Tag Archive for: data

The Logical Evolution Of Data Security

/in


Manny Rivelo is the CEO of Forcepoint.

Recently, I received a notification from a big hotel chain in Las Vegas of a recent data hacking incident. I’ve only stayed at that hotel once or twice in my life, but my personally identifiable information (PII)—my driver’s license and my credit card information—was now at risk of being spread all over the internet or dark web. It’s a letter no company wants to send to its customers. Data breaches like these are costly and the reputational harm is incalculable. And it does cause me to pause in considering if I will ever stay there again.

Managing an unprecedented volume of data spread across numerous devices is the data management challenge that organizations across industries, such as hospitality, healthcare, financial services and more, face today. The fundamental question that arises for these businesses is: How can they accurately track their data—determine its location, manage access and control user interactions? Addressing these concerns requires an evolution in data security practices that I believe must occur in three crucial areas.

The Modern Convergence Of Data Security And Networking

In the contemporary business environment, most organizations entrust their infrastructure and software management to cloud, SaaS and PaaS providers. However, they’re realizing they need to retain control of their data. Everyone has their own motivations and business reasons for protecting different types of sensitive and critical data, which is dispersed in multiple clouds—in various public clouds, traditional data centers and personal devices far from corporate headquarters.

The theft of intellectual property is a competitive issue, whereas breaches of regulated data like PII, in my case, or personal health information (PHI) trigger compliance mandates and financial penalties. All types of data loss are rapidly becoming board-level, existential threats.

Consequently, data and network security are increasingly intertwined as the network has become key to how sensitive data is accessed. Success in this context hinges on implementing consistent security policies across diverse networks and clouds, supported by robust…

Source…

Hackers Exploit Bug In Magento To Access Payment Data On Ecommerce Sites

/in


(MENAFN– Investor Brand Network) A critical flaw in the open-source e-commerce platform Magento has allowed hackers to make backdoors into e-commerce websites and
steal payment data . Computer software company Adobe Inc. describes the error,
CVE-2024-2072 ,
as the“improper neutralization of special elements” that could allow attackers to make arbitrary code executions without any user interaction.

Adobe addressed the vulnerability on Feb. 13, 2024, as part of a batch of security updates while e-commerce security company Sansec announced that it…

Read More>>

NOTE TO INVESTORS:
The latest news and updates relating to NextPlat Corp. (NASDAQ: NXPL, NXPLW) are available in the company’s newsroom at

About BioMedWire

BioMedWire
(“BMW”) is a specialized communications platform with a focus on the latest developments in the Biotechnology (BioTech), Biomedical Sciences (BioMed) and Life Sciences sectors. It is one of 60+ brands within the
Dynamic Brand Portfolio
@
IBN
that delivers :
(1) access to a vast network of wire solutions via
InvestorWire
to efficiently and effectively reach a myriad of target markets, demographics and diverse industries ;
(2) article and
editorial syndication to 5,000+ outlets ;
(3) enhanced
press release enhancement
to ensure maximum impact ;
(4)
social media distribution
via IBN to millions of social media followers ;
and (5) a full array of tailored
corporate communications solutions . With broad reach and a seasoned team of contributing journalists and writers, BMW is uniquely positioned to best serve private and public companies that want to reach a wide audience of investors, influencers, consumers, journalists and the general public. By cutting through the overload of information in today’s market, BMW brings its clients unparalleled recognition and brand awareness.

BMW is where breaking news, insightful content and actionable information converge.

To receive SMS alerts from BioMedWire,“Biotech” to 888-902-4192 (U.S. Mobile Phones Only)

For more information, please visit

Please see full terms of use and disclaimers on the BioMedWire website applicable to all content provided by BMW, wherever…

Source…

Unjected Data Breach: Security Lapse Exposes Thousands of User Accounts

/in


Unjected, the controversial anti-vaccine dating platform, faces another bout of scrutiny as a recent security breach exposes the private data of over 35,000 users. 

The latest security problem, discovered by security researcher GeopJr, tackles alarming vulnerabilities within the platform’s infrastructure. It could compromise user privacy and safety.

Unjected Hit by a Glitch

Unjected Data Breach: Security Lapse Exposes Thousands of User Accounts

(Photo : Mufid Majnun from Unsplash) 

Unjected, a popular website that promotes anti-vaccine campaigns is now under attack by a glitch. The latest security issue exposes confidential information of some users.


GeopJr’s investigation reveals critical flaws in Unjected’s security measures, allowing unauthorized access to sensitive user information. The breach exposes personal details, including full names, birthdates, email addresses, and location data of thousands of users. Moreover, authentication issues enable malicious actors to manipulate user profiles and access private messages exchanged on the platform.

Related Article: Issue-Plagued AirPower Charges Apple Watch For the First Time: Is this an Upgraded Prototype?

History of Security Concerns

This isn’t the first time Unjected has faced security-related controversies. In July 2022, GeopJr uncovered an open administrator dashboard, granting unauthorized access to crucial site functionalities. Despite attempts to rectify the issue, subsequent glitches and outages persisted, raising concerns among users regarding data protection.

Persistent Security Lapses

Despite being alerted to the security vulnerabilities by GeopJr and the Daily Dot, Unjected has failed to address the issues adequately. Efforts to patch the leak inadvertently exacerbated the situation, introducing additional vulnerabilities, including unauthorized account deactivation.

User Concerns and Insecurity

The breach has left users apprehensive about their privacy and safety on the platform. Direct messages reveal widespread distrust and unease among users regarding Unjected’s security practices. Concerns range from potential government surveillance to fears of hacking and data exploitation.

Response and Lack of Transparency

Blackbaud Must Improve its Poor Security, Data Retention Practices to Avoid Future Breaches, Says FTC

(Photo :…

Source…

AT&T acknowledges data leak that hit 73 million current and former users

/in


A person walks past an AT&T store on a city street.

Getty Images | VIEW press

AT&T reset passcodes for millions of customers after acknowledging a massive leak involving the data of 73 million current and former subscribers.

“Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders,” AT&T said in an update posted to its website on Saturday.

An AT&T support article said the carrier is “reaching out to all 7.6 million impacted customers and have reset their passcodes. In addition, we will be communicating with current and former account holders with compromised sensitive personal information.” AT&T said the leaked information varied by customer but included full names, email addresses, mailing addresses, phone numbers, Social Security numbers, dates of birth, AT&T account numbers, and passcodes.

AT&T’s acknowledgement of the leak described it as “AT&T data-specific fields [that] were contained in a data set released on the dark web.” But the same data appears to be on the open web as well. As security researcher Troy Hunt wrote, the data is “out there in plain sight on a public forum easily accessed by a normal web browser.”

The hacking forum has a public version accessible with any browser and a hidden service that requires a Tor network connection. Based on forum posts we viewed today, the leak seems to have appeared on both the public and Tor versions of the hacking forum on March 17 of this year. Viewing the AT&T data requires a hacking forum account and site “credits” that can be purchased or earned by posting on the forum.

Hunt told Ars today that the term “dark web” is “incorrect and misleading” in this case. The forum where the AT&T data appeared “does not meet the definition of dark web,” he wrote in an email. “No special software, no special network, just a plain old browser. It’s easily discoverable via a Google search and immediately shows many PII [Personal Identifiable Information] records from the AT&T breach. Registration is then free for anyone with the only remaining barrier being obtaining…

Source…