Top CyberSecurity News For October 25th 2016

  1. India suffered a massive debit card data breach because no one connected the dots. From Scroll.in. 

    The biggest lesson emerging from the recent recall of 3.2 million debit cards by various Indian banks is that most of the systems that the government and the country’s financial sector put in place to deal with a major cyber attack failed to detect the data breach that necessitated this recall.

    As banks scramble to put together a root cause analysis of the events that led to the malware (malicious software) attack that led to one of the biggest security breaches in banks in India in September and October, there is a realisation that institutions failed to share information with each other, leading to cascading failures that permitted the breach to continue undetected for a while.

2. Data breach at Weebly affects 43 million usersFrom Graham Cluely. 

A data breach at free website builder Weebly has compromised the personal information of over 43 million users.

News of the breach arrived on 20 October when LeakedSource.com published a database of 43,430,316 Weebly users’ information on its website. Those records contain a username, email address, password, and IP address.

Little information is known about how those responsible for the breach exfiltrated all of that data, but we do know that the breach occurred at the web-hosting service in February 2016 and that an anonymous source provided LeakedSource with the database.

 

Top CyberSecurity News For October 12th 2016

  1. UCF data breach caused by computer virus, officials sayFrom WESH.com. 

    More than 200 students reported having their debit and credit cards hacked and now, investigators know how it happened.

    Investigators said the massive UCF data breach was caused by a virus.

    WESH 2 News spoke to a student who, along with at least 230 others, had his debit card numbers hacked.

    “It happened to 200 students? Wow. And college students aren’t the richest people, so I was pretty (upset) when my bank called me. But they erased all the charges. Don’t get me again, though,” the victim said.

Top CyberSecurity News For 2nd September 2016

  1. Kimpton Hotels Acknowledges Data BreachKimpton Hotels on Wednesday formally acknowledged that malware found on payment terminals in many of its hotels and restaurants may have compromised credit/debit cards of guests who patronized the properties in the first half of this year. The disclosure comes more than a month after KrebsOnSecurity first contacted to the company about a possible credit card breach across most of its locations.

Top CyberSecurity News For 3rd August 2016

  1. Kimpton Is Latest Hotel Chain to Deal With Credit Card Data BreachFrom Skift. Kimpton Hotels & Restaurants is the latest hotel chain having to investigate a credit card data breach at its properties. On July 26, the company announced it was “recently made aware of a report of unauthorized charges occurring on cards that were previously used legitimately at Kimpton properties.

Top CyberSecurity News For 23rd June 2016

  1. ‘Godless’ Malware Is Attacking Android DevicesFrom PC Magazine. Researchers at Trend Micro recently discovered new Android-based malware called Godless, which targets devices running Android Lollipop or earlier. As Trend Micro points out, that covers almost 90 percent of Android devices. “Based on the data gathered from our Trend Micro Mobile App Reputation Service, malicious apps related to this threat can be found in prominent app stores, including Google Play, and has affected over 850,000 devices worldwide,” the company said in a statement.
  2. Data breach possible for users of Annapolis parking garagesFrom Capital Gazette. Malware was discovered on parking garage servers that officials believe could have stolen credit and debit card information from transient parkers using the city’s three garages. The breach is still under investigation, but officials believe it could have impacted anyone using those parking facilities between Dec. 23 and June 11. These servers handle payments for Noah Hillman, Gott’s Court and Knighton Garages.

Top Cybersecurity News For 19th April 2016

  1. German researcher hacks into US Congressman’s phone for TV Show. From Guardian. German security researcher Karsten Nohl demonstrated the hack for the CBS show. He tracked a brand new phone given to US congressman Ted Lieu in California from his base in Berlin using only its phone number. Nohl pinpointed Lieu’s movements down to districts within Los Angeles, read his messages and recorded phone calls between Lieu and his staff.
  2. Short URLs are easily hacked. From Freedom To Tinker. short URLs produced by bit.ly, goo.gl, and similar services are insecure, and in many cases point to Microsoft OneDrive accounts with private documents.  Many of these accounts are unlocked and allow anyone to inject malware that will be automatically downloaded to users’ devices.
  3. The rising threat of ransomware. From TechCrunch. Ransomware is usually delivered through infected email attachments and hacked websites or websites featuring ads. Ransomware encrypts files on a user’s computer and renders them unusable until the victim ransoms the key for a specific amount of money. Cybercriminals are making millions of dollars from ransomware.
  4. Most Americans Maintain Store Loyalty after Data Breach. From LowCards.com. Despite affecting over 100 million people, a new study finds that most Americans continue to shop at their favorite stores after a data breach. Only 11% of people who had received notice about a data breach said they stopped shopping at hacked merchants after the event.
  5. George J. Franz III is heading back to US Cyber Command. From FCW. After two years as commanding general of the Army’s Intelligence and Security Command, Maj. Gen. George J. Franz III is heading back to Cyber Command, where he will be director of operations, the Pentagon announced.