Concerns, Challenges, and Incidents, finds that 58% of respondents are concerned about security in the cloud, while misconfigurations are one of the leading causes of breaches and outages, as public cloud adoption doubles over past two years.
Cybrary, and MITRE Engenuity announced a partnership to offer MITRE ATT&CK Defender (MAD), a new online training and certification solution designed to enable defenders to gain the advantage over cyber adversaries.
