Editor's Message

Welcome to DBD. On March 8th we celebrated our 4th Anniversary and the 1st Anniversary of our PRiSM application, officially endorsed by the SANS Institute. Despite recent personal issues that have impacted the amount of time I have been able to dedicate to both projects, I have been doing my best to keep everything as up-to-date as possible, and I would like to take this opportunity to thank everyone for their patience and support whilst I navigate through this very difficult time. Stay safe. :)



Monday 9 March 2020

Data Breaches Digest - Week 11 2020

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 9th March and 15th March 2020.


15th March

Smart home developers raise concerns about Alexa and Google Assistant security

14th March

Browser vendor leaks data via open server

How To Maintain Data Security When Staff Is Working From Home

How to Protect Your Business

HSBC say VoiceID saved almost £400m from fraudsters in 2019

Internet Crimes on the Rise: Virtual currency saw the largest percentage increase; others include extortion, lottery, social media, and personal data breaches

Top 10 internet crimes you need to know about

Urgent care walk-in centers in Texas and Florida suffer cyberattacks

13th March

Amazon Is Selling Its Cashierless Checkout to Other Stores — What Happens to the Data?

Arkansas provider alerts 15,000 patients of ransomware attack

Avoid coronavirus scams: What you need to know

Confessions app Whisper spills almost a billion records

Coronavirus: How hackers are preying on fears of Covid-19

CovidLock: Mobile Coronavirus Tracking App Coughs Up Ransomware

Czech hospital hit by cyberattack while in the midst of a COVID-19 outbreak

Data centre ‘incident’ adds to Eskom’s woes

DPC warning on ‘quick-fix’ solutions

European Electricity Association Confirms Hackers Breached its Office Network

Europol takes down SIM-swap hacking rings responsible for theft of millions of euros

February-reported breaches affect 1.4 million patients

For Sale: Card Data From Online Stores Using Volusion

Hackers pounce as coronavirus spread triggers work-at-home movement

Henry Mayo Newhall Hospital Fires Employees for Snooping on Medical Records

Homeland Security sued over secretive use of face recognition

How to Secure Online Payments on Mobile Devices

It’s 10 o’clock, do you know where your data is?

Microsoft releases emergency patch for critical SMB vulnerability in Windows 10 and Windows Server

New York health system back online following ransomware shutdown

North Carolina: Randleman Eye Center Discloses Malware Attack

Oklahoma Accused of Negligence in Massive Data Breach

Open-source security: This is why bugs in open-source software have hit a record high

Parking payment app hit by ransomware attack

PCI Security – why it’s declining globally

Political campaigns and your personal data

Princess Cruises, hobbled by the coronavirus, admits data breach

Princess Cruises Confirms Data Breach

Radio.com users affected in data breach

Scams, Fraud and Misinformation: How Cybercriminals are Taking Advantage of Coronavirus

State-sponsored hackers are now using coronavirus lures to infect their targets

Sunshine Behavioral Health Group Faces Class Action Under CCPA After Data Breach Affecting 3,500 Patients

Tor team warns of Tor Browser bug that runs JavaScript on sites it shouldn't

UK Data Privacy Compliance: Lessons from the ICO’s First Fine

Using advanced machine learning for adaptive fraud prevention

Why Cybersecurity Insurance Should Complement Your Information Security Policies And Practices

12th March

60% of Company Security Breaches Caused by Human Error

Advanced Russian Hackers Use New Malware in Watering Hole Operation

Amid coronavirus scare, ransomware targets public health agency in Illinois

Analytics firm’s VPN and ad-blocking apps are secretly grabbing user data

Applying the 80/20 rule to cloud security

Australia data breach: 90,000 staff, students, suppliers impacted at Melbourne Polytechnic

Beware of What You Download! Tech Giants Sought Lawmakers Help to Protect Data From Health Apps

Can retailers win consumers with voice technology?

Card data from the Volusion web skimmer incident surfaces on the dark web

Cookiethief Android malware uses proxies to hijack your Facebook account

Crooks use weaponized coronavirus map to deliver malware

Cybercriminals raking in $1.5 trillion every year

Cybersecurity Needs a Layered Approach to Stay Ahead of Attackers

Cybersecurity Trends in 2020 & the Threats Facing the Industry

Data of millions of eBay and Amazon shoppers exposed

Dell: Cost of data loss per organization surpassed $1M in the past year

DHS Warns APT Attackers Exploiting Microsoft Exchange Server Flaw

DoppelPaymer Ransomware Ups the Threat Level by Posting Victim’s Data Publicly If They Don’t Pay

Employees working from home to avoid coronavirus? Protect your data

Excessive permissions biggest threat to cloud security

Facebook cookie-stealing trojans surface on Android devices

Google Will Appeal Latest GDPR Fine

Hacking a network, using an ‘invisibility cloak’ – Is it that simple?

How to delete yourself from the internet

ICO Fines: When Is An Appeal Appealing?

Lawsuit filed against Dept. of Securities over massive data breach

Majority of businesses in SEA aim to improve IT security

Microsoft discontinues RDCMan app following security bug

Microsoft patches SMBv3 wormable bug that leaked earlier this week

Nearly 300 cybersecurity incidents impacted supply chain entities in 2019

Necurs zombie botnet disrupted by Microsoft

New Report Shows Breach Costs Continuing to Grow

Open Source Push Highlights Security Flaws

Open source vulnerabilities increase almost 50 percent in 2019

Payment Data From 2019 Volusion Hack Appears On Dark Web

Phishing attacks exploit YouTube redirects to catch the unwary

Shared Responsibility in Data Security

Startups: Your Most Valuable Asset in the Long Run Will Be Your Customers’ Trust

The Biggest Data Breaches and GDPR Fines – Google Tops the List

This free service shows who has your data—and helps you delete it

Two-Thirds of Healthcare Organizations Have Suffered a Security Incident

Unsecured database exposes 76,000 fingerprints

Vulnerabilities Patched in Popup Builder Plugin Affecting over 100,000 Sites

Web Application Security at Every Stage of the SDLC

What’s the best approach for ethical data use?

Will 5G Implementation Lead to an Increase in Ransomware Attacks?

Wireless SoCs Get Hardware Security

World is at permanent cyber war say security professionals

Wyoming hospital alerts patients of phishing attack

11th March

5 ways to stay avoid phishing lures

75% of Healthcare Organizations Globally Have Experienced Cyberattacks

100 data breaches by the UK Home Office

Are You Ready for a Data Breach?

Avast disables the JavaScript engine component due to a severe issue

Brazil: Millions of Records Leaked, Including Biometric Data

Clearview AI Data Breach Exposes Facial Recognition Firm’s Client List

Crafty Web Skimming Domain Spoofs “https”

Data Breach Enforcement in the UK and in the EU: Cross-Border Issues

Data breaches trend upward for 2019

'Data localisation won't help with cyber security,' say cyber security professionals, researchers

Dutch government loses hard drives with data of 6.9 million registered donors

European electricity association warns of office network breach

Fantasies of 900 million Whisper users exposed in yet another data breach

February sees huge jump in exploits designed to spread Mirai botnet

Government withholding information in data breach

Hackers are working harder to make phishing and malware look legitimate

Health Provider Sued for Failing to Safeguard Patient Data

How to prevent the data breach that keeps on happening

Israeli spyware company accused of WhatsApp hack: Facebook lied in lawsuit

Keeping Data Secure in the Always-On World

Local governments: Don't pay ransoms to hackers

Media and e-commerce brands are top targets for phishing attacks

Microsoft takes down global zombie bot network

Modern RAM used for computers, smartphones still vulnerable to Rowhammer attacks

Nearly 60% of Security Professionals Trust Cybersecurity Findings Verified by Humans over AI

Northeast Radiology Sends Notification of Data Security Incident

Ransomware attacks on healthcare facilities spike 350%

Redefining Bot Detection: Why Identity Matters

Safeguarding Healthcare for the Future With Zero Trust Security

University of Hertfordshire avoids data breach action by UK watchdog

What is cryptojacking (with examples) and how do you stop it?

Whisper, an anonymous secret-sharing app, failed to keep messages or profiles private

Why are governments so vulnerable to ransomware attacks?

Why hackers are more persistent than security teams

10th March

8 million UK shopping records exposed on the web, customers’ personal info leaked

Apple, Samsung, Google get letter from lawmakers to protect data from period tracker apps

ASD teamed up with GCHQ for stolen credit card crackdown

Avast AntiTrack certificate bug allowed others to snoop on your online activities

Bank’s voice ID system detects record number of fraud attempts

Coronavirus 'fake news' Twitter accounts shut down

Cyber hackers demand $30m from ‘major international company’ with office in Perth

Cyber Security Trends: Tips from recent UK enforcement - Part 1

Cybersecurity Has A People Problem

Details about new SMB wormable bug leak in Microsoft Patch Tuesday snafu

Durham City and County services targeted in cuber attack, 80 servers taken offline

FBI arrests Russian behind Deer.io, a Shopify-like platform for cybercrime

Following Data Breach, In-House Counsel Should Review Company Email Policies

GDPR: Is it time for the ICO to get tough?

Google data puts innocent man at the scene of a crime

Hackers impersonate Vanderbilt University Medical Center to lure victims in phishing attacks

Hackers using fake HIV test results, coronavirus emails to target healthcare companies

How poor IoT security is allowing this 12-year-old malware to make a comeback

Human Error Linked to 60% of Security Breaches

Intel CPUs vulnerable to new LVI attacks

Intel's data center CPUs vulnerability could lead to "devastating" attacks

IoT Security Market is Projected to Grow From USD 8,472.19 Million to USD 73,918.82 Million by 2026 With a CAGR of 31.20% - Valuates Reports

IT Vs. The Big Phish: Study Finds Split On Security Risk

It’s 2020 and Only 20% of Companies Are Ready for a Ransomware Attack

Microsoft March 2020 Patch Tuesday fixes 115 vulnerabilities

Microsoft orchestrates coordinated takedown of Necurs botnet

Microsoft shares nightmare tale: 6 sets of hackers on a customer's network

Microsoft warns of Human-Operated Ransomware as a growing threat to businesses

New cybersecurity legislation – ‘password123’ is illegal?

NSW govt pledges to introduce mandatory data breach reporting

Password managers: A little pain for a lot of security

Passwords Remain the Main Method of Authentication and Top Cause of Data Breaches

Poor Rowhammer Fixes On DDR4 DRAM Chips Re-Enable Bit Flipping Attacks

Privacy and Data Security Alert - March 2020

Securing customer data in a digital world filled with threats

Securing the PII ‘crown jewels’ of health IT systems

Sextortion hackers use 'friend's naked girlfriend' lure

Stop saying employees are the weakest link in cybersecurity

The Necessary Evolution of SecOps to DevSecOps

This ransomware campaign has just returned with a new trick

Thousands of Malaysian credit card details leaked in massive breach

U.S. Ex-Inspector General Indicted for Stealing Data on 250,000 DHS Employees

Verizon Business adds biometrics to cybersecurity solution portfolio

Watchdog Finds Security Weaknesses in NIH's Records System

What’s Driving Identity Access Management in 2020?

Why a risk-based approach to application security can bolster your defenses

Why the Wawa Data Breach Serves as a Warning That “Good Enough” is Never Enough

Years-long campaign targets hackers through trojanized hacking tools

9th March

5 Data Security Errors That Can Break Your Business

2020: The Year of Mobile Sneak Attacks?

A Philly lawyer nearly wired $9,000 to a stranger impersonating his son’s voice, showing just how smart scammers are getting

A Round-up of Data Breaches in February 2020

An introduction to cyber security and data protection

Australia Sues Facebook For Data Breach Of 300K Citizens In Cambridge Analytica Case

Australia vs Facebook as Privacy commissioner launches Federal Court action

Biometrics and new standards – the key to digital security

Brave to generate random browser fingerprints to preserve user privacy

Cambridge Analytica: Australia takes Facebook to court over privacy

Cathay Pacific fined £500,000 after "brute force" data breach

Cyberattackers are delivering malware by using links from whitelisted sites

Dump your passwords, improve your security. Really

Eckert Seamans lawyer warns about voice fakers after he nearly wired $9K to scammer

Eight Best Practices For Avoiding Data Breaches

Fort Worth ISD Hacked, Joining Other Texas Schools, Towns Hit By Ransomware Attacks

From Facebook to Marriott: the biggest data breach fines companies have had to pay

Healthcare Providers Lose an Average $2.75 Million per Data Breach

Holistic Cybersecurity a Must for the Healthcare Industry

Infographic: Cyber Attacks and Data Breaches of 2019

Inside the Insider Threat

Insurance provider alerts members of phishing attack

IoT May be a Hacker’s Delight, Both Inside and Out

Is Enterprise Password Death Really Inevitable?

It’s not a breach… it’s just that someone else has your data

Many companies still lacking in data breach readiness

Microsoft Edge has more privacy-invading telemetry than other browsers

Millions of UK businesses experience data breaches due to employee error

Mobile malware: Hidden apps give cyber criminals a sneaky backdoor

Multiple nation-state groups are hacking Microsoft Exchange servers

NordVPN HTTP POST bug exposed customer information, no authentication required

Oh, you won an award? Don't click that vanity scam spam link

Passwords belong in time capsules, not IT ecosystems

Phishing: Google just made it easier to use 2FA to secure your accounts

Policy Management: Choosing the Right Data Privacy Software, Part 1

Report: 267 million Facebook users IDs and phone numbers exposed online

Spying concerns raised over Iran's official COVID-19 detection app

Take These 4 Steps to Protect Yourself After a Data Breach

Two-factor authentication isn't as secure as you might expect

UK regulator fines Cathay Pacific £500k for data breaches