#Privacy: Research reveals the serious threat against UK health-related data

New research by Clearswift has found that 67% of healthcare organisations have experienced a cyber security incident in the past twelve months.  The research surveyed senior business decision makers within healthcare organisations across the UK, to which it was found that just under half of security incidents (48%) occurred as a result of introduction of […]

#Privacy: Over 45m user records from US data broker LimeLeads are up for sale

ZDNet has reported that a hacker is currently selling a database containing 49 million business contacts on an underground hacking forum.  After receiving a tip from one of its readers, ZDNet reported that it had become aware that a threat actor, dubbed Omnichorus, has been selling data belonging to San Francisco-based business-to-business leads generator, LimeLeads.  […]

#Privacy: Patching still remains a problem

A new report has found that cyber adversaries continue to be both relentless and innovative in their efforts to find vulnerabilities within organisation’s IT infrastructure.  The Crowdstrike Services Cyber Front Lines Report, which offers observations obtained from its incident response and proactive services, found that over a third of the incidents (36%) investigated were caused […]

#Privacy: Threat Spotlight: Conversation Hijacking 

Beware of cybercriminals using conversation hijacking to steal money and sensitive personal information.  In recent months, Barracuda researchers have seen a sharp rise in domain-impersonation attacks used to facilitate conversation hijacking. An analysis of about 500,000 monthly email attacks shows a 400-percent increase in domain-impersonation attacks used for conversation hijacking. In July 2019, there were […]

#Privacy: App exposes thousands of baby photos

A leaky Elasticsearch database has resulted in thousands of images and videos of babies being leaked online.  The developer of the Peekaboo Moments app, Bithouse Inc, failed to secure a 100GB Elasticsearch database. The database had been left open accessible by anyone, and without any password protection.  The database contained over 70 million log files […]

How to Maintain an Up-to-Date Data Map with OneTrust Vendor Risk Management

In aiding more than 2,500 companies mature their privacy and security compliance programs, we’ve heard one question more than any other: “How do I keep my data map up to date?” There are many methods to maintaining an evergreen data map, such as with integrations and assessment automation. But emerging techniques, ones that use the OneTrust Vendor Risk Management platform in combination with our data mapping […]

#Privacy: Magecart attackers strike Australia bushfire donation website

A website collecting donations for the victims of the Australia bushfires has been injected with malicious script.  The Malwarebytes Threat Intelligence Team discovered that a legitimate donation collecting website has been compromised by a Magecart script.  The Magecart attack works by loading a malicious credit-card skimmer script named ATMZOW into the checkout pages once a […]

#Privacy: PayPal confirms high-severity bug affecting login form

Researcher Alex Birsan has discovered a bug within PayPal which could allow threat actors to take over users’ accounts.  Birsan uncovered the bug after exploring PayPal’s main authentication flow, whereby he noticed a javascript file which contained what appeared to look like a cross-site request forgery (CSRF) token and a session ID.  Birsan explained that […]

#Privacy: Schools within Contra Costa County hit by ransomware attack

A ransomware attack has left schools in the Pittsburg Unified School District without internet access following an attack over the winter break.  Schools across the Pittsburg Unified School District are still recovering from a ransomware attack that has forced staff to teach using the old-fashioned way.  Superintendent Janet Schulze, wrote on social media: “We will […]