Categories
Information Security>Data Breach|Compliance>Privacy

Target Breach now affects 110 million users

Joshua Carter, public relations manager at Target, said, “This theft is not a new breach; these are two distinct thefts as part of the same breach and this development was uncovered in the course of the ongoing investigation. The 70 million guests impacted by this new development are separate from the 40 million number that was previously shared.”

This goes to show how easily a data breach can get out of hand.  Not only has it taken months for all of the information come out, the breadth of the breach continues to grow.  The Verizon breach report says that it typically takes seconds to hours for attackers to exploit a breach and that it can take month’s for organizations to find out let alone deal the issue.  Can your business recognize a breach if it happened?

We have managed security services that can help your organization correlate events and configure alarms to detect anomalies in the regular behavior.

Source: http://www.scmagazine.com/separate-info-on-70m-stolen-in-target-breach/article/328827/

[av_button label=’Managed Cyber Security Services’ link=’page,29′ link_target=” color=’theme-color’ custom_bg=’#444444′ custom_font=’#ffffff’ size=’small’ position=’right’ icon_select=’yes’ icon=’ue8c5′ font=’entypo-fontello’]

Categories
Computer & Network Security|Information Security|Social Engineering>Phishing|Compliance>Privacy

LinkedIn Profiles: Ripe for phishing recon

The author notes that LinkedIn has “…more than 259 million members—many who are highly paid professionals in technology, finance, and medical industries—LinkedIn holds a wealth of personal data that can prove highly valuable to people conducting phishing attacks, identity theft, and similar scams.”

Many times there are legitimate business reasons to post identifiable information such as email, phone, etc on LinkedIn.  Is it necessary to add things like date of birth or address?  Users must keep in mind the type of information they make available and what it could be used for.

Additionally, do you ‘know’ each of your contacts?  How many times do you get a connection request from someone you don’t really know, but feel like it could be beneficial to connect to?  A previous post references a targeted phishing attack through LinkedIn.  These situations continue to emphasize the need for users to become aware of what information they make available regardless of the perceived trust of the system in use.

Source: http://arstechnica.com/security/2014/01/hackers-use-amazon-cloud-to-scrape-mass-number-of-linkedin-member-profiles/