#DataProtection

A mishandled GitHub token exposed Mercedes-Benz source code

by

January 30, 2024 at 01:46PM A mishandled GitHub token granted unrestricted access to Mercedes-Benz’s internal GitHub Enterprise Service, exposing sensitive source code. RedHunt Labs discovered and reported the security breach, prompting Mercedes-Benz to revoke the token and remove the public repository. The leak could have severe consequences, including reverse-engineering proprietary technology, potential GDPR infringement, and … Read more

A Cyber Insurer’s Perspective on How to Avoid Ransomware

by

January 30, 2024 at 08:23AM The Cyber Claims Report observes the evolving nature of cyber threats, particularly ransomware. In 1H 2023, ransomware frequency increased by 27% from 2H 2022, with an average loss of over $365,000 and an average ransom demand of $1.62 million. Businesses with more than $100 million in revenue were hit the … Read more

UK biometrics boss bows out, bemoaning bureaucratic blunders

by

January 30, 2024 at 04:34AM The farewell report by the UK’s biometrics and surveillance commissioner, Dr. Fraser Sampson, criticizes the Home Office’s management of technology. He expressed frustration over lack of support and the impending abolition of the commissioner’s role. Concerns were raised about the future oversight and governance of biometrics and surveillance technology, including … Read more

Wyden Releases Documents Confirming the NSA Buys Americans’ Internet Browsing Records

by

January 26, 2024 at 05:12PM Senator Ron Wyden released documents revealing that the NSA purchases Americans’ internet records, prompting a call for intelligence agencies to cease buying unlawfully obtained personal data from data brokers. Wyden emphasized the need for legal and ethical data practices, highlighting the potential privacy violations and the lack of informed consent … Read more

Black Kite Unveils Monthly Ransomware Dashboards

by

January 26, 2024 at 05:05PM Black Kite unveiled the first monthly ransomware dashboard, offering insights on ransomware groups, victims, and attack patterns. December’s research revealed common compromise indicators and the emergence of the WereWolves ransomware group targeting U.S., Europe, and Russia. The dashboard also highlighted industry-specific cyber-risks and evolving tactics of ransomware groups for informed … Read more

How to secure AD passwords without sacrificing end-user experience

by

January 24, 2024 at 10:19AM Hackers attempted 1,287 password attacks per second in 2022, highlighting the importance of strong password security. Many users still use easy-to-guess passwords, creating security vulnerabilities. Organizations can promote longer, unique passwords and correlate password expiration with password length to enhance security. Tools like Specops Password Policy can help enforce these … Read more

Prompt Security Launches With AI Protection for the Enterprise

by

January 24, 2024 at 10:05AM Prompt Security launched a solution that uses AI to secure companies’ AI products, preventing prompt injection and jailbreaks. Their approach also aims to prevent accidental exposure of sensitive data to tools like ChatGPT. Recognizing potential risks of generative AI adoption, Prompt Security offers protection by inspecting prompts and model responses, … Read more

Amazon’s French Warehouses Fined Over Employee Surveillance

by

January 24, 2024 at 05:06AM France’s data protection agency fined Amazon’s French warehouses unit 32 million euros for an “excessively intrusive” surveillance system monitoring employee performance through package processing scanners. The system raised alerts for inactivity exceeding 10 minutes and fast handling of packages. The surveillance violated EU’s data protection regulation. The fine equals about … Read more

COVID-19 test lab accused of exposing 1.3 million patient records to open internet

by

January 24, 2024 at 02:32AM A password-less database with 1.3 million Dutch COVID-19 testing records was exposed online, including personal data like names, birth dates, and passport numbers. The database belonged to CoronaLab, a recommended commercial COVID-19 test provider in the Netherlands. Despite attempts to notify them, no response was received, and it took three … Read more

German IT Consultant Fined Thousands for Reporting Security Failing

by

January 22, 2024 at 03:31PM A security researcher in Germany was fined €3,000 for reporting a vulnerability in an e-commerce database that put customer information at risk. Modern Solution GmbH downplayed the data exposure, leading to a legal battle. Hendrik H. was initially vindicated by the District Court but was eventually fined and is planning … Read more