Security News

It's time to patch your Cisco security solutions againCisco has released another batch of security updates and patches for a variety of its offerings, including many of its security solutions. Techniques and strategies to overcome Kubernetes security challengesFive security best practices for DevOps and development professionals managing Kubernetes deployments have been introduced by Portshift.

The Royal Yachting Association has told members that "An unauthorised party" may have pilfered a database containing personal information from 2015. Stolen information included names, email addresses and "Hashed passwords", including a "Majority held with the salted hash function." No payment or financial information was said to have gone walkies.

Wednesday is the deadline to seek cash payments and claim free services as part of Equifax's $700 million settlement over a massive data breach. The compromised data included Social Security numbers, birth dates, addresses, driver license numbers, credit card numbers and in some cases, data from passports.

Microsoft has today announced a data breach that affected one of its customer databases. The company informed Microsoft, and Microsoft quickly secured the data.

The State of Breach Protection 2020 survey provides insights into these questions and others. 1) Lack of consolidation is a protection inhibitor - Organizations that currently deploy advanced security products report that maintaining a multi-product security stack is the main obstacle in reaching the desired protection.

What are the key considerations security decision makers should take into account when designing their 2020 breach protection? To answer this, Cynet polled 1,536 cybersecurity professionals to understand the common practices, prioritizations and preferences of organization today in protecting themselves from breaches. Security executives face significant challenges when confronting the evolving threat landscape.

Three weeks into the new year, several hacking incidents involving email have already been added to the federal tally of major health data breaches. In a statement posted on the organization's website last week - which has since been removed - NARA said the attack, which took place on Nov. 4, 2019, and involved Emotet Trojan malware, "a credential stealer that can also obtain emails and files in email attachments."

Mitsubishi Electric says hackers exploited a zero-day vulnerability in its anti-virus software, prior to the vendor patching the flaw, and potentially stole trade secrets and employee data. Mitsubishi Electric says data it believes was exposed during the attack includes records belonging to 1,987 job applicants, employee data for 4,566 new graduate recruitment applicants, information on 1,569 retired employees, as well as corporate-confidential technical and sales materials.

Japanese multinational Mitsubishi Electric has admitted that it had suffered a data breach some six months ago, and that "Personal information and corporate confidential information may have been leaked." According to several reports from Japanese daily newspapers, the company discovered the data breach in late June, when they detected suspicious activities on a server at its Information Technology R&D Center in Kamakura, Kanagawa Prefecture, Japan.

Portland, Oregon-based children's clothing maker Hanna Andersson has quietly disclosed a breach to affected customers. According to the breach notification letter, the "Incident potentially involved information submitted during the final purchase process on our website, www.hannaandersson.com, including name, shipping address, billing address, payment card number, CVV code, and expiration date." These details are often known on the dark web as 'fullz'; that is, the data contains all the information necessary for a criminal to make fraudulent purchases via the internet.