Data Leakage Archive
GDPR Compliance Checker

GDPR Compliance Checker

The Europe Union (EU) General Data Protection Regulation (GDPR) proposed by Europe Commission became active after May 25, 2018. GDPR has very strict rules about collecting, storing, and processing data. Gathering even very small piece of information about an EU citizen requires consent from customer/visitor and very high responsibility for the companies. The fines are […]
Your ecosystem

British Airways Breach: Is it a third-party attack?

British Airways (BA) announced that 380,000 customer records containing credit card details had been taken during the cyber attack executed between 21 August and 5 September. As one of the major data breach in 2018, the cyber attack, though still fresh, has been speculated by many respectful cyber security researchers about  the cause of the […]
Software supply chain attacks

How to Prevent Software Supply-Chain Attacks

The recent warning posted by US National Counterintelligence and Security Center (NCSC) for software supply-chain attack risk draws attention to software used by companies in their supply chain. Every 3 out of 4 professionals acknowledge that they are not fully prepared for supply-chain attacks (aka third-party attacks or value-chain attacks) in responses given to a […]
iso 27001

Do You Monitor Your Suppliers? ISO/IEC 27001 Regulations Say You Should

Suppliers, in general third parties, have become one of the weaker links in the system. Recent TicketMaster data breach show how third parties may carry too much risk to your organization. Thus, they should be constantly monitored as ISO 27001 standard suggests. What is ISO/IEC 27001? ISO/IEC 27001 (some only write ISO 27001) is an […]
ticketmaster

Lesson from TicketMaster Breach: CDN Security of third-party suppliers

UK-based company TicketMaster, a ticket sales and distribution company, experienced a major breach as they announced on June 27. Upto 40,000 UK citizens might have been affected while their customer information are compromised. Many reports confirmed that TicketMaster was not directly breached or compromised, but a third-party supplier for their website was the one that […]

3.8 Billion Stolen Credentials are out there! How about yours?

According to the 4iQ Identity Breach Report, 8.7 billion (detected and verified) raw identity-record data are on the surface, deep, and dark web in 2017, that is 182% increase compared to previous year. 44% of this data (around 3.8 billion) are usernames, passwords, and other credential information. You may hack through credential stuffing Credential stuffing […]
thirdy-party risks

2018 Guide to Select 3rd Party Cyber-Risk Assessment Tool

A recent survey conducted by Ponemon Institute reveals that 56% of companies have experienced a 3rd-party breach in 2017, which is an increase of 7% compared to previous year. Another survey conducted by Deloitte in 2016 was more depressive, reporting that 87% of organizations have experienced a disruptive incident with third-parties in the last 2-3 […]
Cyber Threat Intelligence

Passive Cyber Threat Intelligence

Passive Cyber Threat Intelligence; The More You Look, the More You Find. So let me ask you a question. Have you ever lost something, like your glasses for example, and you are looking everywhere for them and you’re running around the house saying, “Has anybody seen my glasses?” and someone turns to you and says, […]
NormShield Threat Vulnerability Orchestration

What is the biggest threat of stolen accounts?

Biggest threat; There are more than 4 billion hacked emails/passwords available on the internet and underground forums. So, how attackers use hacked emails & passwords for malicious purposes? NormShield searches the internet from many sources for whether there is leaked e-mail of your employees or not. In the simplest form, email list of employees can […]