Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Data Breaches

5 Common Elasticsearch Mistakes That Lead to Data Breaches

Avon and Family Tree aren’t companies you would normally associate with cybersecurity, but this year, all three were on the wrong side of it when they suffered massive data breaches. At Avon 19 million records were leaked, and Family Tree had 25GB of data compromised. What do they have in common? All of them were using Elasticsearch databases. These are just the latest in a string of high profile breaches that have made Elasticsearch notorious in cybersecurity.

Vendor due diligence: Protect yourself from third-party breaches

The most dependable cybersecurity strategies involve assiduously monitoring for external attack vectors. But if this is the only dimension you are monitoring, your internal networks could be compromised while your back is turned. The threat of a cyberattack is not only on the external front, many data breaches occur through compromised vendors, even highly reputable ones. To prevent cyber criminals from accessing your sensitive data through breached vendors, read on.

False Positive Breaches: Universal Audit Log Search Office 365

Modern cyber security threats have today mutated into a new class that is immune to detection and prevention solutions offered by the security industry. We are looking at this new generation of hackers that master zero-day exploits, credential thefts, fake identities, and developing stealthy malware. These threats have kept the security personnel on their toes, figuring out what the next attack would look like. One of these challenges includes identifying false positive and false negative alerts.

Tighten Up Your Strategy: Evaluating the Leakiness of a Cloud App

We at Netskope Threat Labs have published a series of blogs detailing the misconfigurations in cloud apps causing data exposure. Misconfiguration and sensitive data exposure have been listed as predominant top 10 OWASP security risks for years, and are now also the predominant cause of cloud data breaches.

7 High-Risk Events to Monitor Under GDPR: Lessons Learned from the ICO's BA Penalty Notice

Hello Security Ninjas, Today's IT world is complex and can be challenging for security operations teams. Nowadays, more apps are being integrated and interconnected than ever before. Cloud services and SaaS solutions purchased all throughout the organization outside of the IT department add even more complexity. Communicating to application and service owners the kind of activities that need to be logged and sent to the SOC can be a daunting task.

Featured Post

How to Handle a Data Breach Within Your Company

Prevention, they say, is better than cure. Most companies have put in place stringent data security measures to prevent any kind of breach. However, following recent security breaches of tech-savvy giants like Twitter, Target, and Gmail, it's clear that no company is 100% immune to a breach. Therefore, businesses must draw an action plan for handling a data breach should the security and prevention measures fail. Here's a comprehensive data breach response guide every company should implement when the situation calls for it.

Which DLP Tasks to Automate - and Which to Do Manually

Just this week, the news broke that a poorly-secured AWS server exposed over 10 million hotel reservation logs from Cloud Hospitality websites, putting the information of millions of guests at risk. As of June 2020, more than 3.2 million consumer records have been exposed in the ten biggest data breaches this year. Organizations in virtually every industry struggle to get data loss prevention (DLP) right due to one big misconception about this important cybersecurity practice.

The North Face resets passwords after credential-stuffing attack

An undisclosed number of customers of outdoor clothing retailer The North Face have had their passwords reset by the company, following a credential-stuffing attack. The company has revealed that on October 9, 2020, it became aware that hackers had used usernames and passwords stolen from a third-party website to gain unauthorised access to customer accounts.

What's the Cost of a Data Breach in 2019?

According to the 2019 Cost of Data Breach Report from Ponemon Institute and IBM Security, the global average cost of a data breach has grown by 12 percent in the last five years to $3.92 million. This was driven by the multi-year financial impact of breaches, increased regulation and the difficult process of resolving cyber attacks.

Barnes & Noble warns customers it has been hacked, customer data may have been accessed

American bookselling giant Barnes & Noble is contacting customers via email, warning them that its network was breached by hackers, and that sensitive information about shoppers may have been accessed. In the email to customers, Barnes & Noble says that it became aware that it had fallen victim to a cybersecurity attack on Saturday October 10th.