In recent times Cyber Security has become one of the top areas of concern for the board and the CEO. Several high profile breaches coming in news with CEOs, CISOs, CIOs getting fired it is indeed one of the worries for the management and the Board. I have done a loosely defined survey with some… Read More »Top 10 Questions CEO or Board Asks The CISO
Less than 3000 one-plus smartphone users were claimed to be affected by a recent one-plus data breach. One-plus is known to have had previous data breaches. Customers are advised to change their password. Data leaked involves name, address, email. The nature of data revealed maybe used for impersonation and indirect access to other accounts. Recently,… Read More »One Plus Breach – November 2019
Over 1 million+ T-mobile customers were affected with a data breach. Personal information (not including password or financial data) were revealed. Expected data revealed would be name, billingaddress, phone and account number, calling scheme etc. The scheme data by T-Mobile customer privacy policy requires them to notify their customer if there is a leak of… Read More »T-mobile data breach (1 M customers affected)
This year July, facebook settled for a $5billion worth settlement with US Federal Trade Commission for its privacy failures in Cambridge Analytica case. Recently, they have disclosed a group of developers around 100 had access to additional information of people in groups. Malicious apps have leaked personal data of facebook and twitter users to third… Read More »Facebook & Twitter Breach – November 2019
Macy’s is a popular shopping destination and a breach before christmas shopping is a scare. On October 15 it notified customers of a magecart card-skimming device. The unauthorized code on payment page (checkout & wallet) could have accessed name, address, city, phone, email, payment card number, card security code, card month/year of expiration. -> (Free… Read More »Macy’s Breach November 2019
We were happy to participate in a community round table organized by CISO Platform Key Discussion Points : What is Shadow IT? What are the types of Shadow IT? Practical demo using open source tools Controls to manage shadow IT risk Reason Of Risk : No standardization Unknown risks Security breaches Data leaks Types Of… Read More »(Round Table) Shadow IT Risks And Controls : Managing The Unknown Unknowns In Deep & Dark Web
Discover Your Attack Surface Before Hackers Do Not having real time view of your dynamic attack surface and the risks it is introducing, leaves an organization in the dark and serves as a low hanging fruit for attackers to use this exposed information to fuel their malicious attacks. Report Includes : Why Your Expanding Attack… Read More »Download Report – (Short Guide) On Attack Surface Analysis
[Report] 9 Critical Capabilities Needed For Digital Risk Protection Digital Risk Protection ( DRP ) is a term possibly popularized or coined by Forrester to describe the market of tools and technologies to protect from the risks posed by externally facing digital assets. As per Forrester: “Most buyers (77%) are purchasing DRP tools as net-new… Read More »Download Report – 9 Critical Capabilities For Digital Risk Protection Program
End of september, Doordash confirmed a data breach which affected 4.9 million customers, workers, merchants. Doordash is a popular food delivery company and their data was stolen by a group of hackers. They also informed, customers who affected after 5 April 2018 were not affected. The breach from data is known to have happened in… Read More »Doordash Breach (4.9 Million Customers Affected)
In early september, Yves Rocher warned about a data leak of millions of its customers. An exposed database left by a third party vendor was the cause of the breach. A server owned by Aliznet (serves IBM, Salesforce, Sephora, Louboutin) had an exposed database of Yves Rocher with millions of customer and their PII exposed.… Read More »Yves Rocher Breach (2.5 Million Canadian Customers Affected)