Top CyberSecurity News For November 18th 2016

  1. Adobe Fined $1M in Multistate Suit Over 2013 Breach; No Jail for Spamhaus AttackerFrom KrebsOnSecurity. 

    Adobe will pay just $1 million to settle a lawsuit filed by 15 state attorneys general over its huge 2013 data breach that exposed payment records on approximately 38 million people. In other news, the 39-year-old Dutchman responsible for coordinating an epic, weeks-long distributed denial-of-service attack against anti-spam provider Spamhaus in 2013 will avoid any jail time for his crimes thanks to a court ruling in Amsterdam this week.

    On Oct. 3, 2013, KrebsOnSecurity broke the story that Adobe had just suffered a breach in which hackers siphoned usernames, passwords and payment card data on 38 million customers. The intruders also made off with digital truckloads of source code for some of Adobe’s most valuable software properties — including Adobe Acrobat and Reader, Photoshop and ColdFusion.

Top CyberSecurity News For October 28th 2016

  1. Red Cross Blood Service admits to personal data breach affecting half a million donorsFrom ABC.net.au. 

    The personal data of 550,000 blood donors that includes information about “at-risk sexual behaviour” has been leaked from the Red Cross Blood Service in what has been described as Australia’s largest security breach.

    Key points:

    Data from blood donor registration form posted insecurely online
    Leak included identifying information and “personal details” of 550,000 donors
    All copies of the data believed to be destroyed
    The organisation said it was told on Wednesday that a file containing donor information was placed on an “insecure computer environment” and “accessed by an unauthorised person”.

Top CyberSecurity News For October 25th 2016

  1. India suffered a massive debit card data breach because no one connected the dots. From Scroll.in. 

    The biggest lesson emerging from the recent recall of 3.2 million debit cards by various Indian banks is that most of the systems that the government and the country’s financial sector put in place to deal with a major cyber attack failed to detect the data breach that necessitated this recall.

    As banks scramble to put together a root cause analysis of the events that led to the malware (malicious software) attack that led to one of the biggest security breaches in banks in India in September and October, there is a realisation that institutions failed to share information with each other, leading to cascading failures that permitted the breach to continue undetected for a while.

2. Data breach at Weebly affects 43 million usersFrom Graham Cluely. 

A data breach at free website builder Weebly has compromised the personal information of over 43 million users.

News of the breach arrived on 20 October when LeakedSource.com published a database of 43,430,316 Weebly users’ information on its website. Those records contain a username, email address, password, and IP address.

Little information is known about how those responsible for the breach exfiltrated all of that data, but we do know that the breach occurred at the web-hosting service in February 2016 and that an anonymous source provided LeakedSource with the database.

 

Top CyberSecurity News For October 14th 2016

1. Verizon signals Yahoo data breach may affect acquisitionFrom CSO Online. 

Verizon has signaled that Yahoo’s massive data breach may be enough reason to halt its US$4.8 billion deal to buy the internet company.

On Thursday, Verizon’s general counsel Craig Silliman said the company has a “reasonable basis” to believe that the breach involving 500 million Yahoo accounts has had a material impact on the acquisition. This could give the company room to back out or get a large discount.

Top CyberSecurity News For October 6th 2016

  1. NSA contractor arrest highlights challenge of insider threatFrom Washington Times. The arrest of a National Security Agency contractor for allegedly stealing classified information was the second known case of a government contractor being publicly accused of removing secret data from theintelligence agency since 2013.

    The latest arrest came despite efforts to reform security after the Edward Snowden disclosures, especially in regards to insider threats.

    Harold Thomas Martin III, 51, of Glen Burnie, Maryland, was arrested by the FBI in August after federal prosecutors say he illegally removed highly classified information and stored the material in his home and car. A defense attorney said Martin did not intend to betray his country.

Top CyberSecurity News For October 5th 2016

  1. Guccifer 2.0 dumps a bunch of Clinton Foundation donor dataFrom Endgadget. Julian Assange’s “October surprise” press conference may have been a bust but his Gilligan, the hacker calling himself Guccifer 2.0, came through on Tuesday, releasing a large database of information reportedly stolen from the Clinton Foundation. The dump includes the names, addresses and emails of both individual and corporate donors as well as their contribution amounts.

Top CyberSecurity News For October 1st 2016

  1. Yahoo hack may become test case for SEC data breach disclosure rulesFrom Reuters. 

    Yahoo’s disclosure that hackers stole user data from at least 500 million accounts in 2014 has highlighted shortcomings in U.S. rules on when cyber attacks must be revealed and their enforcement.

    Democratic Senator Mark Warner this week asked the U.S. Securities and Exchange Commission to investigate whether Yahoo and its senior executives properly disclosed the attack, which Yahoo blamed on Sept. 22 on a “state-sponsored actor.”

    The Yahoo hack could become a test case of the SEC’s guidelines, said Jacob Olcott, former Senate Commerce Committee counsel who helped develop them, due to the size of the breach, intense public scrutiny and uncertainty over the timing of Yahoo’s discovery.

Top CyberSecurity News For September 26th 2016

  1. Trump hotel chain fined over data breachesFrom ComputerWorld. 

Trump Hotel Collection has arrived at a settlement with New York Attorney General Eric T. Schneiderman over hacks that are said to have led to the exposure of over 70,000 credit card numbers and other personal data.

The hotel chain, one of the businesses of Republican presidential candidate Donald Trump, has agreed to pay $50,000 in penalties and promised to take measures to beef up its data security practices, according to the attorney general’s office.

The chain is one of many hotels and retailers that have been hit recently by malware that skimmed payment card information.

 

Top CyberSecurity News For 23rd September 2016

  1. Michelle Obama data breach: purported scan of first lady’s passport appears onlineFrom Register. 

    The White House is looking into a cyber breach after what appeared to be a scan of first lady Michelle Obama’s passport was posted online.

    The fresh disclosures, which included emails to and from White House staff, raised further concerns about the security of sensitive systems following a string of breaches affecting government agencies, private companies and the Democratic National Committee. Though officials declined to say whether the disclosures were authentic, there were no immediate reasons to suspect they were not.

    The US att

Top CyberSecurity News For 22nd September 2016

  1. Yahoo Confirms At Least 500 Million Accounts Were HackedFrom Fortune. 

    Yahoo said on Thursday that information for at least 500 million user accounts was stolen from its network in 2014 by what it believed was a state-sponsored actor, a theft that appeared to the biggest cyber breach ever.

    Yahoo said data stolen may have included names, email addresses, telephone numbers, dates of birth, and encrypted passwords but that unprotected passwords, payment card data, and bank account information did not appear to have been compromised, the company said.

    “This is the biggest data breach ever,” said well-known cryptologist Bruce Schneier.