The easiest way to fix known vulnerabilities is through patching. The major challenges are often gaining approval from app owners and in executing the change approval process.
What is Risk-Based Vulnerability Management?
Risk-based vulnerability management is the process of reducing vulnerabilities across the attack surface of an organization’s assets by prioritizing remediation based on the risks they pose.
The 5 Biggest Data Leaks of 2021
During the pandemic, cyberattacks grew more than ever. Theft, hijacks, and data leaks are increasingly popular practices in cybercrime. The lock and hijack for ransom (ransomware) category has stood out a lot, as data is a highly valuable resource and most companies do not refuse to pay the million-dollar amounts charged to rescue their data.
Moving to remote work models has caused more people to occupy virtual environments, which increases the chances of digital attacks. In addition, home office work, where business systems are accessed from home and through personal devices, has increased the attack surface in information security.
In other words, the global destabilization generated by the pandemic has been a fertile field of vulnerabilities to be exploited by cybercrime.
This wave of attacks has been spreading around the world, reaching government agencies and companies from different sectors. One of the biggest risks for companies is having their data leaked, which can be one of the consequences of non-payment of ransomware, for example.
Another potential leak occurs when attackers make the data available for sale on specific deep web forums.
The year is not over yet and we already have a generous list of this kind of cyberattacks. Check out the biggest data leaks that occurred in 2021 in Brazil and worldwide.
Brazil: 223 million Brazilians’ Data Leaked
The most recent case of data leak in Brazil has 223 million personal information about Brazilians, including names, dates of birth, gender, individual taxpayer numbers, corporate taxpayer numbers, vehicle information, addresses, face pictures, education, registration in retirement benefits, data from public officers, debt score, among others.
That is pretty much all the data a person can have. If the Brazilian population is 212 million, data from almost all Brazilians would be included in this list, but the leak also contains information on deceased people and data from previous leaks.
The data package was posted on a forum to be marketed. The suspects responsible for putting the information up for sale have already been caught by the police. One of them is called Marcos Correia da Silva, known as Vandathegod. The second involved, Yuri Batista Novaes, known as JustBR, was arrested in the act in Petrolina and seized with 4 terabytes of data in his home.
Brazil has been one of the main targets of cybercriminals. In 2019, the country reached second place in the world in ransomware attacks. In 2020, in the second quarter alone, there was an increase of 350%, reaching both companies and governments, according to data from Kaspersky.
The numbers do not stop growing, even in the first half of 2021 the world already has numerous cases of cyberattacks, and at least eight of these incidents occurred in Brazil, which corresponds to about one attack per week.
RockYou2021: Historical Leak of 8.4 billion Passwords
Considered the biggest leak in history, the attack makes reference to RockYou, a large leak that released 32 million passwords from users of the social network RockYou. This time, the leak involved 8.4 billion access passwords disclosed in a hacker forum.
It is still not possible to say how these data were compiled and their source. But some experts believe the data has been accumulated over the years and merged with previous leaks.
This type of leak raises an alert, as these cybercriminals may use password matching techniques on multiple online accounts or build an access dictionary to facilitate attacks. The users’ neglect only makes the situation worse, as the common habit of reusing passwords, for convenience, can further increase the damage.
Facebook: 533 million Facebook Users’ Data Leaked
553 million people from 106 countries had their personal data published free of charge on a hacker forum. Information includes name, address, telephone number, date of birth, and email accounts. Tests performed by experts confirmed the legitimacy of the data and that it can still be used for future attacks.
When taking a stand on the case, Facebook stated it is a leak with data already violated in 2019. At that time, the attacker found a vulnerability in the platform that allowed the import of user data, linking phone numbers to specific users. “We found and fixed this issue in August 2019,” said a Facebook spokesperson.
Facebook has already been the target of speculation about data leaks and misuse since the case involving Cambridge Analytics, when it used data from 80 million users to interfere in the course of the 2016 elections in the United States.
About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About Senhasegura
Senhasegura strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.
CyberLink Releases FaceMe® Security 7.0, Coining Game-Changing “VMR” Console and Introducing a Wealth of Enhancements to the Surveillance and Access Control Software
The new AI-based Video Monitoring and Recording (VMR) module, the first of its kind, brings a substantial overhaul to the console and related add-ons; and support of H.265 formats and DIDO I/O modules make the solution more relevant and accessible than ever
TAIPEI, TAIWAN — December 10, 2021 —CyberLink Corp. (5203.TW), a pioneer in AI and facial recognition technologies, today announced the newest update to FaceMe® Security, its premier facial recognition solution for surveillance and access control. Version 7.0 introduces the VMR Add-On, dramatically enhancing the software’s video management capabilities. The new module, a replacement to the Monitor Add-On, comes with gallery and floor plan view features that logically connect IP cameras and enable seamless, real-time video tracking of individuals’ journeys through the facilities. The updated version also introduces the ability to search for a person using an image of their face, and supports H.265 as well as DIDO I/O modules.
FaceMe® Security is a comprehensive AI-based surveillance solution integrating CyberLink’s market-leading facial recognition technology. It provides an expansive set of functionalities such as identity verification, time and attendance tracking, health check (mask detection and temperature measurement), live monitoring, and event-based alerts, for example, when detecting VIP or block-listed individuals. FaceMe® Security’s scalability and compatibility with most existing security system components and leading video management system (VMS) solutions make it the perfect value-adding complement to system integrators’ offerings, across any facility: from office, residential, and institutional buildings, to hotels, retail stores and warehouses, factories, and large industrial plants.
The latest FaceMe® Security (v7.0) update enhances four main areas:
VMR Add-On – Live Monitoring and Recording via IP Camera Video Streams
The VMR Add-On (replacing the Monitor Add-On) is a software module that connects to FaceMe® Security and integrates all the features essential to video monitoring and recording. The console allows security personnel to monitor multiple video streams in real time, receive instantaneous alerts, and search recorded videos.
The new VMR Add-On Floor Plan View capability overlays live video feeds from IP cameras to the uploaded facilities’ floor plans, intuitively locating potentially problematic situations, following individuals of interest, and quickly intervening to address security issues. The Gallery View allows users to select and monitor up to nine streaming video feeds concurrently, each with their own layout by floor, area, purpose, or other relevant criteria. Additional options and user interface enhancements include enlarged thumbnails with detailed information, camera numbering for better identification, and more.
FaceMe ® Security Central Management Console – Search People by Image, Customizable Groups
The FaceMe® Security Central module, running on on-premise servers, provides centralized access to face database management, visitor history, event logs, and system configuration. In the 7.0 update, FaceMe® Security Central adds a new Search by Image feature, which can locate the visiting history of a specific person (e.g., potential thief) by uploading an image of their face. The new release allows the creation of customized groups of individuals based on profiles and characteristics that match organizations’ unique security needs. Each group can be assigned a distinctive color and pattern to easily visualize the corresponding individuals on the video feeds.
End-to-end Support for the Latest H.265 Video Formats
H.265 is the video compression standard supported in most of the latest IP cameras. Compared to the legacy H.264 format, H.265 reduces file size by 50 to 75% for comparable video quality, dramatically increasing the number of hours of video recording that NVRs (network video recorders) can store. FaceMe® Security now provides end-to-end support for H.265 videos (when using hardware such as Intel CPUs’ Quick Sync decoder and NVIDIA GPUs,) for enhanced RTSP streaming, real-time face detection, feature extraction, and video recording retrieval.
Support for DIDO I/O Modules – Fully Integrated with the Control of Doors, Locks, and Lights
FaceMe® Security now supports select models of Advantech’s DIDO control modules, further expanding its compatibility with I/O devices to automatically control doors, locks, and lights when detecting the presence of authorized individuals.
For more information on FaceMe® Security, please visit: https://www.cyberlink.com/faceme/solution/security/overview
About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About CyberLink
Founded in 1996, CyberLink Corp. (5203.TW) is the world leader in multimedia software and AI facial recognition technology. CyberLink addresses the demands of consumer, commercial and education markets through a wide range of solutions, covering digital content creation, multimedia playback, video conferencing, live casting, mobile applications and AI facial recognition. CyberLink has shipped several hundred million copies of its multimedia software and apps, including the award-winning PowerDirector, PhotoDirector, and PowerDVD. With years of research in the fields of artificial intelligence and facial recognition, CyberLink has developed the FaceMe® Facial Recognition Engine. Powered by deep learning algorithms, FaceMe® delivers the reliable, high-precision, and real-time facial recognition that is critical to AIoT applications such as smart retail, smart security, and surveillance, smart city and smart home. For more information about CyberLink, please visit the official website at www.cyberlink.com