Email-based attacks can take many forms, and are typically deployed by cybercriminals in order to extort ransom or leak sensitive data. Just recently, a banking Trojan named Trickbot targeted Italy, a hotspot for COVID-19 cases, with email spam campaigns. While the email subject line is in line with the daily concerns and talks about spread of the virus, the attachment was actually a malicious script.
While the Capital One breach may have been jaw-dropping in its sheer scale, there are best practice lessons to be learned in its remediation response, says Nick Carstensen, technical product evangelist at Graylog.
Recent allegations of an ex-Tesla employee syncing the Autopilot source code to his personal iCloud account is yet another classic case of how poor data security is, even in some of the most technologically advanced organizations. The Tesla leak isn’t even the first time that a data breach of such immense magnitude pertaining to self-driving technologies has occurred; in July 2018, an Apple employee was caught using AirDrop to transfer 40GB of confidential data to a personal PC.
Data breaches don’t wait for a convenient time to strike. They sometimes take months to uncover. They are complicated beasts, but once you’ve uncovered them some complex rules kick in that determine when you need to report the breach. Reporting a breach can be a daunting prospect. You’ll need to make a public statement in most cases, you may need to report the breach, and there may be legal requirements.
Read the latest news on Magecart attacks! We’ve trawled the web for the latest news of data breaches, including updates on previous attacks. Now featuring insider insights from our own Security Researcher! Latest attacks: New! Major Attack on US Medical Debt Collection company American Medical Collection Agency (AMCA). Their payment portal was compromised for 8 months from August 1st, 2018 to March 30th, 2019.
A critical vulnerability in Evernote’s Web Clipper Chrome extension recently allowed hackers to steal data present in active web sessions. Web Clipper, an extension that allows users to save screenshots of webpages, emails, images, articles, etc., had a vulnerability that provided hackers with easy access to the websites accessed by its 4.5 million users before it was fixed on May 31, 2019.
We’ve discussed Magecart very frequently in recent months and it’s getting worse, with new attacks coming to light on a weekly basis. At RapidSpike, we are committed to raising exposure on these types of attacks and educating companies as to how they can effectively detect data breaches and reduce their exposure to them.
A new monthly feature blog on all things Magecart going on in the news. This summary gives you all the known facts about data breaches reported in the news as well as an insight from our own RapidSpike Security Researcher.
