News Archive - Page 10 of 23 - Secrata: Enterprise Data Security Platform

Dropbox Hack Leads to Leaking of 68m User Passwords on the Internet

Popular cloud storage firm Dropbox has been hacked, with over 68m users’ email addresses and passwords leaking on to the internet.

The attack took place during 2012. At the time Dropbox reported a collection of user’s email addresses had been stolen. It did not report that passwords had been stolen as well.

The dump of passwords came to light when the database was picked up by security notification service Leakbase, which sent it to Motherboard.

The independent security researcher and operator of the Have I been pwned? data leak database, Troy Hunt, verified the data discovering both his account details and that of his wife.

Hunt said: “There is no doubt whatsoever that the data breach contains legitimate Dropbox passwords, you simply can’t fabricate this sort of thing.”

Dropbox sent out notifications last week to all users who had not changed their passwords since 2012. The company had around 100m customers at the time, meaning the data dump represents over two-thirds of its user accounts. At the time Dropbox practiced good user data security practice, encrypting the passwords and appears to have been in the process of upgrading the encryption from the SHA1 standard to a more secure standard called bcrypt.

Half the passwords were still encrypted with SHA1 at the time of the theft.

Read more here

How does UC in the cloud impact your security posture?

CHIEF security officers have a lot on their plate these days, from a daily influx of zero-day vulnerabilities to increasingly sophisticated denial-of-service (DoS) attacks.

It’s a good bet that securing their unified communications (UC) application isn’t keeping them up at night. But maybe it should be?

Traditionally, enterprise security has centred around data: customer data, corporate data, credit card data, etc. There is a thriving, global, cybercriminal community built just around the goal of stealing data or, increasingly, encrypting it and holding it for ransom (known as ransomware).

Enterprises collectively spend billions of dollars each year protecting their data through firewalls and other data-centric security devices. In a sense, enterprises have locked their data doors tightly, but have they left another window open?

Read more here

Google Abandons ‘End-To-End’ Email Encryption Project, Invites Community To Take It Over

Google announced that the “End-to-End” email browser extension project it started three years ago is no longer a “Google project,” and that the community is invited to take it over because the project “has left the nest.” The company also renamed the End-to-End project “E2EMail.”

Back in 2014, Google announced the OpenPGP-based End-to-End project to bring easier to use end-to-end encryption to Gmail and other email services. Yahoo later joined the project as well, but eventually abandoned it, probably for different reasons.
Google started the project to win back the trust of Gmail users, after being accused of being part of the NSA PRISM program, and to show that it cares about its users’ privacy. End-to-end encryption would make email readable only to the users sending each other emails, but not to Google, as it is now the case.

Read more here

Yahoo Among Many Disclosing Data Breaches to SEC

Yahoo is part of a growing list of companies disclosing past data breaches to the Securities and Exchange Commission, as hackers become more successful in penetrating company firewalls to steal sensitive data.

The internet company reported in September that hackers had stolen data from 500 million users in 2014, making it the 102nd company to disclose such a theft to the SEC, according to data from Audit Analytics. Overall, 17 companies reported breaches to the regulator last year, down from 18 in 2015 and 34 in 2014.

Yahoo also disclosed in December a second breach that occurred in 2013.

The Wall Street Journal reported on Monday that the SEC has opened an investigation into whether Yahoo should have reported the data theft to investors earlier. The SEC requires companies to disclose cybersecurity risks as as soon as they are determined to have a material effect on their businesses.

Read more here

The need to think seriously about how you use cloud file sharing services

If you’re like most people, you use file sharing services to send and share your files via the cloud. But how do you know that the files you share via these tools are safe?

Read more here

Weebly data breach affects 43 million customers

Weebly, a San Francisco-based company that has allowed more than 40 million people create websites with since 2007; will start sending notification letters to all of their customers on Thursday, informing them of a data breach that occurred eight months ago.

Read more here

Major 2016 Healthcare Data Breaches: Mid Year Summary

Cyberattacks on healthcare organizations are now a fact of life. As long as it remains profitable for hackers to conduct attacks on healthcare organizations, the cyberattacks will continue. All healthcare organizations can do is to improve their defenses and make it harder for hackers to succeed.

Read more here

IoT security dominates but standards, data and partnership themes run through M2M Summit

There was more than a hint of irony when Professor Dr. Axel Sikora from the Institute of Reliable Embedded Systems & Communications Electronics at Offenburg University of Applied Sciences, spoke at the start of the M2M Summit 2016 on standardisation of the Internet of Things (IoT).

Read more here

UK firms could face £122bn in data breach fines in 2018

UK businesses could face up to £122bn in penalties for data breaches when new EU legislation comes into effect in 2018, the Payment Card Industry Security Standards Council (PCI SSC) has warned.

Read more here

End-To-End Encryption Could’ve Protected Yahoo Mail Users From 2014 Data Breach And NSA Spying

Over the past few weeks, it’s been uncovered that half a billion Yahoo Mail accounts were exposed in a record-breaking data breach and that Yahoo may have scanned its users’ emails on behalf of the U.S. government, too. In both situations, end-to-end encryption would’ve protected users’ information.

Learn more here