博文

目前显示的是 十月, 2022的博文

Two and a half years of undetected data leakage on the ticketing platform See Tickets

 Recently, See Tickets made headlines due to the exposure of the data leakage incident, and released notices in several states of the United States to disclose the violation information, but no official statement has been released. See Tickets under French media giant Vivendi is one of the world's leading international ticketing service providers. It retails and distributes tickets for music, festivals, dramas, sports, comedies, exhibitions and other entertainment activities in the European and North American markets, and cooperates with more than 5000 customers worldwide. According to the notice of personal and financial data exposure sent by See Tickets to customers, this data disclosure event has lasted more than two and a half years. An attacker may steal sensitive payment card data through the Skimmer script injected on the See Tickets website. Skimmer secret stealing script is a short JavaScript code injected into the website checkout page, mainly used to steal the buyer'...

How can enterprises ensure data security?

With the development of online, digital and intelligent, and the gradual arrival of the era of Internet of everything, the data volume is growing rapidly. Both personal privacy data and enterprise data bear great value. Data leakage has become one of the biggest threats in the security field. The value of safety products is always proportional to the value of their protected assets. Source of data leakage In recent years, the rise of mobile Internet and Internet of everything has brought about explosive growth of data. According to IDC, the global data capacity will exceed 175zb from 33zb in 2018 to 2025 (equivalent to 1.8 billion years if you download these data at the speed of 25mb / s). This includes not only personal privacy data of users, but also enterprise data with significant commercial value and confidential data related to the security of the national government. As an important means of production in the new era, data has brought about great changes in the whole production ...

"Yanluowang" extortion reappears! Disclosure of Cisco's bidding process

On August 10, Cisco confirmed that the "yanluowang" extortion software Gang broke through the company's network at the end of May and tried to blackmail them by threatening to disclose stolen documents on the Internet. Earlier, the Gang also claimed to have invaded the system of Wal Mart, an American retailer, but Wal Mart denied that blackmail attacks had occurred. In this incident, yanluowang extortion Gang hijacked an employee's personal Google account, which contained the credentials synchronized from his Google browser, and then used the employee's credentials to enter the Cisco network. After gaining a foothold in Cisco's enterprise network, the attack group began to move horizontally to Citrix servers and domain controllers. Cisco Talos said that the attacker entered the Citrix environment, captured a series of Citrix servers, and finally gained privileged access to the domain controller.   After gaining domain management rights, the attacker uses enume...

Cyber Security Trends You need to Keep on in 2023

 Some factors will affect the way corporate executives strengthen digital defense in 2023, and network security remains the top priority. The number of blackmail software attacks is growing, and the zero-trust model is becoming more and more popular. As the Russian-Ukrainian conflict is continuing, there are more network attacks supported at the national level than ever before. More and more enterprises are using network technology to achieve operational automation and generate a large amount of data on the Internet. However, it also brings a series of Internet security risks, including data leakage and theft, which are common events for enterprises and individuals. 90% of the data leakage events in the first quarter of 2022 are caused by network attacks. Network security personnel responsible for security and risk management are at a turning point, because the digital footprint of enterprises is growing, and centralized network security control measures become useless. The trend o...

Don't lend these things to others at will

What will you do when an old friend suddenly finds you and asks to borrow your account on a platform for work tasks? As a security engineer, I will warn you not to lend any of your accounts at any time, because even if your account password has not been told to others, criminals can find ways to implant Trojan viruses into your mobile phone and steal your money. They often just need to send you an email, link, QR code to implant programs in your mobile phone, steal any of your information, maliciously eavesdrop on your user signaling and data, conduct consumption fraud against you, conduct pseudo base station attacks, and so on. In the 5G era, there is not only communication equipment, but also various devices connected to the Internet of Things (cars, monitoring...) in our life will collect a large amount of users' private information, including health status, personal preferences, social security information, life footprints, etc. In the age of big data, it has become a major cha...