Equifax Says Hack Potentially Exposed Details Of 143 Million Consumers*:
- Equifax, a provider of consumer credit scores, said a hack exposed the personal details of potentially 143 million US consumers between mid-May and July.
- Criminals had accessed details including names, social security numbers, and, in some cases, driver’s license numbers.
- Credit card numbers of around 209,000 U.S. consumers and certain dispute documents with personal identifying information of around 182,000 U.S. consumers were also accessed.
- Personal information of certain UK and Canadian residents were also hacked.
- There was no evidence of a breach into its core consumer or commercial credit reporting databases.
- The breach could be one of the biggest in the United States.
*Source: Huffington Post, September 07, 2017
Instagram Suffers Data Breach*:
- Instagram recently suffered a data breach with hackers gaining access to the phone numbers and email addresses for many "high-profile" users.
- Instagram has notified all of its 700 million verified users that an unknown hacker has accessed some of their profile data using a bug in Instagram.
- The flaw actually resides in Instagram's application programming interface (API), which the service uses to communicate with other apps.
- They assured users the bug has now been patched and its security team is further investigating the incident.
- Instagram declined to name the high-profile users targeted in the breach.
- The company notified all verified users of the issue via an email and encouraged them to be cautious if they receive suspicious phone calls, text messages, or emails.
- Instagram users are also highly recommended to enable two-factor authentication on your accounts and secure your accounts with a strong, unique password.
*Source: The Hacker News, August 30, 2017
Hackers Lie in Wait After Penetrating US and Europe Power Grid Networks*:
- Nation-sponsored hackers have penetrated the operational networks multiple US and European energy companies use to control key parts of the power grid.
- The incursions detected by security firm Symantec represent a dramatic escalation by a hacking group dubbed ‘Dragonfly’.
- Over the past year, the hacking group has managed to compromise dozens of energy firms, and in some cases, install backdoors in the highly sensitive networks.
- The technical director of Symantec’s team is concerned that now the hackers are potentially in the operational networks of energy companies and have no more technical hurdles to jump over.
- At minimum, attackers who have control of a company’s operational network could use it to become de facto operators of the company’s energy assets; a more troubling scenario, attackers might be able to use their control to create the kinds of failures that led to the Northeast Blackout of 2003 that affected the electricity for 55 million people.
- Chien said Symantec has recently issued private warnings to more than 100 energy companies and organizations, and provided a variety indicators energy companies can use to tell if their networks have been compromised by Dragonfly.
- In December 2015 and December 2016 there were hacking attacks on a power distribution center in Ukraine that caused thousands to lose power; these attacks were attributed to a hacking group dubbed Sandworm.
- Dragonfly uses a completely different set of tools than Sandworm, so the two group are believed to be different.
- Dragonfly’s previous campaigns have relied on backdoors and remote access Trojans to gain access to networks.
- Little is known about the people who make up Dragonfly.
- Timestamps found in the malware used by Dragonfly suggests the group works mostly Monday through Friday between what would be the hours of 9 am to 6 pm in Eastern Europe.
*Source: ARS Technica, September 06, 2017
New Ransomware 'Locky' Spreading Through Email*:
- The Indian government has issued an alert for a new computer ransomware called ‘Locky’ which is spreading through a wave of emails with attachments.
- This type of malware can lock computer files with an encryption program and demand a ransom for them to be unlocked.
- More than 23 million messages have been sent in a campaign to spread variants of ‘Locky’ according to the government.
- The messages contain common subjects like "please print", "documents", "photo", "Images", "scans" and "pictures".
- The messages contain "zip" attachments that trick the computer into downloading the ransomware, which demands a ransom of half bitcoin for unscrambling the user’s files.
- The warning comes months after thousands of computers in India, including those run by police departments in several cities, were affected by the WannaCry ransomware.
- The ransomware, which targeted outdated copies of Microsoft's Windows operating system, also struck thousands of systems worldwide.
*Source: NDTV, September 03, 2017
A Canadian University Just Lost $10M in an Email Phishing Scam*:
- MacEwan University in Edmonton, Alberta unintentionally lost nearly $10 million after falling prey to an online phishing scam.
- Fake emails were received that said they were from one of the school’s major vendors, and that the vendor was changing its banking information; the staff then paid money into the new banking account, which did not go to their client.
- Three staffers made payments in three separate installments – the funds totalled $9.5 million or $11.8 million Canadian dollars.
- The mistake was only discovered when the actual client called the university saying it had not yet been paid.
- Investigators’ have now tracked the majority of the money to bank accounts in Montreal and Hong Kong, and are working to recover the money.
- The university is conducting a review of its practices to prevent a similar fraud from taking place in the future.
*Source: Time, August 31, 2017
Data Breach Exposes About 4 Million Time Warner Customer Records*:
- Time Warner Cable, now known as Spectrum, became the latest company to realize exactly how vulnerable its data is when a third-party vendor entrusted with its safety made an error exposing millions of records.
- About four million Time Warner customer records were exposed on two cloud-based AWS S3 buckets left open to the public.
- The information compromised includes transaction numbers, MAC numbers, user names, account numbers, types of service purchased along with internal development information like SQL database dumps and code with login credentials.
- They used Amazon’s cloud, but misconfigured it by leaving it accessible to anyone with an internet connection.
- This type of breach reveals that cybercriminals don't even have to put forth any effort to extract confidential information, but can rely on the poor practices of others.
- Visibility into your vendors' controls via a comprehensive third party risk management program provides insight into not just the controls and technologies that prevent or mitigate attacks by the bad guys, but also the procedures and policies that are meant to prevent untrained or careless employees inadvertently exposing sensitive data in the vendors’ custody.
- The fact that so many firms are being victimized in the same manner shows they are not placing the proper priority on off-premise security.
*Source: SC Magazine, September 05, 2017
Security Lapse Exposed Thousands of Military Contractor Files*:
- Thousands of files containing the private info of US military and intelligence personnel have been exposed online.
- The documents, which included a mix of resumes and job applications, were found on a public Amazon Web Services server by cybersecurity firm UpGuard.
- The roughly 9,400 files contain the personal details of TigerSwan's prospective employees, some of who had applied for work as far back as 2008.
- The documents include info such as an applicant's home address, phone number, email address, driver's license, passport and social security numbers.
- They also reveal sensitive details about individuals who were (and may still be) employed by the US Department of Defense and US intelligence agencies.
- TigerSwan insists the documents were not leaked as part of a data breach.
- Many of the timestamped files seem to have been uploaded to the public server in February and would have been available for anyone to download for at least several months.
- TalentPen set up a secure site to transfer the resumes to the TigerSwan sever, following the closure of its contract.
- The private security firm learned that its former vendor had used a bucket site on Amazon Web Services for this process, but TalentPen apparently failed to delete the documents.
- The files in question have now been properly secured according to TigerSwan.
*Source: Engadget, September 04, 2017