One data breach can lead to another. Because so much of the data stolen in breaches ends up for sale on the dark web, a threat actor can purchase authentication credentials — the emails and passwords — of the organization’s employees without having to steal them directly. With that information in hand, threat actors have an open door into
Unsecured Server Exposed Records Containing Sensitive Personal Data and Case Notes From Cook County CourtOn September 26, 2020, researchers discovered an unsecured Elasticsearch server exposing more than 323,277 Cook County court related records containing highly sensitive personal data. Cook County, Illinois, is the second most populous county in the U
The computer chipmaker Intel Corp. on Friday blamed an internal error for a data leak that prompted it to release a quarterly earnings report early. It said its corporate network was not compromised.The company’s chief financial officer, George Davis, had earlier told The Financial Times that Intel published its earnings ahead of the stock market’s close on
An Iran-based software company is likely behind a recently identified crypto-jacking campaign targeting SQL servers, according to a report by British anti-malware vendor Sophos.The attacks result in the MrbMiner crypto-miner being installed onto the target servers, with the software apparently created, controlled, and hosted by a named Iranian company.The So
U.S. chip-making giant Intel Corp. has acknowledged a website hack and premature data disclosure forced the early release of its earnings report for the fourth quarter of 2020.The Santa Clara, Calif.-based company had planned on making the earnings announcement after markets closed on Thursday, but discovered the website breach and the external disclosure of
Cybercriminals behind a successful phishing campaign have exposed more than 1,000 corporate employee credentials on the Internet, according to a warning from security vendor Check Point.The corporate account credentials were stolen as part of a phishing campaign that kicked off in August 2020, targeting thousands of organizations worldwide.As part of the cam
‘Business’ is a verb that practically means the movement of data. If you aren’t sharing data – keeping the books, sharing ideas and stats about sales, getting the correct information regarding the customer or data to the customer – then you aren’t doing much business. But organizations need to protect their data along the way.Infosec has so many ways of prot
Remember the good ol’ days of playing hide-and-seek? It’s hard to forget the rush of finding the perfect hiding place. I remember crouching into a tiny ball behind the clothes hanging in my mother’s closet, or standing frozen like a statue behind the curtain of our living room window. While it was “just a game” when we were kid
Backup-as-a-service (BaaS) provider Rewind on Tuesday announced it has raised $15 million in Series A funding.Founded in 2015, the Ottawa, Canada-based company helps customers secure business-critical software-as-a-service (SaaS) application and cloud data, and claims more than 80,000 organizations in over 100 countries rely on its solutions.Rewind says it p
How Small Businesses Can Avoid Cyberattacks in 2021 January 19th, 2021 No Comments antivirus, Data Privacy, Data Protection, Mobile Security, PC security Across 2020 – and, most likely, throughout 2021 – the priority of small business owners has bee
The Ryuk ransomware criminal enterprise is estimated to be worth more than $150,000,000, security researchers say.Initially detailed in 2018 and believed to be operated by Russian cybercriminals, Ryuk has become one of the most prevalent malware families, being used in various high-profile attacks, such as the targeting of Pennsylvania-based UHS and Alabama
The Federal Bureau of Investigation has issued a Private Industry Notification (PIN) to warn of attacks targeting enterprises, in which threat actors attempt to obtain employee credentials through vishing or chat rooms.Taking advantage of the COVID-19 pandemic, which has forced the broad adoption of telework, cyber-criminals and threat actors are attempting
WhatsApp on Friday postponed a data-sharing change as users concerned about privacy fled the Facebook-owned messaging service and flocked to rivals Telegram and Signal.The smartphone app, a huge hit across the world, canceled its February 8 deadline for accepting an update to its terms concerning sharing data with Facebook, saying it would use the pause to c
Canadian data security startup Qohash this week announced it raised CAD 8 million (approximately USD $6.3 million) in Series A funding. The financing was led by FINTOP Capital.Founded in 2018, the Quebec-based company provides customers with solutions focused on data discovery and classification, helping enterprises monitor data across their environments. Fu
The National Security Agency (NSA) on Wednesday published guidance for businesses on the adoption of an encrypted domain name system (DNS) protocol, specifically DNS over HTTPS.Designed to translate the domain names included in URLs into IP addresses, for an easier navigation of the Internet, DNS has become a popular attack vector, mainly because requests an