Data

More than 470,000 members of dark web hacking site RaidForums have had their data leaked by Exposed, another hacking forum. Members of the forums would put the various data stolen during data breaches on the site, where it could be purchased by other members for use in other malicious activities, including phishing and social engineering campaigns and even identity theft. In April 2022, the site shut down after its infrastructure and website were seized during an international law enforcement operation. The site then became BreachForums, a site notorious for launching a cyber attack against Australian healthcare and insurance provider Medibank…

The personal information of more than 1.5 million women has been put up for sale on the dark web following an alleged data breach of Indian lingerie brand Zivame. The alleged data breach was discovered after an advert offering the sale of the personal data stolen during the hack was posted on the dark web and the messaging app Telegram. The sellers, who are claiming to be the malicious actors who stole the data, are offering the entire database for US$500.  The data for sale includes the names, email addresses, phone numbers and home addresses of more than 1.5 million…

Owner and operator of social media site Facebook, Meta Platforms Ireland (Meta IE), is facing a record €1.2bn (US$1.2 bn) fine after an investigation by the Irish Data Protection Authority (IE DPA) into its data transfer practices.  Meta has also been instructed to ensure its data transfers meet General Data Protection Regulation (GDPR) standards. The fine, which is the largest ever GDPR fine issued ever, was imposed by the European Data Protection Board (EDPB) for Meta IE’s transfers of personal data to the US for standard contractual clauses from July 2020. According to EDPB Chair, Andrea Jelinek, Meta IE’s GDPR…

OpenAI, creator of artificial intelligence (AI)-powered chatbot ChatGPT, has confirmed that a bug in the chatbot’s source code may have caused a data leak.  According to OpenAI, a vulnerability in the Redis open-source library used by ChatGPT meant that “some users” were able to see “titles from another active user’s chat history” as well as potentially being able to view the first message of a new conversation if both users were active at the same time.  The company also admitted that the bug may have caused the “unintentional visibility of payment-related information” for premium ChatGPT users that were active between…

Samsung employees have allegedly leaked confidential company information to AI-powered chatbot, ChatGPT. According to The Economist Korea, three separate incidents occurred despite the company originally being wary of adopting ChatGPT. Samsung had previously expressed concern that ChatGPT may leak confidential information, issuing a warning to employees to “pay attention to the security of internal information” and not enter private information.  Each incident allegedly involved a company engineer entering confidential information into ChatGPT within just 20 days. Over that time, one engineer allegedly entered Samsung’s source code into the chatbot when looking for a solution to a bug; another recorded a…

Survey methodology and respondent profiles The results in this report are from the Cyber Security Hub survey which we fielded to subscribers from May and June 2020 to benchmark actual results from H1 2020 vs. expectations for H2 2020. A balanced representation of the enterprise cyber security mindset, the largest segment of survey respondents (41 percent) describes their job function as cyber security. The next largest segment is IT at (27 percent) followed by corporate management at (9 percent). Qualified respondents were truly cross industry coming from automotive, education, financial services, government, healthcare/life science, manufacturing, media/telecommunications, retail/consumer packaged goods (CPG),…

What threat vectors influenced your 2023 security strategy and threat defense? What security tools is your company investing in?  Cyber Security Hub is asking cyber security professionals to share their key insight on the trends, challenges and investment opportunities they are seeing in the cyber security space. The survey contains 17 questions and takes just 15 minutes to complete. By completing it you be helping other cyber security professionals by sharing your expertise and contributing to key sector research, enabling Cyber Security Hub in our mission to provide relevant and accurate information, articles and reports to our community. This survey will help inform…

Marketing automation company Mailchimp has reported that it has been the victim of a social engineering attack-related data breach. This marks the second attack of this kind the company has suffered in less than a year.  The breach took place on January 11 and, according to Mailchimp, involved an “unauthorized actor accessing one of [the] tools used by Mailchimp customer-facing teams for customer support and account administration”.   Following this, the malicious actor launched social engineering attacks on Mailchimp employees and contractors used by the company. Through these attacks, the hacker was able to steal employee credentials and then used this…

Cyber security in 2021 Based on the current global macroeconomics construct, there is little sign that budgets will rise during H1 2021. That said, ever increasingly complex automated attackers are identifying new vulnerabilities and activating new enterprise breaches. Unfortunately, some of those breaches are becoming true incidents. Automating enterprise cyber security and cyber artificial intelligence (AI) have, for many seemed desirable rather than mandatory. That simply will not be the case moving forward. Cyber security executives are now separating the wheat from the chaff in the automation solution search. Finding a provider with demonstrable results is a must. CISOs are…

A brief introduction to cloud migration Cloud migration describes moving some or all of a company's IT resources, databases, applications, services and digital assets onto the cloud. The push by companies to move towards cloud-based storage has led to cloud evolution which has, in turn, led to a cloud-first mindset. With the push towards remote work and digitization seen over the past couple of years, cloud adoption and development is becoming a must-have for businesses. As a result, the four cornerstones of cloud security now must be realized. In this article, we will explore: 1. Accountability: Using the RACI matrix…