Cybernews’ Post

Maybe zero trust needs to be applied to other areas.

Protecting sensitive data isn’t just about the tech - it’s about responsibility. The GigtoGig data leak is a reminder that even simple misconfigurations can have serious consequences. Having worked in IT for years, I’ve seen how easily these breaches can happen, and it’s a clear call for businesses to ensure security processes and measures are always followed. #cybersecurity #dataprotection #infosec

❓ How #critical for government operations is a "governmental employment agency"? ❕ Here some insight: *️⃣ "French employment agencies France Travail and Cap Emploi announced at 14th of March 2024 that they’ve fallen victim to an intrusion into their #informationsystems ..." 🆘 "...attack would have potentially allowed the extraction of data from 43 MILLION users..." ❌ according data of 2023 43M is ~63,23% of entire France population (this is also represents ~80% of France population between 15-79 y.o.) ❔ Why such risk got appeared? ❔ Should such organisations be a #nis2 compliant ❔ Origin of #cyberattack ❔ What did we learned #cyberdefense #privacy #riskassessment #cybersecurity link: https://lnkd.in/dMHEYsKQ

👇 🚨#ITSupport & #Security Alert 🚨 https://lnkd.in/gA8wDsRA UK staffing agency exposes gig workers: passports, visas, and more made public A UK staffing agency has exposed the passports of tens of thousands of gig workers, risking identity theft and other frauds. Exclusive #Cybernews research uncovered that GigtoGig, a UK-based temporary staffing agency, inadvertently leaked a vast amount of worker data. The agency boasts partnerships with major brands like #Hilton, #Sainsbury’s, #Marriott, and #G4S. GigtoGig and similar companies play a crucial role in linking #businesses with temporary workers for short projects, providing a reliable workforce while offering diverse job opportunities and essential services like payroll and insurance to workers. During a routine probe on August 5th, our research team identified a misconfigured #Amazon #AWS S3 bucket linked to #GigtoGig. Regrettably, this oversight led to the exposure of 217,000 sensitive files to the public, allowing unrestricted access without login credentials. Vigilance and proactive measures are crucial in today's #digital landscape to safeguard sensitive #data and mitigate cybersecurity #risks. #bankingindustry #cyber #endpointsecurity #iotsecurity #IoT #Canada #UK #SouthAmerica #cyberawareness #technology #datasecurity #cloud #google #microsoft #windowssecurity #vulnerability #securityawareness #riskmanagement #infrastructure #globalsecurity #threatintelligence #EU #socialmedia #news #defensivemeasures #knowledgebase #linkedin #networksecurity #vulnerability #internetofthings #smartphones #UnitedKingdom #mobilephones #AsiaPacific #EuropeanUnion #DataSecurity #privacy #NewZealand #Cybersecurity #DataProtection

According to a listing on a known cybercrime forum that TechCrunch has seen, the pseudonymous hacker published a small portion of the data containing full names, email addresses, phone numbers, dates of birth, mailing addresses and passport details of individuals who allegedly signed up to the portal. TechCrunch verified that some of the data published by the hacker appears genuine. Similarly, TechCrunch validated the phone numbers found in the published data using a third-party app. One of the records pertained to an Indian government foreign ambassador, whose information in the sample matches public information. A message sent by TechCrunch to the ambassador via WhatsApp went unreturned. It is unclear whether the data was obtained directly from the eMigrate servers or through a previous breach. The hacker did not share the exact details of when the breach allegedly occurred, but claims to have at least 200,000 internal and registered user entries. #DataSecurity #Privacy #Phishing #Ransomware #Cybersecurity #CyberAttack #DataProtection #DataBreach #Hacked #Infosec 

As a provider of business services to Union Labor Life, Infosys McCamish was entrusted with certain confidential data about the insurance company's customers. However, this trust was breached when unauthorised access to this information occurred between October 29, 2023 and November 2, 2023. The investigation conducted by Infosys McCamish, with the assistance of cybersecurity experts, revealed the gravity of the situation. The encryption of portions of the company's systems by ransomware had allowed perpetrators to gain access to Union Labor Life's customer data, which was stored within Infosys McCamish's IT network. The incident has not only compromised the privacy and security of Union Labor Life's customers but also raised questions about the adequacy of the safeguards in place to protect sensitive information. In the latest update, IMS has provided more details about the type of data that was compromised during the incident. The information impacted varies by individual but includes sensitive personal details such as Social Security Numbers, dates of birth, medical records, biometric data, login credentials, financial account information, and various government-issued identification numbers. https://lnkd.in/gTs3z36w Infosys Infosys McCamish Systems #databreach #cybersecurity Union Labor Life Union Labor Life Insurance

Massive Cyberattack Affects 43 Million French Workers ☹️ On March 14, French employment agencies France Travail and Cap Emploi disclosed a cyberattack compromising the data of approximately 43 million individuals, including names, social security numbers, and contact details. The breach targeted job seekers registered over the past 20 years and those with accounts on france travail.fr. While passwords and banking details remain secure, authorities caution against potential misuse of leaked data. Affected individuals will be individually notified, and an investigation is underway. Authorities advise vigilance against phishing attempts and emphasize the importance of safeguarding personal information. This incident follows recent DDoS attacks on French governmental websites by Anonymous Sudan, underscoring escalating cybersecurity threats faced by governmental organizations. https://lnkd.in/gPVadqCm

🔗 The U.S. Department of Justice Strikes Back Against IT Fraud Schemes 🚨 In a significant move, the U.S. Department of Justice has disrupted major fraud schemes run by North Korean IT workers posing as #remote freelancers. These operations funneled millions into the North Korean regime, undermining global #cybersecurity and exploiting the freelance ecosystem. Here are the top 3 Learnings: 1. Thorough Vetting is Crucial: Verify identities and backgrounds of remote workers to avoid unknowingly hiring bad actors. 2. Beware of Too-Good-To-Be-True Rates: Extremely low rates can be a red flag, signaling hidden risks or fraudulent activity. 3. Stay Updated on Threats: Continuous education on emerging cyber threats is essential for businesses of all sizes. Here are more details: https://lnkd.in/gtCeWhbM #NorthKorea #FraudPrevention #TechNews #Leadership

Often, questions related to security clearances surface. For those who are considering obtaining a security clearance, it's crucial to understand what you might need to apply for a security clearance.

Is it just me, or does this feel like a massive overreach? Sure, they need it for background checks and verification, but giving up such sensitive info right away? Feels risky! To break it down: Is it really necessary? Why do they need it so early in the process? How secure is your data? Can you trust them to keep it safe? Can you wait? Why not hold off on sharing your SSN until later in the process? If that means I'm being dropped out because of this, well then maybe it's not the right fit for me. While companies claim to protect our data, it’s up to us to be cautious. What do you think? #DataPrivacy #DataSecurity #InformationSecurity #Confidentiality