Authentication and Data collection - Cyber Security Informer

New Version of Meduza Stealer Released in Dark Web

Security Affairs

DECEMBER 29, 2023

Under Christmas tree you can find great gifts such as significant improvements of user interface (panel), modal windows on loading and expansion of data collection objects. The New Year’s Update Before the New Year 2024, the Meduza team decided to please customers with an update.

Password Management

Password Management Cryptocurrency Passwords Authentication

A week in security (July 31 - August 6)

Malwarebytes

AUGUST 6, 2023

Last week on Malwarebytes Labs: The end looms for Meta's behavioural advertising in Europe Microsoft Teams used in phishing campaign to bypass multi-factor authentication Film companies lose battle to unmask Reddit users FAQ: How does Malwarebytes ransomware rollback work?

Data collection

Data collection Ransomware Phishing Advertising

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs

OCTOBER 17, 2023

’ The CERT-UA also reported that the state-sponsored hackers used compromised VPN accounts that weren’t protected by multi-factor authentication. Authentication data collected by POEMGATE can be used for lateral movement and other malicious activities on the compromised networks. “Note (!)

Telecommunications

Telecommunications Authentication Data collection Passwords

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Top 7 CIAM tools

CSO Magazine

NOVEMBER 28, 2022

Customer identity and access management (CIAM), a subset of identity access management (IAM), is used to manage authentication and authorization of account creation and login process for public facing applications. Marketers want to collect data about customers and their devices.

CSO

CSO Data collection Marketing Accountability

Key Cybersecurity Compliance Deadlines You Can't Miss in 2024

SecureWorld News

JANUARY 16, 2024

arrives in phases, with the first set of mandatory requirements around multi-factor authentication, penetration testing, and password security taking effect on March 31st. March 31, 2024: First compliance phase for PCI DSS v4.0 Hold onto your credit cards! The highly-anticipated PCI DSS v4.0

Cybersecurity

Cybersecurity Data privacy Data collection Penetration Testing

Twitter Uses Phone Numbers, Emails to Sell Ads

Threatpost

OCTOBER 9, 2019

Data collected for two-factor authentication purposes “inadvertently” matched users to targeted-advertising lists, the company admits.

Data collection

Data collection Advertising Authentication Data breaches

Data Privacy Week 2023: Privacy Gains Power From Other Societal Forces

Security Boulevard

JANUARY 23, 2023

Privacy was a major topic of conversation in 2022 — beyond just keeping personal data out of the hands of cybercriminals. Privacy now ties into many adjacent areas, including Zero Trust security, antitrust concerns, usage of services provided by "Big Tech," and biometric authentication.

Data privacy

Data privacy Data collection Consumer Protection Authentication

The Future of Privacy: How Big Tech Is Changing the Way We Think About Our Data

Cytelligence

DECEMBER 8, 2023

It heightens our awareness of extensive data collection about us, revealing potential uses and instigating concerns about potential misuse. Privacy policies from these tech giants, while intricate, are crucial in understanding the data collected and its uses. The impact of Big Tech on privacy is multifaceted.

Data collection

Data collection Ransomware Advertising Risk

Navigating the Digital Landscape: Insights from the 2024 Thales Digital Trust Index

Thales Cloud Protection & Licensing

FEBRUARY 7, 2024

Consumer Expectations Privacy Rights and Seamless Online Experiences An overwhelming 87% of consumers expect privacy rights from online interactions, with the most significant expectations being the right to be informed about data collection (55%) and the right to data erasure (53%).

Media

Media Passwords Authentication Digital transformation

Collection #1 Mega Breach Leaks 773 Million Email Accounts

Adam Levin

JANUARY 18, 2019

“If this Collection #1 has you spooked, changing your password(s) certainly can’t hurt — unless of course you’re in the habit of re-using passwords. The bad news is that Collection #1 seems to be a subset of a significantly larger data collection being sold online containing nearly 1 terabyte of compromised and hacked passwords.

Accountability

Accountability Passwords Data breaches Data collection

Over 100,000 ChatGPT Accounts Compromised by Cybercriminals

SecureWorld News

JUNE 21, 2023

This includes data from browsers, such as saved credentials, browsing history, and cookies, as well as information from instant messengers and emails. Info stealers are also indiscriminate, infecting as many computers as possible to maximize the amount of data collected.

Accountability

Accountability Data collection Cyber threats Cybersecurity

NIST Report Highlights Rising Tide of Threats Facing AI Systems

SecureWorld News

JANUARY 17, 2024

These components include: Training data collection and preprocessing Model development environments Training procedures Model testing harnesses Live deployment architectures Monitoring and observability tools Threats manifest across this entire stack. It also summarizes known techniques to mitigate these multifaceted threats.

Artificial Intelligence

Artificial Intelligence Data collection Architecture Healthcare

Kaiser Permanente Discloses Data Breach Impacting 13.4 Million People

SecureWorld News

APRIL 29, 2024

Guccione continued: "While the data leaked in this breach did not include highly sensitive information like usernames, passwords, or financial details, users may feel violated knowing that information about interactions with their trusted healthcare provider was shared with advertisers without their knowledge or consent.

Data breaches

Data breaches Healthcare Identity Theft Advertising

MY TAKE: Why monetizing data lakes will require applying ‘attribute-based’ access rules to encryption

The Last Watchdog

JUNE 2, 2021

The amount of data in the world topped an astounding 59 zetabytes in 2020, much of it pooling in data lakes. We’ve barely scratched the surface of applying artificial intelligence and advanced data analytics to the raw data collecting in these gargantuan cloud-storage structures erected by Amazon, Microsoft and Google.

Encryption

Encryption Artificial Intelligence IoT Data collection

GUEST ESSAY: ‘World password day’ reminds us to embrace password security best practices

The Last Watchdog

MAY 26, 2021

Use multi-factor authentication. Multi-factor authentication (MFA) is the process of protecting your digital password with a physical form of identification. Multi-factor authentication can be conducted in a variety of ways—it might include a quick fingerprint scan, a phone call, a text message, or a code.

Passwords

Passwords Password Management Accountability Authentication

Hackers Could Cause ‘Fake Earthquakes’ by Exploiting Vulnerable Seismic Equipment, Researchers Warn

Hot for Security

FEBRUARY 16, 2021

Seismic monitoring devices linked to the internet are vulnerable to cyberattacks that could disrupt data collection and processing, according to Michael Samios of the National Observatory of Athens and his fellow colleagues who put together a new study published in Seismological Research Letters.

IoT

IoT InfoSec Data collection Encryption

COVID-19 Vaccination Management Problems Have Created a Privacy Nightmare For Americans – Even Without Vaccine Passports

Joseph Steinberg

APRIL 20, 2021

It is also not uncommon for firms in the healthcare vertical to symbiotically share various types of information with one another; private healthcare-related data is also almost always shared during the M&A process – even before deals have closed.

Healthcare

Healthcare Insurance Computers and Electronics Data collection

5G Security

Schneier on Security

JANUARY 14, 2020

To be sure, there are significant security improvements in 5G over 4Gin encryption, authentication, integrity protection, privacy, and network availability. But the enhancements aren't enough. The 5G security problems are threefold. First, the standards are simply too complex to implement securely. What's more, U.S.

Data collection

Data collection Software Marketing Government

TheTruthSpy stalkerware, still insecure, still leaking data

Malwarebytes

FEBRUARY 13, 2024

The publications described the bug as “extremely easy to exploit, and grants unfettered remote access to all of the data collected from a victim’s Android device.”

Spyware

Spyware Data collection Malware Hacking

Threat actors scrape 600 million LinkedIn profiles and are selling the data online – again

Security Affairs

JULY 12, 2021

For the third time in the past four months, LinkedIn seems to have experienced another massive data scrape conducted by a malicious actor. Once again, an archive of data collected from hundreds of millions of LinkedIn user profiles surfaced on a hacker forum, where it’s currently being sold for an undisclosed sum.

Social Engineering

Social Engineering Data collection Media Passwords

5 Tips for Choosing the Best Proxy Service Provider

IT Security Guru

OCTOBER 5, 2023

The swift expansion of the data collection sector has birthed an extensive market brimming with contenders all vying to deliver high quality proxy services. Buy from Authentic Providers The internet is rife with various individuals purporting to offer legitimate proxy servers.

Internet

Internet Internet Retail Data collection

Almost Half of All Chrome Extensions Are Potentially High-Risk

eSecurity Planet

NOVEMBER 29, 2022

Over 14 percent of the extensions studied by the researchers collect PII, more than 6 percent collect authentication data, 2.51 percent collect personal communications, and 1.21 percent collect financial and payment information. Chrome extensions used to aid in writing are the most data-hungry (79.5

Risk

Risk Adware Data collection Passwords

Access Management is Essential for Strengthening OT Security

Thales Cloud Protection & Licensing

MAY 23, 2022

The software components at this level include the servers and databases at the core of the production workflow that feed data collected from field devices to higher-level business systems, or those operating in the cloud. Francois Lasnier | VP, Authentication and Access Management Products. Identity & Access Management.

Healthcare

Healthcare Ransomware Authentication Threat Reports

Making authentication faster than ever: passkeys vs. passwords

Google Security

MAY 5, 2023

Passkeys are a new, passwordless authentication method that offer a convenient authentication experience for sites and apps, using just a fingerprint, face scan or other screen lock. Preliminary, qualitative data collected from user research also indicates that users already perceive this convenience as the key value of passkeys.

Authentication

Authentication Passwords Technology Password Management

Not the Invasion They Warned Us About: TikTok and the Continued Erosion of Online Privacy

Approachable Cyber Threats

AUGUST 2, 2021

Users must be better protected from the outset, and the only way to ensure that is to impose significant restrictions on data collection and usage by companies seeking to monetize or use it to their asymmetric benefit in any way. social engineer a mobile provider employee to facilitate a SIM swap).

Data collection

Data collection Media Mobile Identity Theft

Erbium stealer on the hunt for data

Malwarebytes

SEPTEMBER 29, 2022

A slick tool with its own fully functional dashboard, its sights are set on targets not entirely dissimilar to other data stealers. System data collection, drive enumeration, and loading processes and DLLs into memory are all tell-tale signs that bad things are afoot on the target computer.

Cryptocurrency

Cryptocurrency Malware Password Management Data collection

Critical Success Factors to Widespread Deployment of IoT

Thales Cloud Protection & Licensing

FEBRUARY 16, 2021

There are three major threat vectors that harm IoT deployments: Devices are hijacked by malicious software; Data collected and processed in IoT ecosystems is tampered with and impacts the confidentiality, integrity and availability of the information; and, Weak user and device authentication.

IoT

IoT Manufacturing Energy and Utilities Data collection

Data Privacy concerns erupt with Robotic Vacuums

CyberSecurity Insiders

JANUARY 29, 2021

Security report submitted by CR Digital Lab says that they have carried out their research based on few metrics such as automatic software updates, email notification when the user logs into the device from a unique IP address, 2-factor authentication and others. But the report doesn’t say to never buy such goods.

Data privacy

Data privacy Data collection Passwords Manufacturing

Addressing the Unique Obstacles in Healthcare Through Policy-Based Access Control

CyberSecurity Insiders

OCTOBER 19, 2022

The need for open communication about personal health information is why Gartner recommends healthcare organizations develop “strategies for notification, communication and minimizing the amount of data collected and retained.”. Data’s Lifetime Impact.

Healthcare

Healthcare Data collection Data privacy Technology

Data Loss Prevention for Small and Medium-Sized Businesses

IT Security Guru

JULY 28, 2023

SMBs should invest in comprehensive training programs to educate employees about data security best practices, such as strong password management, recognising phishing attempts, and secure file handling. Incident Response and Breach Notification : A well-defined incident response plan enables SMBs to respond effectively to data breaches.

Data breaches

Data breaches Risk Education Telecommunications

Multilingual skimmer fingerprints 'secret shoppers' via Cloudflare endpoint API

Malwarebytes

FEBRUARY 21, 2023

One important aspect of data theft in criminal markets revolves around the authenticity of the data that is being resold. While financial institutions can reissue you a new card in the mail, the information the criminals have collected is equivalent to a data breach and can be reused for other types of fraud later on.

Data collection

Data collection Data breaches Mobile Marketing

How to Secure Your Business Social Media Accounts

BH Consulting

AUGUST 31, 2023

The incident shows that not all hackers’ motives are financial or data collection. Have a strong social media policy Track who has access to your social media accounts Implement staff security training for social media Continuously monitor social media accounts for potential threats Enable multi-factor authentication.

Media

Media Accountability Authentication Passwords

Phishers migrate to Telegram

Security Affairs

APRIL 6, 2023

User personal data for sale. Crooks offers data collected through phishing campaign to the subscribers. Data includes verified online banking credentials, in some cases phishers also provides info on the account balances. These bots allows phishers to bypass 2FA (two-factor authentication) protections automatically.

Phishing

Phishing Scams Social Engineering Banking

Getting Started: A Beginner’s Guide for Improving Privacy

Security Boulevard

JANUARY 16, 2024

Privacy-oriented browsers also limit data collection and "phoning home" and telemetry activity on their backend (in this specific case, I am using "backend" to refer to the side where users don't necessarily directly interact with the browser), preserving your privacy as a user.

Accountability

Accountability Engineering Passwords Internet

EU Warns China Against Hacking the Medical Sector

SecureWorld News

JUNE 23, 2020

research organizations involved in COVID-19 data collection. Patch all systems for critical vulnerabilities, prioritizing timely patching for known vulnerabilities of internet-connected servers and software processing internet data. Improve credential requirements and require multi-factor authentication.

Hacking

Hacking Cyber threats Data collection Internet

Over 100 flaws in management and access control systems expose buildings to hack

Security Affairs

MAY 11, 2019

The extent of the flaw is wide, according to data collected by Krstic during the study, the vulnerabilities could impact up to 10 million people and 30,000 doors at 200 facilities. Some of the flaws, rated as ‘critical,’ could be exploited by an unauthenticated attacker to take full control of the vulnerable systems.

Hacking

Hacking Advertising Surveillance Data collection

Introducing BloodHound 4.2?—?The Azure Refactor

Security Boulevard

AUGUST 3, 2022

So slow, in fact, that the initial authentication you did against Azure could easily expire before data collection could even finish. Legacy AzureHound also had many problems that made it a poor solution for how we support our BloodHound Enterprise customers: It required user interaction to authenticate.

Data collection

Data collection Authentication Passwords Architecture

7 Top Tips for Accelerating your IoT Projects in 2021

CyberSecurity Insiders

MARCH 25, 2021

In addition, network managers using adapted Identity and Access Management solutions can use multi-factor authentication, biometric authentication, or digital certificates to also bolster authentication security. #5 6 Decide early on the types of data collection, transmission and processing.

IoT

IoT Authentication Passwords Data collection

Let’s Talk About Cookies!

Approachable Cyber Threats

MARCH 1, 2024

The information provided in the text file includes the cookie’s information, such as authentication information like your login info. THis behavior, such as personal beliefs and a variety of other aspects of who we are as individuals, is transmitted for data collection on the website’s server.

Internet

Internet Internet Risk Advertising

Three Reasons You Should Treat Applications as Machine Identities in Your Security Strategy

Thales Cloud Protection & Licensing

AUGUST 2, 2018

1 – We need to be able to trust the data that comes from applications. Because machines increasingly talk to each other and exchange important data that they collect, strong mutual authentication and trust between these is critical. This is the first challenge, strong authentication requires trusted identities.

Digital transformation

Digital transformation Authentication Software Data collection

Building a foundation of trust for the Internet of Things

Thales Cloud Protection & Licensing

DECEMBER 13, 2018

According to research from the Ponemon Institute, almost half (42 per cent) of IoT devices will use digital certificates for authentication in the next two years. Firmware signing is also key to ensuring that devices can verify the authenticity and integrity of updates and security patches that eliminate discovered vulnerabilities.

Internet

Internet Internet IoT Manufacturing

Let’s Talk About Cookies!

Approachable Cyber Threats

MARCH 1, 2024

The information provided in the text file includes the cookie’s information, such as authentication information like your login info. THis behavior, such as personal beliefs and a variety of other aspects of who we are as individuals, is transmitted for data collection on the website’s server.

Internet

Internet Internet Risk Advertising

EvilProxy Phishing-As-A-Service With MFA Bypass Emerged In Dark Web

Security Affairs

SEPTEMBER 5, 2022

EvilProxy actors are using Reverse Proxy and Cookie Injection methods to bypass 2FA authentication – proxyfying victim’s session. This way they can harvest valid session cookies and bypass the need to authenticate with usernames, passwords and/or 2FA tokens.

Phishing

Phishing Accountability Hacking Advertising

For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records

Krebs on Security

SEPTEMBER 4, 2018

Less than a week ago, security researcher Nitish Shah directed KrebsOnSecurity to an open database on the Web that allowed anyone to query up-to-the-minute mSpy records for both customer transactions at mSpy’s site and for mobile phone data collected by mSpy’s software. The database required no authentication.

Spyware

Spyware Mobile Advertising Software

New Version of Meduza Stealer Released in Dark Web

A week in security (July 31 - August 6)

Webinars

Trending Sources

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Webinars

Top 7 CIAM tools

Key Cybersecurity Compliance Deadlines You Can't Miss in 2024

Twitter Uses Phone Numbers, Emails to Sell Ads

Data Privacy Week 2023: Privacy Gains Power From Other Societal Forces

The Future of Privacy: How Big Tech Is Changing the Way We Think About Our Data

Navigating the Digital Landscape: Insights from the 2024 Thales Digital Trust Index

Collection #1 Mega Breach Leaks 773 Million Email Accounts

Over 100,000 ChatGPT Accounts Compromised by Cybercriminals

NIST Report Highlights Rising Tide of Threats Facing AI Systems

Kaiser Permanente Discloses Data Breach Impacting 13.4 Million People

MY TAKE: Why monetizing data lakes will require applying ‘attribute-based’ access rules to encryption

GUEST ESSAY: ‘World password day’ reminds us to embrace password security best practices

Hackers Could Cause ‘Fake Earthquakes’ by Exploiting Vulnerable Seismic Equipment, Researchers Warn

COVID-19 Vaccination Management Problems Have Created a Privacy Nightmare For Americans – Even Without Vaccine Passports

5G Security

TheTruthSpy stalkerware, still insecure, still leaking data

Threat actors scrape 600 million LinkedIn profiles and are selling the data online – again

5 Tips for Choosing the Best Proxy Service Provider

Almost Half of All Chrome Extensions Are Potentially High-Risk

Access Management is Essential for Strengthening OT Security

Making authentication faster than ever: passkeys vs. passwords

Not the Invasion They Warned Us About: TikTok and the Continued Erosion of Online Privacy

Erbium stealer on the hunt for data

Critical Success Factors to Widespread Deployment of IoT

Data Privacy concerns erupt with Robotic Vacuums

Addressing the Unique Obstacles in Healthcare Through Policy-Based Access Control

Data Loss Prevention for Small and Medium-Sized Businesses

Multilingual skimmer fingerprints 'secret shoppers' via Cloudflare endpoint API

How to Secure Your Business Social Media Accounts

Phishers migrate to Telegram

Getting Started: A Beginner’s Guide for Improving Privacy

EU Warns China Against Hacking the Medical Sector

Over 100 flaws in management and access control systems expose buildings to hack

Introducing BloodHound 4.2?—?The Azure Refactor

7 Top Tips for Accelerating your IoT Projects in 2021

Let’s Talk About Cookies!

Three Reasons You Should Treat Applications as Machine Identities in Your Security Strategy

Building a foundation of trust for the Internet of Things

Let’s Talk About Cookies!

EvilProxy Phishing-As-A-Service With MFA Bypass Emerged In Dark Web

For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records

Stay Connected