CyberSecure Specialist

27 Dec

Data of 400 Million Twitter Users for Sale as Irish Privacy Watchdog Announces Probe

Information, News

An individual is offering to sell the data of more than 400 million Twitter users, just as Ireland’s data protection watchdog has announced an investigation into the recent data leaks impacting the social media giant. On December 23, someone posted a message on a popular hacking forum announcing the sale of a database containing the names, usernames, email addresses, phone numbers and follower counts of over 400 million Twitter accounts. A sample of roughly 1,000…

Read More
27 Dec

CPRA explained: New California privacy law ramps up restrictions on data use

Data Breaches, Malware, Social Engineering

On January 1, 2023, 20, the California Privacy Rights Act (CPRA) will go into effect. Approved by ballot measure as Proposition 24 in November 2020, it created a new consumer data privacy agency and put California another step ahead of other states in terms of privacy productions for consumers—and data security requirements for enterprises. California already had a privacy law in place, the California Consumer Privacy Act (CCPA), adopted in 2018. It went into effect in…

Read More
27 Dec

How does CISO strategy prevent threats?

Attacks, Data Breaches

Executive summary of CISO CISOs are under immense pressure to protect their organization and keep them out of the breach headlines. The largest obstacle to this goal is an evolving threat landscape that is increasing in sophistication. Payments from successful ransomware attacks fuel this evolution in the form of ransomware-as-a-service models. To break the trend, this report will explore why CISOs, and their teams can no longer simply react to these threats and must prevent…

Read More
26 Dec

The most dangerous cyber security threats of 2023

Attacks, Data Breaches

In this round up, we reveal which threat vectors cyber security experts believe will rise to prominence in 2023, and they offer their advice on how best to combat them. When asked in mid-2022 by Cyber Security Hub which threat vectors posed the most dangerous threat to their organizations, 75 percent of cyber security professionals said social engineering and phishing. Since the survey closed, multiple organizations such as Dropbox, Revolut, Twilio, Uber, LastPass and Marriott…

Read More
26 Dec

The top 12 tech stories of 2022

Data Breaches, Malware, Social Engineering

The technology sector’s vulnerability to the vagaries of geopolitics and the macroeconomy became clearer than ever in 2022, as IT giants laid off workers en masse, regulators cracked down on tech rule-breakers, nations negotiated data privacy, the EU-China chip war widened, and the Ukraine war disrupted business as usual. Through it all the classic tech themes—including innovation, constant change, and the fight to bolster cybersecurity—continued as ChatGPT was released, Broadcom sought to purchase VMWare, a…

Read More
23 Dec

LastPass finally admits: They did steal your password vaults after all

Information

by Paul Ducklin Popular password management company LastPass has been under the pump this year, following a network intrusion back in August 2022. Details of how the attackers first got in are still scarce, with LastPass’s first official comment cautiously stating that: [A]n unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account. A folllow-up announcement about a month later was similarly inconclusive: [T]he threat actor gained access…

Read More
23 Dec

S3 Ep114: Preventing cyberthreats – stop them before they stop you! [Audio + Text]

Information, Malware

by Paul Ducklin STOP THE CROOKS BEFORE THEY STOP YOU! Paul Ducklin talks to world-renowned cybersecurity expert Fraser Howard, Director of Research at SophosLabs, in this fascinating episode, recorded during our recent Security SOS Week 2022. When it comes to fighting cybercrime, Fraser truly is a “specialist in everything”, and he also has the knack of explaining this tricky and treacherous subject in plain English. Click-and-drag on the soundwaves below to skip to any point.…

Read More
23 Dec

Microsoft Patches Azure Cross-Tenant Data Access Flaw

Information, Malware, News

Microsoft has silently fixed an important-severity security flaw in its Azure Container Service (ACS) after an external researcher warned that a buggy feature allowed cross-tenant network bypass attacks. The vulnerability, documented by researchers at Mnemonic, effectively removed the entire network and identity perimeter around  internet-isolated Azure Cognitive Search instances and allowed cross-tenant access to the data plane of ACS instances from any location, including instances without any explicit network exposure. According to Mnemonic researcher Emilien…

Read More
23 Dec

Facebook Agrees to Pay $725 Million to Settle Privacy Suit

Information, News

Facebook parent Meta has agreed to pay $725 million to settle a long-running lawsuit that accused the social network of allowing third parties, including Cambridge Analytica, to access users’ private data. The amount was disclosed in a court filing late on Thursday. “The proposed settlement of $725,000,000 is the largest recovery ever achieved in a data privacy class action and the most Facebook has ever paid to resolve a private class action,” lawyers for the…

Read More
23 Dec

Customer details compromised in LastPass data breaches

Attacks, Data Breaches

The data breaches LastPass suffered in August and November 2022 resulted in confidential customer information being compromised. In a statement, LastPass explained that the August breach saw a malicious actor steal source code and technical information from LastPass’ development environment that was then used to target an employee. This allowed the hacker to gain access to credentials and keys, which they then used to access LastPass’ third-party cloud storage service in November 2022. Using the…

Read More