Timehop Hacked — Hackers Stole Personal Data Of All 21 Million Users

And the hacks just keep on coming. Timehop social media app has been hit by a major data breach on July 4th that compromised the personal data of its more than 21 million users. Timehop is a simple social media app that collects your old photos and posts from your iPhone, Facebook, Instagram,...

Ninja Forms < 3.3.9 - Insufficient Restrictions during Export Personal Data requests

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by an Insufficient Restrictions during Export Personal Data requests security vulnerability...

Typeform, Popular Online Survey Software, Suffers Data Breach

Typeform, the popular Spanish-based online data collection company specializes in form building and online surveys for businesses worldwide, has today disclosed that the company has suffered a data breach that exposed partial data of its some users. The company identified the breach on June 27th,...

Ticketmaster Suffers Security Breach – Personal and Payment Data Stolen

Global entertainment ticketing service Ticketmaster has admitted that the company has suffered a security breach, warning customers that their personal and payment information may have been accessed by an unknown third-party. The company has blamed a third-party support customer service chat...

Plant Your Flag, Mark Your Territory

Many people, particularly older folks, proudly declare they avoid using the Web to manage various accounts tied to their personal and financial data -- including everything from utilities and mobile phones to retirement benefits and online banking services. The reasoning behind this strategy is a...

GDPR Is Here: How GDPR Readiness Can Boost Your Business

Most discussions about the EU’s General Data Protection Regulation GDPR have naturally focused on best practices for achieving compliance and avoiding penalties. With GDPR now a reality for all companies that store and process personal data of EU residents, an often overlooked aspect has been the...

Mozilla Announces Firefox Monitor Tool Testing, Firefox 61

Mozilla has made some sweeping security announcements this week: On Monday, the company announced it is testing a new security tool called Firefox Monitor, which the firm said securely checks to see if users’ accounts have been hacked. That news came just as the browser giant released Firefox 61...

Platypuses and Policies: Akamai's Approach to the GDPR and Information Security

Written by Meyer Potashman On May 25, 2018, the EU General Data Protection Regulation GDPR went into effect. In preparation, Akamai, like every other company that does business with or interacts in any way with individuals in the EU, needed to re-evaluate our approach to data protection and priva...

Dixons Carphone Cyberattack Targets 5.9M Bank Cards

European electronic and telecom retailer Dixons Carphone has discovered a massive cyber-attack that may have compromised millions of payment cards and personal data records, it said Wednesday. The U.K.-based retail giant, whose subsidiaries include Carphone Warehouse, Currys, PC World, Elkjøp and...

Signature Validation Bug Let Malware Bypass Several Mac Security Products

A years-old vulnerability has been discovered in the way several security products for Mac implement Apple's code-signing API that could make it easier for malicious programs to bypass the security check, potentially leaving millions of Apple users vulnerable to hackers. Josh Pitts, a researcher...

CVE-2017-5425

The Gecko Media Plugin sandbox allows access to local files that match specific regular expressions. On OS OX, this matching allows access to some data in subdirectories of "/private/var" that could expose personal or temporary data. This has been updated to not allow access to "/private/var" and...

CVE-2017-5425

The Gecko Media Plugin sandbox allows access to local files that match specific regular expressions. On OS OX, this matching allows access to some data in subdirectories of "/private/var" that could expose personal or temporary data. This has been updated to not allow access to "/private/var" and...

New Data Privacy Regulations

When Marc Zuckerberg testified before both the House and the Senate last month, it became immediately obvious that few US lawmakers had any appetite to regulate the pervasive surveillance taking place on the Internet. Right now, the only way we can force these companies to take our privacy more...

GDPR Is Here: Put File Integrity Monitoring in Your Toolbox

In this latest post of our series on the EU’s General Data Protection Regulation, we’ll explain how file integrity monitoring FIM can be crucial in helping organizations comply with this severe regulation. GDPR, which went into effect in May and applies to organizations worldwide that handle EU...

Fraudsters Claim To Hack Two Canadian Banks

UPDATE Two Canadian banks have reported that they may be targets of a hack, after bad actors claimed that they electronically accessed personal and account information of a combined 90,000 customers. The attackers have asked for a ransom of 1 Ripple XMR from each, which translates to around $1...

GDPR Is Here: Achieve Superior Data Breach Prevention and Detection with Qualys

Turned into law in 2016, the EU’s General Data Protection Regulation GDPR finally goes into effect this week, slapping strict requirements on millions of businesses and subjecting violators to severe penalties. The complex regulation applies to any organization worldwide -- not just in Europe --...

Penetration Testing Requirements for GDPR

We get lots of people asking us what it is they need to have tested as a requirement for GDPR Compliance, so I've put this together to provide some clarity. This post is NOT a definitive guide to the General Data Protection Regulations. It is however, helpful, real world advice about what you...

72 Hours: Understanding the GDPR Data Breach Reporting Timeline

We're down to the wire with respect to the General Data Protection Regulation GDPR compliance deadline of May 25, 2018. Organizations that fail to comply could face fines of up to €20M roughly $22M or 4 percent of their annual global turnover from the prior year and we’ll soon see just how EU...

FBI Releases IC3 2017 Internet Crime Report

FBI has released the Internet Crime Complaint Center IC3 2017 Internet Crime Report, which highlights scams trending online. The top three crime types reported by victims in 2017 were non-payment/non-delivery, personal data breach, and phishing. Hot topics for 2017 include ransomware, business...

Flexense DiskSorter 10.7 Cross Site Scripting

Description: URL: localhost/ Affected Component: /?n0ipr0csalert'XSS'n0ipr0cs=1 Vulnerability Type: Cross Site Scripting https://cwe.mitre.org/data/definitions/79.html Vendor of Product: Flexense DiskSorter Version: from v9.5.12 to v10.7. Attack Type: Remote Impact: This attack allows an attacker...