Breach Guide

Learn the steps to take in the event of a data breach and stay current on the cyber threat landscape with the FTC’s Data Breach Resources, FBI’s Daily Digest Library and San Diego’s Cyber Incident Response Guide.

Federal Trade Commission (FTC) Data Breach Resources

Find out the steps to take as a business or consumer if you experience a data breach.

ftc-gov

FBI Cyber Daily Digest Library

Stay current on the global threat landscape with the FBI’s daily circulation of published data breaches and articles.

  • Face off: Congress questions use of Americans' biometric data

    Source: Federal Times
    By: Andrew Eversden
    Published: July 10, 2019

    * Lawmakers on Capitol Hill expressed concerns over the U.S. Customs and Border Protection's use of facial recognition technology on American citizens, questioning CPB's right to even collect it.
    * At many airports across the country, this process is done manually. But there are facial recognition systems in place at airports such as Washington Dulles International and New York John F. Kennedy International, along with numerous other large U.S. airports, according to the CBP biometrics website.

  • DDOS ATTACKS SURGE AROUND THE WORLD: CHINA AND US STILL THE LARGEST SOURCES, BUT THEIR SHARE KEEPS DROPPING

    Source: KODDOS
    By: Ali Raza
    Published: July 9, 2019

    * DDoS attacks continue to grow in numbers around the world, with each new quarter bringing new reports of increased hacking activity.
    * The fact that the most compromised devices are in China does not necessarily mean that the attackers themselves are based in China. It is just as possible that the attackers are simply compromising more devices in China.

  • UK proposes another huge data fine. This time, Marriott is the target

    Source: CNN Business
    By: Charles Riley
    Published: July 9, 2019

    * Marriott faces a $124 million fine for failing to protect customer data, the second major penalty proposed this week by UK regulators under Europe's tough new privacy rules.
    * The hotel chain said in a regulatory filing Tuesday that Britain's Information Commissioner's Office intends to impose a £99 million ($124 million) fine under the General Data Protection Regulation (GDPR).

  • Google Finds iPhone Text Bomb That Can Only Be Fixed with a Full Wipe

    Source: Softpedia News
    By: Bogdan Popa
    Published: July 8, 2019

    * Text bombs have been around for a long time on iPhones, but this time it's a serious one, as it can only be fixed with a full device wipe that would obviously lead to data loss too.
    * Specifically, Google's Project Zero engineers discovered that sending a malformed message via iMessage to an iPhone or Mac leads to various issues on these devices.

  • 10 times malware proved that MacOS isn't bulletproof

    Source: SecurityBrief
    By: Sara Barker
    Published: July 8, 2019
    * In the first six months of 2019 there have been at least ten types of malware specifically targeting macOS, indicating that Mac users need to come to terms with the fact that their devices are not immune from attack. * According to security firm SentinelOne's Phil Stokes, cybercriminals are targeting Apple's Mac platform more often - and they're exploiting it.

  • Microsoft Windows vulnerability BlueKeep could bring the new WannaCry, so are you safe?

    Source: ABC News
    By: Elise Thomas
    Published: July 8, 2019
    * While Australians were sleeping, someone on the other side of the world opened an email attachment. That was all it took. * The virus was indiscriminate, hitting everything from French car manufacturers and German railways to Russian banks, from ATMs in India and hospitals in the UK to a mall in Singapore, causing billions of dollars of damage globally.
  • INM data breach was not for cost-cutting exercise

    Source: Irish Times
    By: Charlie Taylor
    Published: July 8, 2019
    * Deloitte inquiry concludes data interrogation was not for reason claimed by Leslie Buckley * The alleged data breach at Independent News & Media, in which thousands of emails from journalists, senior staff and advisers were accessed, was not carried out for the reasons originally claimed by the publisher, a new report has found.
  • HACKER LEXICON: WHAT IS CREDENTIAL DUMPING?

    Source: Wired
    By: Andy Greenberg
    Published: July 7, 2019
    * In many modern hacking operations, the difference comes down to atechnique known as 'credential dumping.'
    * The term refers to any means of extracting, or 'dumping,' userauthentication credentials like usernames and passwords from a victimcomputer, so that they can be used to reenter that computer at will andreach other computers on the network.
  • Even UK's Largest Police Forensics Contractor Isn't Safe From Ransomware

    Source: Uber Gizmo
    By: Adnan Farooqui
    Published: July 7, 2019
    * We have been reading about towns in Florida being attacked by ransomware recently. Hackers use this malware to lock down the town's data and don't give it back until a ransom is paid in bitcoin. * The very same thing has happened to Eurofins Scientific, the United Kingdom's largest police forensics lab contractor. It has also paid a ransom to hackers in order to regain access to its data which had been encrypted by the ransomware.
  • 7-Eleven Japan's weak app security led to a $500,000 customer loss

    Source: Engadget
    By: Mariella Moon
    Published: July 6, 2019
    * 7-Eleven Japan's mobile payment app had such poor securitymeasures, the company had to shut it down just a couple of days after itsrelease.
    * In an announcement explaining the issue, the company admittedthat hackers were able to break into 900 users' accounts and to charge 55million yen ($507,000) in illegal purchases to their debit and credit cardson file within that period, from July 1st when the 7pay app rolled out toJuly 3rd when the service was shut down.

San Diego Cyber Incident Response Guide

Learn more about San Diego’s region-wide cyber incident response guide and available local, state and federal resources.

San Diego Cyber Incident Response Guide October 2017