28 Jun 2019

MedicareSupplement.com Left 5m Records Exposed

Insurance marketing website MedicareSupplement.com has exposed personal data that 5 million customers had submitted to the website in order to obtain insurance quotes. A security researcher found the data on an unprotected MongoDB server. The researcher warns that leaky servers not only put affected users at risk of identify fraud

Read More
28 Jun 2019

Leaky Amazon S3 Buckets Expose Data of Netflix, TD Bank

UpGuard researchers recently discovered three unprotected cloud storage buckets that exposed over a terabyte of data from Netflix, TD Bank, Ford and various other Fortune 100 companies that do business with data management firm Attunity. The exposed data included confidential business documents, system passwords, and sensitive employee information such as

Read More
27 Jun 2019

A third of companies would rather pay a hacker’s ransom, research reveals

New research by NTT Security shows that one-third (33%) of organizations would contemplate paying ransom if they were targeted in a ransomware attack, since they think paying up would be cheaper than investing in cybersecurity. Moreover, 36% would choose paying ransom over risking a fine for non-compliance under the EU’s

Read More
26 Jun 2019

Senate Report Shows Decade-Long Failure of Gov Agencies to Protect Personal Data

The US Senate’s Committee on Homeland Security and Governmental Affairs has released a damning report[pdf] exposing structural shortcomings in the cybersecurity and data protection practices of various government agencies over the last decade. The investigation covered eight agencies, namely the Department of Homeland Security (DHS), the Department of State, the

Read More
24 Jun 2019

WeTransfer Security Incident Sent Files to the Wrong People

A security incident at the highly popular WeTransfer file sharing service has violated the privacy of an unknown number of users whose files were sent to the wrong people. The incident occurred on June 16th and 17th. WeTransfer is informing impacted users, and claims that it does not yet know

Read More
20 Jun 2019

CISOs Struggling With 50+ Separate Security Tools

A new study by Panaseer found that 87% of enterprise CISOs are having a hard time keeping track of sensitive data, with 31% of respondents worrying that this complicates their firm’s compliance efforts. A common problem seems to be reliance on a great number of different security tools. The average

Read More
19 Jun 2019

Cyber Weaknesses That Led to Breaches at NASA’s JPL Persist, Says IG

A new report[pdf] by the NASA inspector general exposes major shortcomings in the cybersecurity posture of the NASA Jet Propulsion Laboratory, as a result of which the research center “has experienced several notable cybersecurity incidents that have compromised major segments of its IT network,” over the past decade. Glaring security weaknesses

Read More
19 Jun 2019

Only Quarter of IaaS Users Can Audit Config Settings

A new McAfee report shows that moving to the cloud often has security benefits for organizations, but there are some major drawbacks as well. According to the survey, 87% of organizations “experience business acceleration” due to their adoption of cloud services and a majority (52%) also saw their security improve

Read More
18 Jun 2019

Release of GandCrab 5.2 Decryptor Ends a Bad Ransomware Story

Bitdefender has released an updated version of a tool that can decrypt files encrypted by GandCrab ransomware. The free decryptor is the result of a collaborative effort by Bitdefender, the FBI and law enforcement agencies from various European countries. GandCrab was first released in January of last year and quickly

Read More
13 Jun 2019

84% of US employees have never heard of GDPR

A new report by ObserveIT’s highlights the poor state of employee awareness of data protection regulations in the US. While 59% of survey respondents from the US and the UK deal with sensitive data on a daily basis, a majority of US employees (53%) said they were not familiar with

Read More