Security News
The COVID-19 pandemic engendered new vulnerabilities in the digital ecosystem for threat actors to exploit, resulting in items like vaccines, fraudulent vaccine certificates, and other COVID-19 related items being sold in dark marketplaces and underground forums, a Constella Intelligence report reveals. The research analyzed the value of personally identifiable information, drawing links between the breach economy, PII, and a range of emerging digital threats to executives and brands.
Black Hat: Researchers created 300 fake identities, signed them up on 185 legit sites, then tracked how much the sites used signup PII to pester the accounts. Researchers created 300 fake identities, signing them up on 185 legitimate websites ranging from Target to Fox News, with each identity used on a single website.
Skyflow launched PII Data Privacy Vault, a zero trust data vault for securely handling sensitive customer information. The PII Data Privacy Vault includes the new Skyflow Data Governance Engine, which enables fine-grained access control to data based on roles, policies, or attributes.
The Knight Ink vulnerability research study details findings, and also notes that the results are particularly worrisome given the increased reliance on mHealth apps during the global pandemic, which in turn is drawing threat actors to mHealth apps as an attack surface of choice. "Observers with Pew Research noted that mHealth apps are now generating more user activities than other mobile device apps such as online banking and job searching. Observers also note that patient IDs and PHI are more lucrative in dark web markets than credit card data."
There has long been a tension between our willingness to give up personal information, security and privacy and our desire for convenience. How the security community and policymakers react to this shift will determine whether this expanded concept of PII is simply enabling new forms of consumer convenience, or something more dystopian.
A Michigan man has been indicted for the 2014 hack of the University of Pittsburgh Medical Center's HR databases and theft of employees' personal information - information that he allegedly wound up selling on the dark web to crooks who used it to file thousands of bogus tax returns. The theft involved personally identifying information belonging to 65,000 employees from the medical center's PeopleSoft human resources management system.
Amtrak, the national rail service for the US, has suffered a data breach that may have exposed some customers' logins and other personally identifiable information, the service has disclosed. The rewards program enables customers to earn points - by spending on travel, hotels, car rentals and more - that they can then apply to Amtrak purchases.
BigID, the leader in data-centric personal data privacy and protection, announced the industry’s first data discovery solution for data pipelines. BigID’s privacy-aware Data Pipeline Discovery...
Sen. Maggie Hassan Asks GAO to Scrutinize DHS' Third-Party Security PracticesSen. Maggie Hasan, D-N.H is demanding that the U.S. Government Accountability Office review how the Department of...
A property management company owned by hotel chain Best Western has exposed 179 GB of sensitive travel information on thousands of travelers.