The seven most colossal data breaches of 2017

This year saw a handful of spectacularly bad security fails that resulted in massive sets of compromised data. Here are the most colossal data breaches of 2017. Categories: Cybercrime Hacking Tags: data breachesdata breaches of 2017EdmodoEquifaxUberVerizon (Read more...) The post The seven most colossal data breaches of 2017 appeared first on Malwarebytes Labs.
Read more

Privacy Laws: Who Owns Personal Data?

Who owns your data, and what privacy laws govern it? Well, that depends on where you live. If you own it, you should have control over it. If you don’t own it, how secure is it? Recent data breaches that affected the majority of Americans have began a national dialogue around the security of personal data. In fact, the high profile Equifax breach and others like it have prompted the... Read more The post Privacy Laws: Who Owns Personal Data? appeared first on VASCO Data Security - Blog.
Read more

Cyber Security Roundup for November 2017

One of the most notable data breaches disclosed this month was by Uber, given the company attempted to cover up the breach by paying off hackers. Over a year ago the transport tech firm was said to have paid £75,000 to two hackers to delete 57 million Uber account records which they had stolen. Uber revealed around 2.7 million of the stolen records were British riders and drivers. As a UK Uber rider, this could mean me, I haven't received any notification of the data breach from Uber as yet. The stolen information included names, email addresses, and phone numbers. Uber can expect enforcement action from regulators on both sides of the pond, the UK Information Commissioner's Office (ICO) said it had "huge concerns" about the breach and was investigating.Jewson, Cash Converters, and Imgur all reported losing data due to hacks this month, while Equifax has reported suffering significant negative financial losses following their high profile hack of personal customer data. Equifax reported their net income had dropped by £20 million due to the hack, and their breach bill was coming in at a whopping £67 million.November was a...
Read more

Please don’t buy this: identity theft protection services

Identity theft protection services promise to have your back against cybercriminals looking to steal your data. But they don't actually stop them from taking your identity. Are they worth it, then? We say no. Categories: Cybercrime Privacy Tags: credit cardcredit monitoringEquifaxExperianfraudidentity theftIdentityForceIdentityWorksLifelockplease don't buy this (Read more...) The post Please don’t buy this: identity theft protection services appeared first on Malwarebytes Labs.
Read more

Exploring the Vulnerability That Affected Equifax Using ShiftLeft Technology

In this blog I discuss using ShiftLeft technology to discover vulnerabilities in Java application code. In so doing I build on two prior blog posts from my colleagues: Fabian Yamaguchi’s introduction to the backbone technology of ShiftLeft, our code-property-graph (CPG); and Vlad Ionescu’s discussion of how a simple coding mistake can lead to major problems. Prophetically, the vulnerability Vlad blogged about was later revealed to have been the culprit behind the now infamous Equifax breach.The question I want to answer in this blog post is this: How can we discover this vulnerability using ShiftLeft technology?Background on the VulnerabilityFirst, let me clarify something about the Apache Struts vulnerability CVE-2017–5638. Although Apache assigned two bulletins to this CVE (S2–045 and S2–046), each maps to the same sink:parser.evaluate(openChars, expression, ognlEval, maxLoopCount)The difference is the injection vector, which we call the source. Equifax only committed to the CVE, not to a specific source. To keep it simple I focus on the S2–045 source for this example.What makes this vulnerability intriguing, not to mention dangerous, is that it stems from improper error handling that causes an exception to be thrown. The issue is that the HTTP-header parameter Content-Type is not properly handled...
Read more

Survey Reveals Fraud Schemes Too Sophisticated and Evolve Too Quickly to Stop

Analysts wonder whether recent hacks like that of Equifax might serve as the tipping point for banks to rollout new anti-fraud measures, while in tandem, more than half of financial institutions surveyed lack confidence in their current ability to detect and prevent fraud. At least that’s what the 2017 Face of Fraud Survey, conducted by ISMG, experts in risk management research and data security analytics, and commissioned by VASCO recently... Read more The post Survey Reveals Fraud Schemes Too Sophisticated and Evolve Too Quickly to Stop appeared first on VASCO Data Security - Blog.
Read more

Equifax’s Servers Reportedly Had Glaring Holes Long Before Data Breach

Equifax reportedly took six months to take down a publicly exposed web application that could have allowed anyone on the internet to search and download sensitive personal consumer data. VICE Motherboard reported Thursday that an unnamed security researcher alerted Equifax about the exposed application in December 2016, but the company didn’t take steps to secure..
Read more

A week in security (October 9 – October 15)

A compilation of notable security news and blog posts from Monday, October 9 to Sunday, October 15. We presented our quarterly report, won security awards, and lots more. Categories: Security world Week in security Tags: a week in securityandroid ransomwarebotnetcryptominersddosEquifaxhack backsphishingTransunion (Read more...) The post A week in security (October 9 – October 15) appeared first on Malwarebytes Labs.
Read more
Page 1 of 612345...Last »