30 Jan 2019

57% of IT workers who get phished don’t change their password behaviors

New research by Yubico and the Ponemon Institute sheds light on the somewhat surprising security practices and concerns of IT personnel in the US, France, Germany and the UK. The most disturbing finding of the study is that 57% of respondents that had been at the receiving end of a

Read More
25 Jan 2019

GDPR Compliance Brings Other Benefits: Cisco Study

The findings of Cisco’s 2019 Data Privacy Benchmark Study(PDF) imply that GDPR compliance has major security and other benefits for companies. Only a small majority (59%) of organizations in the study indicated that they were compliant, while 29% were set to achieve compliance within a year. Compliant organizations were less

Read More
25 Jan 2019

Massive mortgage and loan data leak gets worse as original documents also exposed

Earlier this week, a security researcher found an unprotected Elasticsearch server that exposed financial data relating to tens of thousands of current and former loan- and mortgage holders in the US. The database contained converted versions of text documents mentioning names, birth dates, address details, social security numbers and other

Read More
22 Jan 2019

108M online casino customer records exposed in latest case of misconfigured database

The phantom of misconfigured databases has struck again. This time a leaky Elasticsearch server exposed information relating to 108M bets placed by customers of various casino websites including kahunacasino.com, azur-casino.com, easybet.com and viproomcasino.net. Among the leaked info were names and usernames, birth dates, address details, phone numbers, email addresses, IP addresses and

Read More
17 Jan 2019

An Astonishing 773 Million Records Exposed in Monster Breach

A data set containing a whopping 772,904,991 email addresses and more than 21 million passwords has been found on a hacker forum by a security researcher. The data set, dubbed Collection #1, was first reported by Troy Hunt, the researcher behind Have I Been Pwned, a website where people can check

Read More
17 Jan 2019

Hackers breach and steal data from South Korea’s Defense Ministry

South Korea’s Defense Acquisition Program Administration (DAPA), which is the country’s national defense agency in charge of managing arms procurement for the military, has experienced a cyberattack. The attack took place in October of last year, and resulted in the compromise of 30 DAPA computers by unidentified hackers, who managed

Read More
10 Jan 2019

Magecart Mayhem Continues in OXO Breach

American home goods manufacturer OXO International has suffered a data breach involving multiple windows of compromise between June 2017 and October 2018. The breach was most likely the result of a Magecart attack. Magecart refers to various cybercriminal groups known for attacking e-commerce sites and installing digital credit card skimmers onto compromised checkout

Read More
09 Jan 2019

Disgruntled Man Behind German Cyber-Attack

According to investigators at the German Federal Criminal Police Office (BKA), a 20-year-old man has admitted that he was behind the recent data breach involving the publication of personal data of hundreds of German politicians and public figures. The BKA stated that they had interrogated the suspect, who then admitted “that

Read More
08 Jan 2019

Ransomware Corrupts 24,000 Patient Records of California Specialist

Three recent notifications of major cyber incidents in the healthcare sector, highlight the massive cybersecurity issues affecting the industry: The Podiatric Offices of Bobby Yee experienced a ransomware attack in which the medical records of up to 24,000 patients were corrupted and perhaps altered as well. Bankers Life, an associate

Read More
26 Dec 2018

San Diego School District Data Breach Hits 500k Students, Leaks Social Security Numbers, Payroll Information

Hackers accessed 500,000 social security numbers and addresses for over 500,000 students and staff in the San Diego Unified School District. Originating in a phishing attack in which the log-in credentials of around 50 staff members were compromised, hackers used the information to mine social security numbers, names, dates of

Read More