Daily Archives: February 14, 2020

Cyber News Rundown: Estée Lauder Data Exposed

Reading Time: ~ 2 min.

Estée Lauder Leaves Massive Database Unprotected

Earlier this week researchers discovered an unsecured database containing over 440 million records belonging to Estee Lauder, a major make-up manufacturer. Though the company has confirmed that no customer data was stored in that database, they are still unsure on how long it was left exposed for and it did contain sensitive company information. Estée Lauder was able to properly secure the database on the same day the initial researcher contacted them.

SoundCloud Account Vulnerabilities Fixed

Researchers have contacted SoundCloud about vulnerabilities in their platform API that could allow attackers to illicitly access user accounts. While officials quickly resolved the security flaws, two additional API flaws had the potential to initiate DDoS attacks or create fraudulent song statistics by exploiting a specific set of track IDs. Attackers would have been able to exploit the user ID authentication to test previously leaked username/password combinations in hopes some victims were using the same credentials on multiple sites.

Danish Data Leak Exposes 1.3 Million Citizens

Over a period of five years from 2015 to 2020, a bug in the country’s tax systems has leaked sensitive ID numbers for nearly 1.3 million Danish citizens. The bug itself displayed the user’s ID number in the URL after the user made changes in their tax portal, which were then analyzed by both Google and Adobe. Fortunately, no additional tax or other personal information was divulged in the leak, which the government was quick to resolve.

Study Reveals Top Brands Used in Phishing Campaigns

After gathering data from nearly 600 million email boxes over the last year, researchers once again determined that PayPal was the most impersonated company for phishing attacks in 2019. The data also revealed that phishing campaigns disguised as PayPal were using an average of 124 unique URLs daily to propagate the malicious content. Many other top companies used in phishing campaigns in 2019 were financial institutions, as they are easy troves of consumer information.

Australia Debates Retention Period for Consumer Data

The Australian government has just begun debating changes to their current data retention period, which is currently two years (or significantly longer than any comparable nation’s policy). Storing data for that length of time can be extremely dangerous, especially given the rise in data breaches in recent years. While Australia believes it’s two-year limit to be a good balance, there is currently no management of who actually has access to the data and several amendments are introduced to improve the privacy of Australian citizens.

The post Cyber News Rundown: Estée Lauder Data Exposed appeared first on Webroot Blog.

6 Noteworthy Data Breaches in 2019

2019 was a banner year for breaches. Some of the biggest victims included social media heavy-hitters Facebook and TikTok, as well as financial dynamo Capital One. They???re just the tip of the iceberg: according to Forbes, over 3,000 breaches in 2019 tallied up to 4.1 billion compromised data records. That???s a whopping 22.5 million records stolen by cyberattackers every day of last year.

We know from our 10th annual State of Software Security (SOSS) report that security debt is a major contributor to the risk of such breaches and attacks. We also learned that those who scan their code for security issues more frequently (300+ times per year) vastly reduce the amount of debt (and risk) they carry. DevSecOps programs that institute more frequent application scanning cadences and break down silos between security and development teams can be a leap forward for organizations like the ones that fell victim to attacks last year.

As cybersecurity becomes a more complex issue, businesses that handle sensitive data ??? from passwords to Social Security numbers, banking information, and even medical records ??? should take this ever-prevalent problem seriously in 2020 and beyond. Here???s a look at six of the biggest breaches we saw in 2019.