Tag Archive for: leaks

Hacks And Data Leaks – Cyber Defense Magazine

/in


How to protect businesses from cyberattacks

By Sergey Ozhegov, CEO, SearchInform

Hacks and data leaks: how to protect businesses from cyberattacks

Hardly a week goes by without a hack or data breach incident occurrence. Quite often, large organizations, such as banks, state bodies and corporations become attacked, despite the fact that they are well-sponsored and their employees are usually quite well informed in the information security related issues. Thus, even large enterprises are often incapable of protection against cyber threats. So, the questions arises – what should executives of SMEs, which information security budget is much smaller do? The SearchInform CEO shares advice on how to strengthen an organization’s information security protection.

SMEs are in the focus

Owners of small businesses quite often don’t take cyber security issues seriously, because they believe that intruders aren’t interested in their companies due to their small size. Such approach leads to serious consequences, as it turns small businesses into perfect and vulnerable target.

One of the core risk is critical data leak. Such data includes, but isn’t limited to:

  • Client database
  • Critical data on some business processes
  • Commercial data on business deals etc.

Businesses should also take data privacy laws seriously. There is a global trend of adoption of various acts, aimed at regulation of data-related processes. The new regulations, coming into force worldwide motivate companies to implement specific protective software. The consequences of such norms ignorance become more and more serious. For instance, in case a company doesn’t comply with a regulator’s requirements, it has to pay fines, which, in turn, are also permanently increased.

The main problem is that implementation of information security measures requires significant financial expenditures and takes time. Nevertheless, law requirements and data leak risks must not be ignored anyway. That is why it is strictly important to address risks properly and deal at least with main vulnerabilities and security “holes”.

First of all, let’s identify where to expect threats to occur.

Who poses a threat to your organization’s…

Source…

TSMC, Apple’s Chipmaker, Hit with a Ransomware Attack, LockBit Asks for $70M to Prevent Leaks

/in


The famous technology company behind the Apple processors like the A-series Bionic chips and the M-series SoCs, was recently hit with a ransomware attack. The LockBit ransomware gang already took responsibility for the attack, notoriously known for its global activities and ties to Russia, having some of its members from the country.

It is demanding a $70 million ransom demand from the Taiwan Semiconductor Manufacturing Company (TSMC), or else it would leak all the stolen data it managed to steal from the company. 

TSMC was Hit with Ransomware Attack, LockBit Demands $70M

TAIWAN-CHIP-TSMC-COMPANY-EARNINGS

(Photo : SAM YEH/AFP via Getty Images)
A security staff stands next to a logo of the Taiwan Semiconductor Manufacturing Co, (TSMC), during the investors conference in Taipei on July 16, 2014. TSMC, the world’s biggest contract microchip maker, was to release second-quarter earnings results at an online conference.

TechCrunch reported that TSMC’s partner was hit with a ransomware attack, more specifically, one of its IT hardware suppliers, Kinmax Technology, with LockBit already owning up to the attack. The ransomware group is demanding a ransom payment of $70 million to keep the stolen data from getting leaked to the public. 

Kinmax made this known to TSMC, with the company’s services centering on setting up the server’s initial setup and configuration. The attacked company also said that several pieces of information were leaked last Thursday, but the reports did not expand more on how serious the attack was or how much was taken.

Other clients of Kinmax include Microsoft, Citrix, Cisco, VMWare, and HPE.

Read Also: Apple M3: Tests 12-Core CPU, 18-Core GPU, the Most on Any M-Series Chip; Coming Soon?

Stolen Sensitive Data Would be Leaked, is Apple Included?

As per 9to5 Mac, TSMC already confirmed that this attack did not affect its business operations and customer information, despite Kinmax Technology’s hand on its servers. This means that this should not be a massive cause of concern for TSMC’s customers, including Apple, one of its largest partners in the tech landscape. 

TSMC and the LockBit Ransomware Gang

TSMC remains the top supplier of Apple for all chip…

Source…

Breaches, patches, leaks and tweaks! [Audio + Text] – Naked Security

/in


Latest epidode – listen now.

DOUG.  Breaches, breaches, patches, and typios.

All that, and more, on the Naked Security podcast.

[MUSICAL MODEM]

Welcome to the podcast, everybody.

I am Doug Aamoth; he is Daul Pucklin…

…I’m sorry, Paul!

DUCK.  I think I’ve worked it out, Doug.

“Typios” is an audio typo.

DOUG.  Exactly!

DUCK.  Yes… well done, that man!

DOUG.  So, what do typos have to do with cybersecurity?

We’ll get into that…

But first – we like to start with our This Week in Tech History segment.

This week, 23 January 1996, version 1.0 of the Java Development Kit said, “Hello, world.

Its mantra, “Write once, run anywhere”, and its release right as the web’s popularity was really reaching a fever pitch, made it an excellent platform for web-based apps.

Fast-forward to today, and we’re at version 19, Paul.

DUCK.  We are!

Java, eh?

Or “Oak”.

I believe that was its original name, because the person who invented the language had an oak tree growing outside his office.

Let us take this opportunity, Doug, to clear up, for once and for all, the confusion that lots of people have between Java and JavaScript.

DOUG.  Ooooooh…

DUCK.  A lot of people think that they are related.

They’re not related, Doug.

They’re *exactly the same* – one is just the shortened… NO, I’M COMPLETELY KIDDING YOU!

Java is not JavaScript – tell your friends!

DOUG.  I was, like, “Where is this going?” [LAUGHS]

DUCK.  JavaScript basically got that name because the word Java was cool…

…and programmers run on coffee, whether they’re programming in Java or JavaScript.

DOUG.  Alright, very good.

Thank you for clearing that up.

And on the subject of clearing things up, GoTo, the company behind such products as GoToMyPC, GoToWebinar, LogMeIn, and (cough, cough) others says that they’ve “detected unusual activity within our development environment and third party cloud storage service.”

Paul, what do we know?

GoTo admits: Customer cloud backups stolen together with decryption key

DUCK.  That was back on the last day of November 2022.

And the (cough, cough) that you mentioned earlier, of course, is GoTo’s…

Source…

Hacking, Security & Privacy News: data breaches and leaks, new hacks & more

/in


Jak Connor | Jan 16, 2023 7:34 AM CST

Norton LifeLock, a very well-known provider of identity protection and cybersecurity services, recently revealed in an announcement that thousands of its customers had their accounts compromised.

Norton announces thousands of its customer accounts have been hacked 65

The parent company of Norton LifeLock, Gen Digital, states that the likely cause of the hack was a “credential stuffing” attack, which is when previously exposed or breached credentials of accounts are used to break into other accounts on different sites and services that have the same passwords. The company notes that it detected a “large volume” of failed logins to customer accounts on December 12, which led them to discover that the intruders had compromised accounts dating back to December 1.

The company sent notices to about 6,450 Norton customers whose accounts were affected by the breach. In the data breach notice, Gen Digital states that the unauthorized third party may have viewed customers’ first names, last names, phone numbers, and mailing addresses. The company also said that it could not rule out that the intruders also accessed some customers’ saved passwords.

Continue reading: Norton announces thousands of its customer accounts have been hacked (full post)

Cameron Wilmot | Jan 10, 2023 2:22 PM CST

It wasn’t until recently that I discovered Chrome has an in-built feature to help protect your kids (and anyone, actually) while browsing the web with Google’s popular web browser. A recent Facebook post from the Google Chrome page alerted me to its “Enhanced Protection” security mode and family DNS feature, which we dive into below.

An easy way to protect your kids while browsing the net with Google Chrome 1

In the simplest terms, when turned on, this feature proactively monitors the user’s behavior in Chrome and blocks bad websites, downloads, and extensions before they can cause a problem on your device. For example, you or your child might be about to enter a harmful website that attempts to steal important information. Chrome blocks the website and presents a very obvious red screen warning you.

A little discussion with your kids would go a long way, alerting them if they see this obvious red screen, reminding them it’s a bad site and they shouldn’t visit it. Chrome can also scan any downloads before the files are…

Source…