Blog - Cyber Security Informer

Purpose Limitation Compliance with OpenAI | Cyera Blog

Security Boulevard

JUNE 20, 2023

Background on Purpose Limitation Purpose limitation is the principle that PII collected for a given purpose may not be used for a different purpose. According to GDPR Article(5) (1)(b), further processing of PII may be permitted when the reason is not “incompatible with the initial purposes” and for “archiving purposes in the public interest.”

Data collection

Data collection IoT Marketing Data privacy

Ex-Navy IT manager jailed for selling people’s data on the dark web

Graham Cluley

OCTOBER 19, 2023

A former US Navy IT manager has been sentenced to five years and five months in prison after illegally hacking a database containing personally identifiable information (PII) and selling it on the dark web. Read more in my article on the Tripwire State of Security blog.

Hacking

Hacking Data breaches

India’s biggest data breach? Hacking gang claims to have stolen 815 million people’s personal information

Graham Cluley

OCTOBER 31, 2023

According to local media reports, hackers have offered for sale the personally identifiable information (PII) - including that found on Aadhaar identity cards - belonging to hundreds of millions of Indian residents. Read more in my article on the Hot for Security blog.

Data breaches

Data breaches Media Hacking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Gulp! Pepsi hack sees personal information stolen by data-stealing malware

Graham Cluley

FEBRUARY 15, 2023

For almost the month the malware secretly exfiltrated personally identifiable information (PII) from the company's network. Read more in my article on the Hot for Security blog.

Malware

Malware Hacking Data breaches

PII Breach Discovered on Bahmni Hospital Management System

Heimadal Security

NOVEMBER 22, 2022

The Bahmni Hospital Management System was breached exposing the PII (Personal Identifiable Information) and EMR (Electronic Medical Record) of 197,497 users. The post PII Breach Discovered on Bahmni Hospital Management System appeared first on Heimdal Security Blog. The company […].

Healthcare

Healthcare Cybersecurity

From Google Cloud Blog: “Improving security, compliance, and governance with cloud-based DLP data…

Anton on Security

OCTOBER 21, 2020

From Google Cloud Blog: “Improving security, compliance, and governance with cloud-based DLP data discovery” So, I’ve been doing some blogging at Google Cloud blog with most posts connected to products, launches, etc. However, I am also doing a fun blog series on DLP in the cloud. What to discover?

Government

Government Cloud Migration Data breaches Risk

GUEST ESSAY: What ‘self-sovereign-identities’ are all about — and how SSIs can foster public good

The Last Watchdog

NOVEMBER 27, 2022

Applying for benefits can be arduous, not least because agencies need to validate applicant identity and personal identifiable information (PII). Self-sovereign identity ( SSI ) leverages distributed ledgers to verify identity and PII – quickly, conveniently, and securely. Related: Fido champions passwordless authentication.

Government

Government Identity Theft Banking Data privacy

Security Alert: New Fake Customs Invoicing Smishing Campaign Targeting Romanian Telecom Users

Heimadal Security

FEBRUARY 16, 2023

The data collected so far reveals that the threat actor or APT behind the fake customs invoicing smishing campaign is attempting to maliciously collect user PII by redirecting them to a cloned website via an SMS-delivered crafted URL.

Data collection

Banking Cybersecurity: The Risks Faced by Financial Institutions

Heimadal Security

SEPTEMBER 14, 2023

This includes large amounts of Personal Identifiable Information (PII). According to a Juniper […] The post Banking Cybersecurity: The Risks Faced by Financial Institutions appeared first on Heimdal Security Blog.

Banking

Banking Risk Cybersecurity Financial Services

Operation Endgame

Troy Hunt

MAY 29, 2024

That link provides an excellent over so start there then come back to this blog post which adds some insight into the data and explains how HIBP fits into the picture. We have NTLM hashes as well because many orgs use them to check passwords in their own Active Directory instances.

Passwords

Passwords Password Management Data breaches Cybercrime

Identity Theft: Increasing in Numbers in 2023

Security Through Education

JULY 18, 2023

PII 101 Criminals looking to steal identities specifically target personally identifiable information (PII). PII is any information that can identify an individual including date of birth, driver’s license numbers, employment information, personal address, and Social Security numbers (SSN).

Identity Theft

Identity Theft Scams Social Engineering Passwords

One in Five Public-Facing Cloud Storage Buckets Expose Sensitive Data

eSecurity Planet

NOVEMBER 17, 2022

Members of Laminar Labs’ research team recently found that one in five public-facing cloud storage buckets contains personally identifiable information (PII) – and the majority of that data isn’t even supposed to be online in the first place. Also read: Cloud Security: The Shared Responsibility Model. A Data-Centric View.

Data privacy

Data privacy Risk Marketing Passwords

Banking Cybersecurity: The Risks Faced by Financial Institutions

Heimadal Security

SEPTEMBER 14, 2023

This includes large amounts of Personal Identifiable Information (PII). According to a Juniper […] The post Banking Cybersecurity: The Risks Faced by Financial Institutions appeared first on Heimdal Security Blog.

Banking

Banking Risk Cybersecurity Financial Services

Hacker Faces Over 20 Years in Jail for Creating Fake Rideshare and Delivery Service Accounts

Heimadal Security

DECEMBER 23, 2021

A 36-year-old man admitted he was using stolen personally identifiable information (PII) purchased from dark web marketplaces to fraudulently create rideshare and delivery service accounts. The post Hacker Faces Over 20 Years in Jail for Creating Fake Rideshare and Delivery Service Accounts appeared first on Heimdal Security Blog.

Accountability

Accountability Cybersecurity

Data Security Posture Management Should Focus on Securing the Data

Security Boulevard

MARCH 4, 2024

Some of it is high value containing business-critical information or regulated data, such as PII (personally identifiable information). Other data is less sensitive and while important for your business does not pose […] The post Data Security Posture Management Should Focus on Securing the Data appeared first on TechSpective.

Nearly One Billion Emails Exposed in Data Breach

Adam Levin

MARCH 29, 2019

Security researcher Bob Diachenko found the information in an unsecured 150GB-sized MongoDB database. Some of the data was much more detailed than just the email address and included personally identifiable information (PII),” wrote Diachenko in a blog announcing his findings.

Data breaches

Data breaches Media Internet Internet

GUEST ESSAY: How to detect if a remote job applicant is legit — or a ‘Deepfake’ candidate

The Last Watchdog

AUGUST 10, 2022

The FBI announced that its Internet Crime Complaint Center (IC3) had observed an uptick in employment-related fraud involving stolen personally identifiable information (PII) and deepfakes. These fraudsters frequently use ill-gotten PII to create synthetic images and videos to apply for work-at-home positions. Protecting organizations.

Education

Education Technology Cybersecurity Banking

Practice Management Software Vendor Practicefirst Affected by Healthcare Ransomware Attack

Heimadal Security

JULY 7, 2021

New York-based Practicefirst Medical Management Solutions, a medical management company that processes data for health care providers, declared that a 2020 healthcare ransomware attack may have exposed personally identifiable information (PII) of patients and work staff.

Healthcare

Healthcare Software Ransomware Cybersecurity

The Man Who Has Stolen the PII of 65k Employees of UPMC Pleads Guilty

Heimadal Security

MAY 25, 2021

Justin Sean Johnson has pled guilty to hacking into University of Pittsburgh Medical Center (UPMC) human resource databases and stealing the Personally Identifiable Information (PII) of more than 65,000 employees. The post The Man Who Has Stolen the PII of 65k Employees of UPMC Pleads Guilty appeared first on Heimdal Security Blog.

Hacking

Hacking Identity Theft Banking Cybersecurity

Yum! Brands, the owner of KFC, Taco Bell and Pizza Hut, discloses data breach

Security Affairs

APRIL 11, 2023

Now the company, which owns the KFC, Pizza Hut, and Taco Bell brands, disclosed a data breach and revealed that ransomware actors have stolen personally identifiable information (PII) of an unspecified number of individuals. Brands, the owner of KFC, Taco Bell and Pizza Hut, discloses data breach appeared first on Security Affairs.

Data breaches

Data breaches Identity Theft Education Ransomware

New Study Shows All mHealth Apps Are Vulnerable to API Attacks

Heimadal Security

MARCH 18, 2021

The post New Study Shows All mHealth Apps Are Vulnerable to API Attacks appeared first on Heimdal Security Blog. This is a concern among […].

Mobile

Mobile Cybersecurity

Information stealer compromises legitimate sites to attack other sites

Malwarebytes

JUNE 5, 2023

Security researchers at Akamai have published a blog about a new Magecart -alike web skimming campaign that uses compromised legitimate sites as command and control (C2) servers. For websites that require even more security, there are specialized vulnerability scanners and application firewalls that you may want to look into.

Firewall

Firewall Ransomware Risk

From Behavior Analytics to Security Education: 4 Ways Organizations Should Mitigate Modern Insider Attacks

IT Security Central

MAY 5, 2022

Organizations can face the threat of data like their intellectual property (IP), source code, customer details, Personally Identifiable Information (PII), financial […].

Education

Education Government Technology Hacking

Prevent Generative AI Data Leaks with Chrome Enterprise DLP

Google Security

APRIL 18, 2024

Posted Kaleigh Rosenblat, Chrome Enterprise Senior Staff Software Engineer, Security Lead Generative AI has emerged as a powerful and popular tool to automate content creation and simple tasks. Hear directly from security leaders at Snap on their use of DLP for Gen AI in this recording here.

Engineering

Engineering Software

Firmware and Supply Chain Requirements in the Latest CMS Acceptable Risk Safeguards (ARS)

Security Boulevard

DECEMBER 12, 2023

Department of Health and Human Services (HHS) and is responsible for the personally identifiable information (PII) of more than 140 million Americans. The post Firmware and Supply Chain Requirements in the Latest CMS Acceptable Risk Safeguards (ARS) appeared first on Security Boulevard.

Firmware

Firmware Risk

COVID-19 data put for sale on Dark Web

Security Affairs

AUGUST 29, 2022

Researchers discovered leaked PII stolen from Thailand’s Department of Medical Sciences containing information about citizens with COVID-19. Resecurity has shared additional details in this blog post: [link]. The post COVID-19 data put for sale on Dark Web appeared first on Security Affairs. Pierluigi Paganini.

Identity Theft

Identity Theft Healthcare Mobile Hacking

Securing Easy Appointments and earning CVE-2022-0482

Security Affairs

APRIL 11, 2022

Easy Appointments contained a very dangerous Broken Access Control vulnerability tracked as CVE-2022-0482 that was exposing PII. Easy Appointments is now secured, so the best way to be protected is to update the software to the last stable version. Another day, another threat to your data. To nominate, please visit:?

Software

Software Cybersecurity Hacking Information Security

3 cybersecurity essentials for education institutions and state agencies

Security Boulevard

DECEMBER 1, 2022

The combination of a large user base (citizens, contractors, and students, for example), a treasure trove of personally identifiable information (PII), and relatively small IT budgets provide a favorable cost-benefit analysis for.

Education

Education Cybersecurity Security Awareness

Data Asset Classification: Why it’s Important for Client-Side Protection

Security Boulevard

FEBRUARY 1, 2023

Companies from various industries are increasingly relying on transacting sensitive Personal Identifiable Information (PII) digitally. The post Data Asset Classification: Why it’s Important for Client-Side Protection appeared first on Security Boulevard.

Technology

Cloud Security Risk for Retail Companies: Why Ignoring Best Practices Could be Costly – The Redmart Story

Security Boulevard

DECEMBER 22, 2022

In September 2020, Singapore-based online grocery store, Redmart, experienced a data breach that exposed the personally identifiable information (PII) of over 890,000 of its customers. Continue reading "Cloud Security Risk for Retail Companies: Why Ignoring Best Practices Could be Costly – The Redmart Story".

Retail

Retail Risk Data breaches Passwords

GUEST ESSAY: The key differences between ‘information privacy’ vs. ‘information security’

The Last Watchdog

JUNE 12, 2023

Information privacy and information security are two different things. Related: Tapping hidden pools of security talent Information privacy is the ability to control who (or what) can view or access information that is collected about you or your customers. still available for you to use.

Information Security

Information Security Data breaches CISO Encryption

Volvo retailer leaks sensitive files

Security Affairs

APRIL 15, 2023

It would also have enabled the attacker to access previous communication with the company’s customers, which may have contained sensitive information like account passwords or personally identifiable information (PII). Car industry fails to prevent data leaks Volvo is not the only car brand that has recently exposed itself and its customers.

Retail

Retail Manufacturing Passwords Phishing

Is your cloud ready for CCPA?

Security Boulevard

DECEMBER 26, 2022

The CCPA (California Consumer Privacy Act) is, in a way, California’s version of the EU’s GDPR regulation with the purpose of protecting PII / customer data. appeared first on Security Boulevard. While there are some differences …. Continue reading "Is your cloud ready for CCPA?". The post Is your cloud ready for CCPA?

Ransomware group steps up, issues statement over MGM Resorts compromise

Malwarebytes

SEPTEMBER 17, 2023

The statement is quite long, takes a few digs at MGM Resorts, and seeks to correct what the group feels to be inaccurate statements made by security vendors and others with regard to the attack. However, the statement is quite light with regard to the specifics: We are unable to reveal if PII information has been exfiltrated at this time.

Ransomware

Ransomware Social Engineering Passwords Backups

The Changing Face of Data Security in Australia and New Zealand

Thales Cloud Protection & Licensing

FEBRUARY 4, 2020

The traditional focus on security has been on breach prevention and threat detection but these can only go so far. For organisations going through digital transformation there needs to be a layered approach to security – complimenting these traditional strategies with data protection.In Data, data and more data! contracts).

Digital transformation

Digital transformation Data breaches Threat Reports Encryption

What Retailers Should Know About Cybersecurity This Holiday Season

Duo's Security Blog

DECEMBER 16, 2021

The 2021 Identity Fraud Study by Javelin Strategy & Research reports the identity fraud resulted from stolen personally identifiable information (PII) and data breaches. Retailers have to protect consumer PII and stay compliant to PCI DSS, GDPR, CPPA and more. By providing this additional layer of security, MFA can be 99.9%

Retail

Retail Cybersecurity Identity Theft Authentication

How Machine Learning Can Accelerate and Improve the Accuracy of Sensitive Data Classification

Thales Cloud Protection & Licensing

DECEMBER 11, 2023

This blog will explain how Thales is enhancing CipherTrust Data Discovery and Classification (DDC) with ML models that help analyze data, learn from insights, and improve results. Navigating Diverse Data Repositories for Visibility Data discovery is the first step for organizations looking to comply with data protection regulations worldwide.

Unstructured Data

Unstructured Data Data privacy Healthcare Banking

The 7 Biggest Cybersecurity Scoops from February 2015

SiteLock

AUGUST 27, 2021

Fast forward to 2015, and we’ve had several trending cyber security issues appear in just these first few weeks. Below are 7 trending cyber security stories that you should read for February 2015. Security consultant Mark Burnett leaked 10 million usernames and passwords online through his personal blog last week, in a very risky move.

Passwords

Passwords Cybersecurity Internet Internet

Hive ransomware impacts California non-profit health organisation

Malwarebytes

APRIL 1, 2022

They go on to list what to do if you’re a partnership member or provider, along with the warning not to send any PII via email. This allegedly includes 850k PII records which includes names, addresses, and social security numbers. We appreciate your patience and understanding and apologize for any inconvenience.

Ransomware

Ransomware Healthcare

Quiet Lawsuit in Pennsylvania May Create a Groundbreaking Data Security Priority Shift. Are You Ready?

Thales Cloud Protection & Licensing

JANUARY 8, 2019

You can learn a little more about what FAIR and the Open Group are doing in this regard in one of my previous blogs ). The bean counters responsible for calculating an organization’s risk should think about sharpening their pencils and evaluate the cost of reasonable data security care versus the increased cost of losing control of PII data.

Risk

Risk Technology Banking Encryption

University admission platform Leverage EDU exposed student passports

Security Affairs

MAY 16, 2023

With branches throughout India, the company has quadrupled its workforce since the pandemic and secured $22 million in funding from international investors. Cybernews reached out to the company, and access to users’ data was secured. It runs offices in the UK and Australia.

Identity Theft

Identity Theft Education Banking Risk

Constella Intelligence Publishes 2021 Identity Breach Report

Security Boulevard

JULY 30, 2021

Learn more about Constella's 2021 Annual Identity Breach Report titled "PII Fuelling the Threat Economy: How Crisis Creates Targeted Vulnerabilities for Individuals, Executives, and Brands.". The post Constella Intelligence Publishes 2021 Identity Breach Report appeared first on Security Boulevard.

GUEST ESSAY: Five stages to attain API security — and mitigate attack surface exposures

The Last Watchdog

MARCH 8, 2023

Whether an API is exposed for customers, partners, or internal use, it is responsible for transferring data that often holds personally identifiable information (PII) or reveals application logic and valuable company data. So, how can you ensure your API security is effective and enable your digital transformation?

Digital transformation

Digital transformation Data breaches Cyber Risk Marketing

China Personal Information Protection Law (PIPL): A New Take on GDPR?

McAfee

OCTOBER 14, 2021

McAfee’s unique multi-vector data exfiltration protection (more on that here ) can also assist in ensuring that sensitive PII data doesn’t end up somewhere it shouldn’t. Consider testing and enabling our Chinese PII classifications. appeared first on McAfee Blogs.

Unstructured Data

Unstructured Data Digital transformation Mobile Marketing

Purpose Limitation Compliance with OpenAI | Cyera Blog

Ex-Navy IT manager jailed for selling people’s data on the dark web

Webinars

Trending Sources

India’s biggest data breach? Hacking gang claims to have stolen 815 million people’s personal information

Webinars

Gulp! Pepsi hack sees personal information stolen by data-stealing malware

PII Breach Discovered on Bahmni Hospital Management System

From Google Cloud Blog: “Improving security, compliance, and governance with cloud-based DLP data…

GUEST ESSAY: What ‘self-sovereign-identities’ are all about — and how SSIs can foster public good

Security Alert: New Fake Customs Invoicing Smishing Campaign Targeting Romanian Telecom Users

Banking Cybersecurity: The Risks Faced by Financial Institutions

Operation Endgame

Identity Theft: Increasing in Numbers in 2023

One in Five Public-Facing Cloud Storage Buckets Expose Sensitive Data

Banking Cybersecurity: The Risks Faced by Financial Institutions

Hacker Faces Over 20 Years in Jail for Creating Fake Rideshare and Delivery Service Accounts

Data Security Posture Management Should Focus on Securing the Data

Nearly One Billion Emails Exposed in Data Breach

GUEST ESSAY: How to detect if a remote job applicant is legit — or a ‘Deepfake’ candidate

Practice Management Software Vendor Practicefirst Affected by Healthcare Ransomware Attack

The Man Who Has Stolen the PII of 65k Employees of UPMC Pleads Guilty

Yum! Brands, the owner of KFC, Taco Bell and Pizza Hut, discloses data breach

New Study Shows All mHealth Apps Are Vulnerable to API Attacks

Information stealer compromises legitimate sites to attack other sites

From Behavior Analytics to Security Education: 4 Ways Organizations Should Mitigate Modern Insider Attacks

Prevent Generative AI Data Leaks with Chrome Enterprise DLP

Firmware and Supply Chain Requirements in the Latest CMS Acceptable Risk Safeguards (ARS)

COVID-19 data put for sale on Dark Web

Securing Easy Appointments and earning CVE-2022-0482

3 cybersecurity essentials for education institutions and state agencies

Data Asset Classification: Why it’s Important for Client-Side Protection

Cloud Security Risk for Retail Companies: Why Ignoring Best Practices Could be Costly – The Redmart Story

GUEST ESSAY: The key differences between ‘information privacy’ vs. ‘information security’

Volvo retailer leaks sensitive files

Is your cloud ready for CCPA?

Ransomware group steps up, issues statement over MGM Resorts compromise

The Changing Face of Data Security in Australia and New Zealand

What Retailers Should Know About Cybersecurity This Holiday Season

How Machine Learning Can Accelerate and Improve the Accuracy of Sensitive Data Classification

The 7 Biggest Cybersecurity Scoops from February 2015

Hive ransomware impacts California non-profit health organisation

Quiet Lawsuit in Pennsylvania May Create a Groundbreaking Data Security Priority Shift. Are You Ready?

University admission platform Leverage EDU exposed student passports

Constella Intelligence Publishes 2021 Identity Breach Report

GUEST ESSAY: Five stages to attain API security — and mitigate attack surface exposures

China Personal Information Protection Law (PIPL): A New Take on GDPR?

Stay Connected