Hackers grab Social Security numbers from California Pizza Kitchen
California Pizza Kitchen (CPK) has revealed a data breach that exposed the Social Security numbers of more than 100,000 current and former employees.
The U.S. pizza chain, which has more than 250 locations across 32 states, confirmed the incident in a data breach notification posted this week. The company said it learned of a “disruption” to its systems on September 15 and moved to “immediately secure” its environment. By October 4, the company said it had determined cybercriminals had infiltrated its systems and gained access to certain files, including employee names and SSNs.
continue reading: https://techcrunch.com/2021/11/18/california-pizza-kitchen-data-breach/
How midsize companies are vulnerable to data breaches and other cyberattacks
Cybercriminals will attack any type of organization large or small if they think they can profit from it and get away with the crime. But while large enterprises usually have the budgets, people and resources to protect themselves from a cyberattack, the same isn’t necessarily true for smaller businesses. A report released Thursday by security provider Coro reveals a lack of preparedness on the part of mid-market companies.
continue reading: https://www.techrepublic.com/article/how-midsize-companies-are-vulnerable-to-data-breaches-and-other-cyberattacks/
Consumers like the benefits of online shopping despite the security risks
Online shopping has proven to be a quick and convenient way to buy virtually anything. And it’s been a lifesaver during the pandemic when we couldn’t go out to pick up groceries, food, and other essential items. But like any website, retail sites can be vulnerable to data breaches and security flaws. Do concerns about security issues deter people from shopping online? Not according to a report from software security provider NTT Application Security.
continue reading: https://www.techrepublic.com/article/consumers-like-the-benefits-of-online-shopping-despite-the-security-risks/
New benchmarking study to yield cybersecurity insights
Security industry experts have teamed up to undertake a new research project that seeks to produce an unprecedented cyber benchmarking analysis, ultimately answering the key question of “what should you focus on” when it comes to enterprise security, according to the program’s research director.
continue reading: https://venturebeat.com/2021/11/17/large-scale-global-cyber-project-aims-to-answer-most-pressing-security-questions/
Tackling the root of the public sector’s cyber security problem
Iouri Prokhorov, founder of Helastel, discusses how the cyber security pitfalls that plague the public sector can be tackled.
We are regularly confronted with reminders that the public sector is both a key target for cyber attacks, and woefully unprepared for them. The latest rude awakening came with the news that the UK Labour Party had been hit by a ‘cyber incident’, rendering a large number of its members’ and supporters’ data inaccessible and vulnerable. The incident, which affected a third-party IT supplier, bore the hallmarks of a ransomware attack, according to cyber security experts, where cyber criminals demand money to restore access to seized and encrypted data.
continue reading: https://www.information-age.com/tackling-root-of-cyber-security-problem-public-sector-123497754/
Combating human error key to cybersecurity policies
Human error is inevitable, even in fields as thorough and technically efficient as cybersecurity. While there are mechanisms in place to prevent and detect such occurrences, on occasion, even an enterprise that is usually a well-oiled machine can fall victim to vulnerabilities that may arise due to the human factor. Fortunately, by identifying common problem areas and addressing them accordingly, organizations can keep human error to a minimum and ensure that business operates as usual.
Though the human factor is a major nontechnological stumbling block to cybersecurity, an organization’s networks and data can be secured if employees obey clear, well-defined security policies, and practice and participate in routine cybersecurity training and exercises.
continue reading: https://www.isaca.org/resources/news-and-trends/newsletters/atisaca/2021/volume-38/human-error-in-cyberspace
Ransomware gangs are now rich enough to buy zero-day flaws
Cyber criminals are becoming more advanced as they continue to find new ways to deliver attacks, and some are now willing to buy zero-day vulnerabilities, something more traditionally associated with nation states.
Knowledge about vulnerabilities and exploits can command a high price on underground forums because being able to take advantage of them can be very profitable for cyber criminals. That’s especially true if this knowledge involves a zero-day vulnerability that’s not known about by cybersecurity researchers – and that’s because attackers know potential victims won’t have had the chance to apply security updates to protect against it.
continue reading: https://www.zdnet.com/article/ransomware-gangs-are-now-rich-enough-to-buy-zero-day-flaws-say-researchers/
200M Adult Cam Model, User Records Exposed in Stripchat Breach
A database containing the highly sensitive information on both users and models on the popular adult cam site Stripchat were discovered online, left completely unprotected. The data exposure puts models and users at risk of extortion, violence and more.
Stripchat is a popular site founded in 2016 and based in Cyprus that sells live access to nude models.
Volodymyr “Bob” Diachenko, head of security research Comparitech, reported that he discovered the database on an Elasticsearch cluster on Nov. 5. It contained about 200 million Stripchat records, he said, including 65 million user records containing email addresses, IP addresses, the amount in tips they gave to models, a timestamp of when the account was created and the last payment activity.
continue reading: https://threatpost.com/adult-cam-model-user-records-exposed-stripchat-breach/176372/
Read more Cyber Security News at https://que.com/tag/cybersecurity/
