on affecting “ a small percentage of our Radisson Rewards members ” . Business Traveller was alerted to the incident by one of our readers , who had received an email from Radisson confirming that his details had been compromisedAttack.Databreach. Radisson says that it identified the breach on October 1 , although it ’ s not clear exactly when the incident occured . A statement on the group ’ s website states : “ This data security incident did not compromiseAttack.Databreachany credit card or password information . Our ongoing investigation has determined that the information accessedAttack.Databreachwas restricted to member name , address ( including country of residence ) , email address , and in some cases , company name , phone number , Radisson Rewards member number and any frequent flyer numbers on file . “ Upon identifying this issue Radisson Rewards immediately revoked access to the unauthorized person ( s ) . All impacted member accounts have been secured and flagged to monitor for any potential unauthorized behavior . “ While the ongoing risk to your Radisson Rewards account is low , please monitor your account for any suspicious activity . You should also be aware that third parties may claim to beAttack.PhishingRadisson Rewards and attempt to gather personal information by deception ( known as “ phishingAttack.Phishing” ) , including through the use of links to fake websites . Radisson Rewards will not ask for your password or user information to be provided in an e-mail . “ Radisson Rewards takes this incident very seriously and is conducting an ongoing extensive investigation into the incident to help prevent data privacy incidents from happening again in the future. ” Radisson says that affected members will have receives an email notification from Radisson Rewards either yesterday ( October 30 ) or today ( October 31 ) . In the FAQs Radisson stresses that credit card data was not exposed by the breachAttack.Databreach, nor were members ’ passwords or travel histories / future stays . The hotel group is the latest in a line of travel companies to suffer data breachesAttack.Databreach, with British Airways and Cathay Pacific both admitting to compromisedAttack.Databreachdata in the last couple of months .
Yahoo , Adult Friend Finder , LinkedIn , Tumblr and Daily Motion all have something in common : in 2016 , details of massive hacks perpetrated against the companies were disclosed . The firms represent a handful of the companies and public bodies around the world that suffered at the hands of hackers last year . Data compromisedAttack.Databreachusually included names , emails , and physical addresses , and even personal bank details , ethnicity data , and phone numbers . And the hacks aren ’ t stopping anytime soon . 2017 has already been dominated by numerous data breachesAttack.Databreachand the most recent affects the Association of British Travel Agents , commonly known as ABTA . To keep you in the loop on data breachesAttack.Databreachthis year , WIRED will keep a running tally of successful hacks . The abta.com web server for the Association of British Travel Agents ( ABTA ) was recently hackedAttack.Databreachby “ an external infiltrator ” who exposedAttack.Databreachthe details of 43,000 individuals . Around 1,000 of these included files that could include personal identity information of customers of ABTA members uploaded since 11 January 2017 , while around 650 may also include personal identity information of ABTA members . As the UK ’ s largest travel association , ABTA ’ s members include travel agents and tour operators . The unauthorised accessAttack.Databreachwas said to be possible due to a system vulnerability “ that the infiltrator exploited ” to accessAttack.Databreachsome data provided by some customers of ABTA Members and by ABTA Members themselves . On immediate investigation , ABTA saidVulnerability-related.DiscoverVulnerabilityit identifiedVulnerability-related.DiscoverVulnerabilitythat although ABTA ’ s own IT systems remained secure , there was a vulnerability to the web server managed for ABTA through a third-party web developer and hosting company . “ This , unfortunately , means some documentation uploaded to the website , as well as some information provided by customers , may have been accessedAttack.Databreach, ” ABTA ’ s CEO , Mark Tanzer said . As a precautionary measure , it has taken steps to warn its members and customers of ABTA members who have the potential to be affected . The group has also alerted the relevant authorities , including the Information Commissioner ( ICO ) and the police .
Yahoo , Adult Friend Finder , LinkedIn , Tumblr and Daily Motion all have something in common : in 2016 , details of massive hacks perpetrated against the companies were disclosed . The firms represent a handful of the companies and public bodies around the world that suffered at the hands of hackers last year . Data compromisedAttack.Databreachusually included names , emails , and physical addresses , and even personal bank details , ethnicity data , and phone numbers . And the hacks aren ’ t stopping anytime soon . 2017 has already been dominated by numerous data breachesAttack.Databreachand the most recent affects the Association of British Travel Agents , commonly known as ABTA . To keep you in the loop on data breachesAttack.Databreachthis year , WIRED will keep a running tally of successful hacks . The abta.com web server for the Association of British Travel Agents ( ABTA ) was recently hackedAttack.Databreachby “ an external infiltrator ” who exposedAttack.Databreachthe details of 43,000 individuals . Around 1,000 of these included files that could include personal identity information of customers of ABTA members uploaded since 11 January 2017 , while around 650 may also include personal identity information of ABTA members . As the UK ’ s largest travel association , ABTA ’ s members include travel agents and tour operators . The unauthorised accessAttack.Databreachwas said to be possible due to a system vulnerability “ that the infiltrator exploited ” to accessAttack.Databreachsome data provided by some customers of ABTA Members and by ABTA Members themselves . On immediate investigation , ABTA saidVulnerability-related.DiscoverVulnerabilityit identifiedVulnerability-related.DiscoverVulnerabilitythat although ABTA ’ s own IT systems remained secure , there was a vulnerability to the web server managed for ABTA through a third-party web developer and hosting company . “ This , unfortunately , means some documentation uploaded to the website , as well as some information provided by customers , may have been accessedAttack.Databreach, ” ABTA ’ s CEO , Mark Tanzer said . As a precautionary measure , it has taken steps to warn its members and customers of ABTA members who have the potential to be affected . The group has also alerted the relevant authorities , including the Information Commissioner ( ICO ) and the police .
Advanced Persistent Threat group linked to China said to be attacking companies by targeting their suppliers - scale of operation said to be unprecedented . A Chinese hacking group is thought to be behind attacks on managed service providers as a way into their client companies , to facilitate the theft of intellectual property . The hacking group , called APT10 , used custom malware and spear-phishing attacksAttack.Phishingto gain access to victims ' systems . Once inside , they used the company 's credentials to attack their client companies . The security of the supply chain has been a recognised weakness in security systems since at least 2013 when it was discovered that attackers had gained access to the Target retail chain in America through an HVAC service provider . Now it appears that APT10 is using that approach on a large scale . The group was discovered by PwC 's cyber-security practice and BAE Systems , working alongside the UK 's National Cyber Security Centre ( NCSC ) . The scale of the espionage campaign only became apparent in late 2016 , but the attack is thought to be the largest sustained global cyber-espionage campaign ever seen . PwC and BAE Systems said APT10 conducted the espionage campaign by targeting providers of managed outsourced IT services as a way in to their customers ' organisations around the world , gaining unprecedented accessAttack.Databreachto intellectual property and sensitive data . It is thought the group launched the campaign in 2014 and then significantly ramped it up in early 2016 , adding new developers and intrusion operators to continually enhance capability . The group is known to have exfiltratedAttack.Databreacha high volume of data from multiple victims and used compromised networks to stealthily move this data around the world . A number of Japanese organisations have also been targeted directly in a separate , simultaneous campaign by the same group , with APT10 masquerading asAttack.Phishinglegitimate Japanese government entities to gain access . Forensic analysis of the timings of the attack , as well as tools and techniques used , led investigators to conclude that the group may be based in China , but apart from that , it is not known precisely who is behind APT10 or why it targets certain organisations . Kris McConkey , partner for cyber-threat detection and response at PwC , said that the indirect approach of this attack highlights the need for organisations to have a comprehensive view of the threats they 're exposed to – including those of their supply chain . “ This is a global campaign with the potential to affect a wide range of countries , so organisations around the world should work with their security teams and providers to check networks for the key warning signs of compromise and ensure they respond and protect themselves accordingly , ” he said . Richard Horne , cyber-security partner at PwC , added that “ operating alone , none of us would have joined the dots to uncover this new campaign of indirect attacks . “ Together we 've been working to brief the global security community , managed service providers and known end victims to help prevent , detect and respond to these attacks , ” he added . Ilia Kolochenko , CEO of High-Tech Bridge , told SC Media UK that until there is more detail on the attacks , it would not be possible to make a reliable conclusion as to who was behind the so-called APT10 . “ Taking into consideration how careless and negligent some managed IT providers are , I would n't be surprised if all the attacks were conducted by a group of teenagers – something we have already seen in the past , ” he said . “ IT services providers should better enumerate and assess their digital risks , and implement appropriate security controls to mitigate related threats and vulnerabilities . Security standards , like ISO 27001 , can significantly help assure that the risks are continuously identified and are being duly addressed . For cyber-security service providers , accreditation by CREST is also an important factor to demonstrate the necessary standard of care around security , confidentiality and integrity for their own and client data , ” he added . “ Companies looking to secure their supply-chain can oblige their suppliers to get certified by ISO 27001 for example , or to provide solid and unconditional insurance to cover any data breachesAttack.Databreachand data leaksAttack.Databreach, including direct and consequent damages . ''
Cybersecurity experts and companies on Long Island are looking for ways to shore up the weakest link on company computer networks : the employee . Local cybersecurity professionals are creating interactive comic books , testing employees with simulated phishing emails — tailored messages that seek to obtain key information , such as passwords — and seeking to convince top executives that the threat of business disruption from hacking requires their attention . “ The biggest problem is not the technology ; it ’ s the people , ” said Laurin Buchanan , principal investigator at Secure Decisions , a division of Northport software developer Applied Visions Inc. Sixty percent of cyber-assaults on businesses can be traced to insiders ’ actions , either inadvertent or malicious , according to a 2016 study by IBM Security . The average cost of a data breachAttack.Databreachfor U.S. companies is $ 7.4 million , or $ 225 per lost or stolen record , a June 2017 study by IBM and the Ponemon Institute , a Traverse City , Michigan , researcher , found . Costs related to data breachesAttack.Databreachcan include the investigation , legal costs to defend against and settle class-action lawsuits , credit monitoring for affected customers , and coverage of fraud losses . Harder to gauge is the cost to a company ’ s reputation . One of the largest hacksAttack.Databreachever was disclosed this month , when credit reporting company Equifax Inc. revealed that sensitive data from 143 million consumers , including Social Security numbers and birth dates , was exposedAttack.Databreach. A stock analyst from Stifel Financial Corp. estimated that the attack will cost Equifax about $ 300 million in direct expenses . Investors seem to think the incident will have a much greater impact on At a seminar in Garden City this month , Henry Prince , chief security officer at Shellproof Security in Greenvale , explained how in a ransomware attackAttack.Ransom— one of many types — cybercriminals can buy specialized tools such as those used to sendAttack.Phishingphishing emails . The easy availability of that software means that hackers require “ no programming experience , ” Prince said . Phishing emails can be blocked by company email filters , firewalls and anti-virus software . But if one gets throughAttack.Phishingand an employee clicks on the link in the phishing email , the business ’ network is compromised . Hackers can then encrypt files , preventing access to them by the company and crippling the business , Prince said at the seminar . Hackers then can demand paymentAttack.Ransom, typically in an untraceable cryptocurrency like Bitcoin — a digital asset that uses encryption — before agreeing to decrypt the files . “ Ransomware is a business to these people , ” Prince said . “ Ninety-nine percent of the time , ransomware requires user interaction to infect. ” Della Ragione echoed that sentiment : “ The greatest risk at a company is the employees . Training employees is one of the best steps in shoring up your defenses. ” In response , many local experts and companies focus on teaching employees how to resist hackers ’ tricks . Secure Decisions has developed interactive comics to teach employees ways of detecting “ phishing ” emails and other hacking attempts . The company has gotten more than $ 1 million for research related to the interactive comic project , known as Comic-BEE , from the Department of Homeland Security , as well as a grant for $ 162,262 from the National Science Foundation . The comics , inspired by children ’ s “ Choose Your Own Adventure ” books , feature different plots depending on the reader ’ s choices . “ If you can give people the opportunity to role-play , some of the exhortations by the experts will make more sense , ” Buchanan said . The comics are being field-tested at several companies and Stony Brook University . They were featured in July at a DHS cybersecurity workshop in Washington , D.C. Radu Sion , a computer science professor at Stony Brook and director of its National Security Institute , which studies how to secure digital communications , acknowledged that security is far from a priority for most users . “ Ultimately , the average Joe doesn ’ t care , ” he said . “ You [ should ] treat the vast majority of your users as easily hackable. ” Northwell Health , the New Hyde Park-based health care system that is the largest private employer in New York State , is trying to find and get the attention of those inattentive employees . Kathy Hughes , Northwell vice president and chief information security officer , sends out “ phishing simulations ” to the workforce . The emails are designed to mimicAttack.Phishinga real phishing campaignAttack.Phishingthat seeks passwords and personal information . In April , for instance , Northwell sent outAttack.Phishingphishing emails with a tax theme . Hughes collects reports on which employees take the baitAttack.Phishingby user , department and job function . “ We present them with a teachable moment , ” she said . “ We point out things in the email that they should have looked at more carefully. ” The emails are supplemented with newsletters , screen savers and digital signage reminding users that hackers are lurking . Another tool : Non-Northwell emails have an “ external ” notation in the subject line , making it harder for outsiders to pretend to beAttack.Phishinga colleague . “ We let [ the employees ] know that they are part of the security team , ” she said . “ Everybody has a responsibility for security. ” One of the most important constituencies for security is top executives . Drew Walker , a cybersecurity expert at Vector Solutions in Tampa , Florida , said many executives would rather not know about vulnerabilities to their computer systems , because knowledge of a hole makes them legally vulnerable and casts them in a bad light . “ Nine times out of 10 , they don ’ t want to hear it , ” he said . “ It makes them look bad. ” Richard Frankel , a former FBI special agent who is of counsel at Ruskin Moscou , said that company tests of cybersecurity readiness often snare CEOs who weren ’ t paying attention to training . But attorney Della Ragione said high-profile attacks are getting notice from executives . “ Everyone ’ s consciousness is being raised , ” she said . Data leaksAttack.Databreachat Long Island companies have caused executives to heighten security . In 2014 , Farmingdale-based supermarket chain Uncle Giuseppe ’ s Marketplace said that foreign hackers had breachedAttack.Databreachthe credit card database of three stores . Joseph Neglia , director of information technology at Uncle Giuseppe ’ s , said that after the data breachAttack.Databreach, which affected about 100 customers , the company began scheduling “ monthly vulnerability scans ” and upgraded its monitoring and security systems . For businesses , Stony Brook ’ s Sion said , the cybersecurity threat is real and immediate . “ I need one second with your machine to compromise it forever and ever , ” he said . “ It ’ s an uphill battle . ”
Bristol Airport authorities were recently forced to take their flight information system displays offline for two days to contain a ransomware attackAttack.Ransom. The authorities dismissed the ransom demandAttack.Ransomand decided to rebuild the affected systems . For two days , flight status information was displayed on whiteboards and there was an increase in announcements over the speakers . Similarly , in the last few months there have been several cyberattacks targeting hospitals , city administration and sporting events . The servers of the US-based PGA were reportedly hit by ransomwareAttack.Ransomattacks right before the PGA Championship in the first week of August . A new ransomware called Everlasting Blue Blackmail Virus , which targets Windows PCs using spam and phishing campaignsAttack.Phishing, flashes former US President Barrack Obama ’ s image with the ransom message . Once the ransomware gains entry into the system , its looks for all .exe ( executable ) files and encrypts them , preventing users from running apps until the ransom is paidAttack.Ransom. Hot on the heels of the cyberattackAttack.Ransomon the town of Valdez in Alaska , Canadian town Midland in Ontario was hit by a ransomware attackAttack.Ransomin the first week of September . Hackers broke into the city database involving fire , water , and waste management and blocked access , demanding ransomAttack.Ransom. A major concern for cybersecurity experts is the fileless attacks , which are hard to detect . These attacks do not install a malicious software to infiltrate a victim ’ s computer , which makes it difficult for anti-virus solutions to detect them . According to Ponemon Institute , 35 % of all cyberattacks in 2018 were fileless , while security solution provider Carbon Black claims that fileless attacks accounted for 50 % of all successful data breachesAttack.Databreachtargeting financial businesses . Fileless attacks target legitimate Windows tools such as PowerShell ( a scripting language which can provide hackers unrestricted access to Windows API ) and Windows Management Instrumentation ( used by admins ) . By latching on to these tools , hackers gain control over the PC and eventually the organization ’ s database . In another recent development , researchers at F-Secure have come across a new vulnerability affecting PCs . Dubbed as cold boot , the attack can be carried off using a special programme through a USB drive connected to a PC . Using the programme , the hacker can disable the memory overwriting by rebooting the system , without a proper shutdown . The attack can be used to break into company system which might have access to the company network .
Award-winning cooking tools company OXO revealed that it has suffered data breachesAttack.Databreachover the last two years that may have compromisedAttack.Databreachcustomer and credit card information . In a breach disclosure letter filed with the State of California , OXO said that the data security incident involved “ sophisticated criminal activity that may have exposedAttack.Databreachsome of your personal information. ” The attacker is believed to have accessedAttack.Databreachcredit card information , along with names and billing and shipping addresses , though the letter does not state the scope of impact . “ On December 17 , 2018 , OXO confirmed through our forensic investigators that the security of certain personal information that you entered into our e-commerce website ( https : //www.oxo.com ) may have been compromisedAttack.Databreach. We currently believe that information entered in the customer order form between June 9 , 2017 – November 28 , 2017 , June 8 , 2018 – June 9 , 2018 , July 20 , 2018 – October 16 , 2018 may have been compromisedAttack.Databreach. While we believe the attempt to compromiseAttack.Databreachyour payment information may have been ineffective , we are notifying you out of an abundance of caution. ” OXO is currently working with security consultants and forensic investigators , who are lookingVulnerability-related.DiscoverVulnerabilityat past vulnerabilities in the website as part of an ongoing investigation of the incident . Additionally , the company has taken measures to secure its site to prevent future incidents . “ This latest breach underscores the importance of 24/7 security monitoring , ” said Matan Or-El , CEO of Panorays . “ With the new year upon us , companies should perform an in-depth review of all their digital assets to ensure that they and their third parties have not been compromised . We expect that future hacks will be targeted towards entire industries so as to maximize the payout for cyber-criminals. ” OXO has also secured the services of risk mitigation and response firm Kroll in order to extend identify monitoring services to its customers .
East Ohio Regional Hospital in Harper 's Ferry , Ohio , and Ohio Valley Medical Center in Wheeling , West Virginia , both got affected by ransomware on the last weekend of November . [ 1 ] Due to this incident , ambulance patients were transported to other hospitals nearby and emergency room admissions were limited to walk-up patients only . Due to attack , employees needed to switch to paper charting and various systems were taken offline immediately . This fairly quick response limited the ransomware damage and prevented the possible data breachAttack.Databreach. [ 2 ] According to Karin Janiszewski , director of marketing and public relations for EORH and OVMC , hospitals reacted as soon as possible and , at the moment of writing , they are already using the computer network . On the following Saturday , Karin Janiszewski stated : There has been no patient information breachAttack.Databreach. The hospitals are switching to paper charting to ensure patient data protection . We have redundant security , so the attack was able to get through the first layer but not the second layer . IT staff dealt with the outbreak to avoid a data breachAttack.DatabreachWhen it comes to malware attacks on large companies , the lossAttack.Databreachof personal customer data is the worst thing that can happen . It seems that this time the situation was handled quick enough to prevent having the sensitive data being compromisedAttack.Databreach. IT team took several computers offline , and , because of this , most of the clinical operations transferred to other units , and emergency patients were automatically taken to different locations . On Saturday , when the incidents occurred , hospital officials stated that the staff is ready to take everything on paper until the downtime is over . Also , since this is a ransomware-type malware attackAttack.Ransom, hackers demand a ransomAttack.Ransom. However , officials did not select the scenario involving making the paymentAttack.Ransom. No matter how big or how little the ransom demandAttack.Ransomis , officials should n't even consider making the paymentAttack.Ransombecause it may lead to system damage or permanent data loss . [ 3 ] In the United States , data breachesAttack.Databreachand malware attacks on huge organizations have become a common thing , especially in the healthcare industry . In 2016 Hollywood Presbyterian Hospital paid the demanded ransomAttack.Ransomin Bitcoin after having its data encrypted . [ 4 ] The infection was widespread and the attackAttack.Ransomcost around $ 17 000 . Another incident that resulted in ransom paymentAttack.Ransomwas spotted in Kansas Heart Hospital in 2016 also . Unfortunately , after the payment was madeAttack.Ransom, attackers disappeared ignoring the promise to decrypt locked files . They send yet another ransom demandAttack.Ransominstead and asked forAttack.Ransoma bigger amount of money . Previously this year , the Indiana-based hospital got infected with SamSam which is an infamous ransomware virus which has been relying on specific infection tactics which is highly personalized . After considering different scenarios , the hospital decided to payAttack.Ransom4 BTC ( equal to $ 45 000 at that time ) for ransomware developers to get private keys needed for files ' recovery . Ransomware developers gave what they promised .
Here are five best practices that can help you boost end-user experiences , simplify performance management , and reduce the cost of your AWS environment . The number of successful cyberattacks per year per company has increased by 46 % over the last four years . But what really needs to be considered when exploring a solution ? The leaked database weighs in at 52.2GB , and according to ZDNet comes via business services firm Dun & Bradstreet , which sells it to marketers that send targeted email campaigns . After examining the data , Hunt has revealed that the data dumpAttack.Databreachcontains details belonging exclusively to US-based companies and government agencies . California is the most represented demographic with over four million records , followed by New York with 2.7 million records and Texas with 2.6 million records . The leading organisation by records is the Department of Defense , with 101,013 personnel records exposed in the dumpAttack.Databreach. It is followed by the United States Postal Service ( USPS ) with 88,153 leaked employee records and AT & T with 67,382 . Other firms affected by the leakAttack.Databreachincludes CVS with 40,739 records , Citigroup with 35,292 and IBM with 33,412 . The database contains dozens of fields , some including personal information such as names , job titles and functions , work email addresses , and phone numbers . While the database does n't contain more sensitive information , such as credit card numbers or SSNs , Hunt says it 's an `` absolute goldmine for targeted spear phishingAttack.Phishing. '' `` From this data , you can piece together organisational structures and tailor messagingAttack.Phishingto create an air of authenticity and that 's something that 's attractive to crooks and nation-state actors alike , '' he said . `` I often work with companies attempting to mitigate the damage of their organisational data being publicly exposedAttack.Databreach( frequently due to data breachesAttack.Databreach) , and I can confidently say that knowing this information is out there circulating would concern many of them . '' Dun & Bradstreet has denied responsibility for the leakAttack.Databreachand said it could have come from come from any of its thousands of clients . `` Based on our analysis , it is our determination that there has been no exposureAttack.Databreachof sensitive personal information from , and no infiltration of our system . The information in question is data typically found on a business card . `` As general practice , Dun & Bradstreet uses an agile security process and evaluates and evolves security controls to protect the integrity of our data , '' a spokesperson told the INQUIRER
Hackers made hay of the sorry state of credential security in 2016 . They stoleAttack.Databreachmillions of username and password combinations from online services of all shapes and sizes . Blogs and discussion forums were hit particularly hard . Exploiting credentials is an old attack vector that still works wonders for hackers . In its 2016 Data Breach Investigations Report ( DBIR ) , Verizon added a section about credentials , revealing that 63 % of data breachesAttack.Databreachinvolved weak , default or stolen passwords . “ This statistic drives our recommendation that this is a bar worth raising , ” reads the report . Why is it so easy for cybercriminals to plunderAttack.Databreachlogin credentials ? End users , despite constant warnings , continue re-using passwords , allowing hackers to conveniently break into multiple accounts after stealingAttack.Databreachsomeone 's credentials once . It 's like having one key for your bike lock , front door , office building , car and bank box . Meanwhile , more software vendors should provide advanced hashing , salting and other scrambling technologies for protecting credential information in case it 's stolenAttack.Databreach. For example , attackers hacked Clash of Kings ' forum after exploiting a known vulnerability in an outdated version of the vBulletin software . The thieves stoleAttack.Databreachpersonal information from 1.6 million user accounts , including scrambled passwords . In one case , an attacker used misplaced install files to gain admin privileges . In another case , hackers stoleAttack.Databreachone moderator 's credentials and used the account to post a malicious message in the forum . After viewing the message , the forum 's administrator had his account compromised , leading to a massive breach . Notable vulnerabilities exploitedVulnerability-related.DiscoverVulnerabilityin recent years include CVE-2016-6483 , CVE-2016-6195 , CVE-2016-6635 , CVE-2015-1431 , CVE-2015-7808 , CVE-2014-9574 and CVE-2013-6129 .
Things are getting messy at McDonald 's in India , and that 's not just for consumers of the Maharaja Mac - a double-stacked grilled chicken monstrosity with jalapenos and habanero sauce . The flaw , foundVulnerability-related.DiscoverVulnerabilityby payments company Fallible , exposed names , email addresses , phone numbers , home addresses and sometimes the coordinates of those homes , as well as links to social media profiles . And Fallible contends that the leakAttack.Databreachstill has n't been properly fixed . I queried McDonald 's to see if it has tried to sealVulnerability-related.PatchVulnerabilitythe hole in the API and also whether it has notified customers or regulators , but I did n't get an immediate response . In a March 19 tweet , McDonald 's did n't issue any clear answers , instead taking the well-trodden path of seeking to reassure users by highlighting what was not breachedAttack.Databreach. McDonald 's has dabbled in home delivery in many countries since the early 1990s , attracting budget diners willing to risk the short half-life of its sandwiches and fries versus the vagaries of home delivery . Fallible says it contacted McDonald 's India on Feb 7 , letting the fast-food chain know it could sequentially pullAttack.Databreachuser information from the API using a curl request . `` An unprotected publicly accessible API endpoint for getting user details coupled with serially enumerable integers as customer IDs can be used to obtain accessAttack.Databreachto all users personal information , '' Fallible writes in a blog post . But the issue appeared to remain unfixedVulnerability-related.PatchVulnerability, so Fallible says McDonald 's another email on March 7 asking for a status update . Ten days later , it sent another email and received no response . Fallible chose to go public with the issue in a March 18 blog postVulnerability-related.DiscoverVulnerability, prompting a public acknowledgement from McDonald 's on Twitter the next day . Fallible contendsVulnerability-related.DiscoverVulnerabilitythe issue hasn't been fixedVulnerability-related.PatchVulnerability, and it 's unclear from McDonald 's tweet if it was . India does n't have a specific law that requires mandatory reporting of data breachesAttack.Databreach. But there are regulations and laws that cover the disclosure of personal information .
`` There have not been any breachesAttack.Databreachin any of Apple 's systems including iCloud and Apple ID , '' an Apple representative said in an emailed statement . `` The alleged list of email addresses and passwords appears to have been obtainedAttack.Databreachfrom previously compromisedAttack.Databreachthird-party services . '' A group calling itself the Turkish Crime Family claims to have login credentials for more than 750 million icloud.com , me.com and mac.com email addresses , and the group says more than 250 million of those credentials provide access to iCloud accounts that do n't have two-factor authentication turned on . The hackers want Apple to payAttack.Ransom$ 700,000 -- $ 100,000 per group member -- or `` $ 1 million worth in iTunes vouchers . '' Otherwise , they threaten to start wiping data from iCloud accounts and devices linked to them on April 7 . In a message published on Pastebin Thursday , the group said it also asked forAttack.Ransomother things from Apple , but they do n't want to make public . `` We 're actively monitoring to prevent unauthorized access to user accounts and are working with law enforcement to identify the criminals involved , '' the Apple representative said . `` To protect against these type of attacks , we recommend that users always use strong passwords , not use those same passwords across sites and turn on two-factor authentication . '' However , the unusually high numbers advanced by the group are hard to believe . It 's also hard to keep up with the group 's claims , as at various times over the past few days , it has released conflicting or incomplete information that it has later revised or clarified . The group claims that it started out with a database of more than 500 million credentials that it has put together over the past few years by extractingAttack.Databreachthe icloud.com , me.com and mac.com accounts from stolen databases its members have soldAttack.Databreachon the black market . The hackers also claim that since they 've made their ransomAttack.Ransomrequest public a few days ago , others have joined in their effort and shared even more credentials with them , putting the number at more than 750 million . The group claims to be using 1 million high-quality proxy servers to verify how many of the credentials give them access to unprotected iCloud accounts . Apple provides two-factor authentication for iCloud , and accounts with the option turned on are protected even if their password is compromisedAttack.Databreach. The latest number of accessible iCloud accounts advanced by the Turkish Crime Family is 250 million . That 's an impressive ratio of one in every three tested accounts . The largest ever data breachAttack.Databreachwas from Yahoo with a reported 1 billion accounts . `` At best they ’ ve got some reused credentials , but I wouldn ’ t be surprised if it ’ s almost entirely a hoax . '' Hunt has n't seen the actual data that the Turkish Crime Family claims to have , and there is n't much evidence aside from a YouTube video showing a few dozen email addresses and plain text passwords . However , he has significant experience with validating data breachesAttack.Databreachand has seen many bogus hacker claims over the years . To be on the safe side , users should follow Apple 's advice and create a strong password for their account and turn on two-factor authentication or two-step verification at the very least
Around 50 % of the impacted accounts never posted on the forum which leads to the conclusion that they weren ’ t real users but bots . The stolen data contains email addresses , hashed passwords , and salts but none of the usernames were takenAttack.Databreach. However , good news is that all passwords have been reset . Therefore it ’ s too early to assume what happened or how attackers were able to accessAttack.Databreachthe database . Nevertheless , the administrators believe that it could be because of a phishing attackAttack.Phishing. It must be noted that one of the forum ’ s staff members was also impactedAttack.Databreachby the breachAttack.Databreachwhich is not surprising since hackers are successfully cracking passwords from previous data breachesAttack.Databreachand using them for further attacks . More : 21 Million Decrypted Gmail , 5 Million Yahoo Accounts Being Sold on Dark Web The forum is implementing new security measures including site-wide HTTPS support , 2-step authentication requirement for their staff and passwords randomizing of inactive accounts . This is not the first time when Android Forums was security issues . In 2012 , the forum suffered a massive data breachAttack.Databreachin which user credentials of 1 million users were stolenAttack.Databreach. At the time of publishingAttack.Phishingthis article , the Android Forums was down for scheduled maintenance but you can still go through the security notice through Google Cache
The Cyber Division of the U.S. Federal Bureau of Investigation ( FBI ) has issued an alert to warn the healthcare industry that malicious actors are actively targeting File Transfer Protocol ( FTP ) servers that allow anonymous access . According to the law enforcement agency , attackers have targeted the FTP servers of medical and dental facilities in an effort to obtain accessAttack.Databreachto protected health information ( PHI ) and personally identifiable information ( PII ) , and use it to intimidate , blackmail and harass business owners . “ The FBI recommends medical and dental healthcare entities request their respective IT services personnel to check networks for FTP servers running in anonymous mode . If businesses have a legitimate use for operating a FTP server in anonymous mode , administrators should ensure sensitive PHI or PII is not stored on the server , ” the FBI said . These servers allow users to authenticate with only a username , such as “ anonymous ” or “ ftp , ” and either a generic password or no password at all . The FBI pointed out that vulnerable FTP servers can also be abused to store malicious tools or to launch cyberattacks . In 2015 , IBM named healthcare as the most attacked industry , with more than 100 million records compromisedAttack.Databreach, after in the previous year this sector did not even make it to the top five . An IBM report for 2016 showed that the volume of compromised records was smaller , but the number of data breachesAttack.Databreachincreased , causing operational , reputational and financial damage to healthcare organizations . A report published recently by Fortinet showed the top threats targeting healthcare companies in the last quarter of 2016 , including malware , ransomware , IPS events , exploit kits and botnets
The NJCCIC assesses with high confidence that fileless and “ non-malware ” intrusion tactics pose high risk to organizations , both public and private , and will be increasingly employed by capable threat actors intent on stealingAttack.Databreachdata or establishing persistence on networks to support ongoing espionage objectives or to enable future acts of sabotage . Furthermore , we assess most organizations are not currently equipped to defend against these tactics . The NJCCIC recommends all organizations reevaluate the capabilities and efficacy of their current cybersecurity technologies and processes , as well as their staffs , to ensure they are effectively managing and reducing the risk of data breachesAttack.Databreachand disruptive or destructive attacks conducted using fileless methods . To address the risk posed by fileless and non-malware tactics , organizations must first adopt a comprehensive cyber risk management framework and implement robust cybersecurity best practices and defensive measures , including , but not limited to , the bulleted items below . Additionally , organizations will need to employ enhanced logging , monitoring , and analysis of all network , host , and user activity to identify fileless tactics . To do so , enterprises may need to procure third-party products and managed services that include capabilities such as full system endpoint protection with memory and registry monitoring , behavioral analytics , next-generation firewalls , and email content inspection
Financial institutions worldwide including those in the country have been implored to be extremely cautious of the growing cyber-attacks that put them at great risk this year than before . The report further cautions that a slight mistake could cause great cash loss to the financial institutions like what happened to a Bangladesh Bank Central Bank . The Sophos report indicates that financial infrastructure is at greater risk of attack . `` The use of targeted phishingAttack.Phishingand 'whaling ' continues to grow . These attacksAttack.Phishinguse detailed information about company executives to trickAttack.Phishingemployees into paying fraudsters or compromising accounts . `` We also expect more attacks on critical financial infrastructure , such as the attack involving SWIFTconnected institutions which cost the Bangladesh Central Bank $ 81 million in February , '' reveals the report . The caution comes in following a Cybersecurity giant Sophos report published recently shows that the attacks are expected to increase this year . Expounding further , the report indi - cates that the year 2016 saw a huge number and variety of cyber-attacks , ranging from a high-profile DDoS using hijacked Internet-facing security cameras to the alleged hacking of party officials during the US election , according to a report by a Cybersecurity giant Sophos . The Sophos report shows that they also saw a rising tide of data breachesAttack.Databreachfrom big organisations and small and significant losses of people 's personal information . `` Since the year 2016 is over , we 're pondering how some of those trends might play out in 2017 , '' it notes . The report indicates that the current and emerging attack trends include the destructive DDoS IOT attack which is expected to rise . `` In 2016 , Mirai showed the massive destructive potential of DDoS attacks as a result of insecure consumer IoT ( Internet of Things ) devices . Mirai 's attacks exploited only a small number of devices and vulnerabilities and used basic password guessing techniques , '' part of the report indicates . However , the report claims that cybercriminals will find it easy to extend their reach because there are so many IoT devices containing outdated code based on poorly-maintained operating systems and applications with well-known vulnerabilities . `` Expect IoT exploits , better password guessing and more compromised IoT devices being used for DDoS or perhaps to target other devices in your network , '' it notes . It shows there is a shift from exploitation to targeted social attacks . `` Cybercriminals are getting better at exploiting the ultimate vulnerability - humans . Ever more sophisticated and convincing targeted attacks seek to coax users into compromising themselves . For example , it 's common to see an email that addresses the recipient by name and claims they have an outstanding debt the sender has been authorised to collect , '' explains part of the report . It further states that shock , awe or borrowing authority by pretending to beAttack.Phishinglaw enforcement are common and effective tactics , saying that the email directs them to a malicious link that users are panicked into clicking on , opening them up to attack . `` Such phishing attacksAttack.Phishingcan no longer be recognised by obvious mistakes , '' it states . SWIFT recently admitted that there have been other such attacks and it expects to see more , stating in a leaked letter to client banks , stating that the threat is very persistent , adaptive and sophisticated - and it is here to stay . The Sophos report notes that there is increasing exploitation of the Internet 's inherently insecure infrastructure . All Internet users rely on ancient foundational protocols and their ubiquity makes them nearly impossible to revamp or replace
The Intercontinental Hotels Group ( IHG ) has been forced to reveal yet another major data breachAttack.Databreachof customer card details over the latter part of 2016 . In a lengthy missive on Friday , the group explained that an unspecified number of IHG hotels run as franchises were affected between September 29 and December 29 last year . It added : “ Although there is no evidence of unauthorized accessAttack.Databreachto payment card data after December 29 2016 , confirmation that the malware was eradicated did not occur until the properties were investigated in February and March 2017… `` The malware searched for track data ( which sometimes has cardholder name in addition to card number , expiration date , and internal verification code ) read from the magnetic stripe of a payment card as it was being routed through the affected hotel server . There is no indication that other guest information was affected. ” IHG-branded hotels which had implemented the firm ’ s Secure Payment Solution ( SPS ) – a point-to-point encryption ( P2PE ) payment acceptance product – are said to have been protected from the malware ’ s attempts to find card data . Although the hotel group didn ’ t explicitly mention how many outlets and/or customers may have been affected , a list of hotels impacted by the breach reveals a huge number across the US and Puerto Rico . Ilia Kolochenko , CEO of High-Tech Bridge , argued that the hotel industry remains relatively poorly secured . “ I frequently face well-known hotel brands asking to send a passport and two-sides of a credit card by email , or having their reception laptops connected to free Wi-Fis for guests , ” he explained . “ Such carelessness and negligence will unavoidably lead to huge data breachesAttack.Databreach, the majority of which will not be ever detected due to lack of technical skills and resources . Strict regulation , besides PCI DSS and the approaching GDPR , is certainly required to make hotel business safe. ” Hyatt , Marriott , Starwood and Intercontinental hotels were hit with point-of-sale malware revealed in August last year . Like the current IHG breach , it was the firms ’ card providers that alerted them , revealing a worrying lack of internal threat detection capabilities .
LinkedIn users are being warned to be on their guard following a rise in reports of attacks being distributed via email designed to trickAttack.Phishingjob seekers into sharing their personal details . Scammers have spammed out email messages posing asAttack.Phishingcommunications from LinkedIn , claiming that a company is “ urgently seeking ” workers matching your qualifications in “ your region ” . It would be nice to think that recipients of the bogus message would spot a number of warning signals as soon as they open the communication in their email inbox . But there ’ s always a chance that someone eager to find new employment might – in their haste – not notice that the messages As HelpNetSecurity describes , if anyone was careless enough to followAttack.Phishingthe email ’ s advice and click on the link contained within the message – they would be takenAttack.Phishingto a third-party website where they are instructed to upload their CVs , making it child ’ s play for scammers to harvest the information . Just think of some of the personal information that you include in your CV or resume . Before you know it , a scammer might have your full name , date of birth , work and home email addresses , work and home telephone numbers , and all manner of other personal information that could be abused by scammers . At the simplest level such data breachesAttack.Databreachcould lead to a rise in targeted spam attacks , or scam phone calls . But it could also be a stepping stone to more damaging business email compromiseAttack.Phishing( also often known as “ CEO fraud ” ) which has resulted , in some cases , in companies losing tens of millions of dollars . Anything which gives online criminals inside information about you and your position within a company could give them the head start they need to launch a targeted attack that could lead to a significant data breachAttack.Databreachor a substantial financial loss . In short , being careless with your personal information – such as your CV – might not just put your career in jeopardy , it could also ultimately endanger the company you work for . And that ’ s certainly not going to ever look good on your CV .
On April 14 , the company disclosed to the California attorney general that a December 2015 breachAttack.DatabreachcompromisedAttack.Databreachmore sensitive information than first thought . It also disclosed new attacksAttack.Databreachfrom earlier this year that exposedAttack.Databreachnames , contact information , email addresses and purchase histories , although the retailer says it repelled most of the attacks . The dual notifications mark the latest problems for the company , which disclosed in early 2014 that its payment systems were infected with malware that stoleAttack.Databreach350,000 payment card details . Over the past few years , retailers such as Target , Home Depot and others have battled to keep their card payments systems malware-free ( see Neiman Marcus Downsizes Breach Estimate ) . The 2015 incident started around Dec 26 . In a notification to California about a month later , the retailer said it was believed attackers cycled through login credentials that were likely obtainedAttack.Databreachthrough other data breachesAttack.Databreach. A total of 5,200 accounts were accessedAttack.Databreach, and 70 of those accounts were used to make fraudulent purchases . Although email addresses and passwords were not exposedAttack.Databreach, the original notification noted , accessAttack.Databreachto the accounts would have revealed names , saved contact information , purchase histories and the last four digits of payment card numbers . The affected websites included other brands run by Neiman Marcus , including Bergdorf Goodman , Last Call , CUSP and Horchow . According to its latest notification , however , Neiman Marcus Group now says full payment card numbers and expiration dates were exposedAttack.Databreachin the 2015 incidentAttack.Databreach. The latest attack disclosed by Neiman Marcus Group , which occurred around Jan 17 , mirrors the one from December 2015 . It affects the websites of Neiman Marcus , Bergdorf Goodman , Last Call , CUSP , Horchow and a loyalty program called InCircle . Again , the company believes that attackers recycled other stolen credentials in an attempt to see which ones still worked on its sites . It appears that some of the credentials did unlock accounts . The breachAttack.DatabreachexposedAttack.Databreachnames , contact information , email addresses , purchase histories and the last four digits of payment card numbers . It did n't specify the number of accounts affected . The attackers were also able to accessAttack.Databreachsome InCircle gift card numbers , the company says . Web services can slow down hackers when suspicious activity is noticed , such as rapid login attempts from a small range of IP addresses . Those defensive systems can be fooled , however , by slowing down login attempts and trying to plausibly geographically vary where those attempts originate . For those affected by the January incident , Neimen Marcus Group is enforcing a mandatory password reset . It 's an action that 's not undertaken lightly for fear of alienating users , but it 's a sign of how serious a service feels the risk is to users or customers . The company also is offering those affected a one-year subscription to an identity theft service .
The OurMine hackers are back in the news again . This time the group hacked and defaced the official domain of Unity 3D Forums leaving a deface page along with a note over the weekend . The hack which took place on 30th April allowed the Saudi Arabia-based OurMine hacking group to compromise the forum ’ s security and leave a note stating “ Hacked by OurMine , Your Security is low. ” Unity 3D administrators have acknowledged the hackAttack.Databreachbut stated that no password was stolenAttack.Databreachin the attackAttack.Databreachand that the 2FA Authentication will be introduced to the forums for better security . Furthermore , the administrators are also planning to bring Device Identification and Password Policy on the forums . According to the official statement from Unity 3D : Thanks to everyone that have reached out about our forums being compromised – we are on it ! — Unity ( @ unity3d ) April 30 , 2017 One of the team members from Unity stated on Reddit that : After the hack , the Unity 3D forums was down for maintenance though at the time of publishing this article the forums were online and reachable . However , if you have an account on Unity 3D forums it is advised that you change your password . Just in case if you are not familiar with the OurMine then this is the same group who conducted the biggest hack in YouTube ’ s history last month by taking over hundreds of popular YouTube accounts and defacing their titles with # OurMine signature . The same group was in the news for hacking Google ’ s CEO Sundar Pichai , Facebook ’ s CEO Mark Zuckerberg , Co-founder of Twitter Jack Dorsey and several other top media celebrities and news outlets . It is unclear how OurMine hacksAttack.Databreachits victims but researchers believe that the group uses passwords stolenAttack.Databreachfrom previous data breachesAttack.Databreachincluding LinkedIn and MySpace . The group is also working on establishing itself as an IT security firm to help companies against cyber attacks , however , it is unclear whether such tactics will give them clients or scare them away . DDoS attacks are increasing , calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator .
There are so many data breachesAttack.Databreachthese days that it ’ s almost impossible to keep a track of them . From billions of Yahoo accounts to millions of LinkedIn and MySpace accounts the whole thing is out of control . But then there are people dedicating time to track large-scale breaches . One of them is Troy Hunt from Australia whose running Have I been pwned ( HIBP ) platform and has recently discovered two different “ combo lists ” containing 593,427,119 and 457,962,538 = 1,051,389,657 user login credentials . According to Hunt blog post , While discussing the second list Hunt said that : For now , Hunt has uploaded over 1 billion breached accounts on HIBP containing collections of email addresses and passwords from around the world , the authentication of which has been confirmed by Hunt himself . Although unconfirmed yet , it seems like the hackers , scammers , and cybercriminals developed these lists from various systems and previous large-scale data breachesAttack.Databreachincluding VerticalScope , MySpace , LinkedIn , Twitter , Dropbox , Yahoo , Tumblr and Adobe Systems etc . Hunt has also revealed , “ 75.78 % of the leaked addresses were already in HIBP database. ” This means the lists were defiantly developed with the help of previous data breachesAttack.Databreach. As a security journalist , I can confirm my personal email account is also on the list . 1 billion new records in @ haveibeenpwned from different unknown sources.Lot of people will be notified they 're pwned https : //t.co/qDkz7t3IbR — John Opdenakker ( @ j_opdenakker ) May 5 , 2017 Meanwhile , we highly recommend visiting Hunt ’ s post here and his Have I been pwned ( HIBP ) platform to check whether your email is on the list . If it is , change its password right now and also use a password manager to get hold of a strong password . Furthermore , make sure you are not using the same password on other sites but if you are ; make sure to change all passwords before it ’ s too late . Remember , hackers , scammers , and cyber criminals can conduct identity theft scams , social engineering attacks and even stealAttack.Databreachyour banking details using your personal data . DDoS attacks are increasing , calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator .
There are so many data breachesAttack.Databreachthese days that it ’ s almost impossible to keep a track of them . From billions of Yahoo accounts to millions of LinkedIn and MySpace accounts the whole thing is out of control . But then there are people dedicating time to track large-scale breaches . One of them is Troy Hunt from Australia whose running Have I been pwned ( HIBP ) platform and has recently discovered two different “ combo lists ” containing 593,427,119 and 457,962,538 = 1,051,389,657 user login credentials . According to Hunt blog post , While discussing the second list Hunt said that : For now , Hunt has uploaded over 1 billion breached accounts on HIBP containing collections of email addresses and passwords from around the world , the authentication of which has been confirmed by Hunt himself . Although unconfirmed yet , it seems like the hackers , scammers , and cybercriminals developed these lists from various systems and previous large-scale data breachesAttack.Databreachincluding VerticalScope , MySpace , LinkedIn , Twitter , Dropbox , Yahoo , Tumblr and Adobe Systems etc . Hunt has also revealed , “ 75.78 % of the leaked addresses were already in HIBP database. ” This means the lists were defiantly developed with the help of previous data breachesAttack.Databreach. As a security journalist , I can confirm my personal email account is also on the list . 1 billion new records in @ haveibeenpwned from different unknown sources.Lot of people will be notified they 're pwned https : //t.co/qDkz7t3IbR — John Opdenakker ( @ j_opdenakker ) May 5 , 2017 Meanwhile , we highly recommend visiting Hunt ’ s post here and his Have I been pwned ( HIBP ) platform to check whether your email is on the list . If it is , change its password right now and also use a password manager to get hold of a strong password . Furthermore , make sure you are not using the same password on other sites but if you are ; make sure to change all passwords before it ’ s too late . Remember , hackers , scammers , and cyber criminals can conduct identity theft scams , social engineering attacks and even stealAttack.Databreachyour banking details using your personal data . DDoS attacks are increasing , calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator .
There are so many data breachesAttack.Databreachthese days that it ’ s almost impossible to keep a track of them . From billions of Yahoo accounts to millions of LinkedIn and MySpace accounts the whole thing is out of control . But then there are people dedicating time to track large-scale breaches . One of them is Troy Hunt from Australia whose running Have I been pwned ( HIBP ) platform and has recently discovered two different “ combo lists ” containing 593,427,119 and 457,962,538 = 1,051,389,657 user login credentials . According to Hunt blog post , While discussing the second list Hunt said that : For now , Hunt has uploaded over 1 billion breached accounts on HIBP containing collections of email addresses and passwords from around the world , the authentication of which has been confirmed by Hunt himself . Although unconfirmed yet , it seems like the hackers , scammers , and cybercriminals developed these lists from various systems and previous large-scale data breachesAttack.Databreachincluding VerticalScope , MySpace , LinkedIn , Twitter , Dropbox , Yahoo , Tumblr and Adobe Systems etc . Hunt has also revealed , “ 75.78 % of the leaked addresses were already in HIBP database. ” This means the lists were defiantly developed with the help of previous data breachesAttack.Databreach. As a security journalist , I can confirm my personal email account is also on the list . 1 billion new records in @ haveibeenpwned from different unknown sources.Lot of people will be notified they 're pwned https : //t.co/qDkz7t3IbR — John Opdenakker ( @ j_opdenakker ) May 5 , 2017 Meanwhile , we highly recommend visiting Hunt ’ s post here and his Have I been pwned ( HIBP ) platform to check whether your email is on the list . If it is , change its password right now and also use a password manager to get hold of a strong password . Furthermore , make sure you are not using the same password on other sites but if you are ; make sure to change all passwords before it ’ s too late . Remember , hackers , scammers , and cyber criminals can conduct identity theft scams , social engineering attacks and even stealAttack.Databreachyour banking details using your personal data . DDoS attacks are increasing , calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator .
GameStop customers received breachAttack.Databreachnotification warnings this week , cautioning them that their personal and financial information could have been compromisedAttack.Databreachnine months ago . According to postal letters sent to customers , GameStop said an undisclosed number of online customers had their credit card or bankcard data stolenAttack.Databreach, including the card numbers , expiration dates , names , addresses and the three-digit card verification values ( CVV2 ) . The breachAttack.Databreachoccurred between Aug 10 , 2016 to Feb 9 , 2017 , according to GameStop . In April , the company publicly acknowledged the breach . But , it wasn ’ t until last week that affected customers were individually notified that their cards were likely stolenAttack.Databreach. “ I ’ m pretty upset at GameStop . I should have been notified when they knew about it in April , ” said GameStop customer Ryan Duff , a former cyber operations tactician at U.S. Cyber Command . As a security professional , he said he expected better of GameStop when it came to notifying him of a possible breachAttack.Databreachof his credit card information . Subsequently , Duff said , the card used on GameStop.com back in November had been compromisedAttack.Databreach, according to his bank . “ There is no way it should have taken months to be notified , ” he said . Breach notification laws differ from state to state . But many states , such as Massachusetts , mandate victims be notified “ as soon as practicable and without unreasonable delay ” or the company may face civil penalties . The rules are there , in part , to allow for consumers to freeze accounts and avoid paying fees associated with having their card stolen . “ After receiving a report that data from payment card used on www.GameStop.com may have been obtainedAttack.Databreachby unauthorized individuals , we immediately began an investigation and hired a leading cybersecurity firm to assist us , ” wrote J. Paul Raines , chief executive officer of GameStop in a letter dated June 2 that was sent sent to impacted customers . “ Although the investigation did not identify evidence of unauthorized accessAttack.Databreachto payment card data , we determined on April 18 , 2017 that the potential for what to have occurred existed for certain transactions , ” he wrote . GameStop operates 7,500 retail stores and its consumer product network online includes GameStop.com , game site Kongregate.com and online retailer ThinkGeek . No retail customers were impacted by the breach , according to the company . “ GameStop identified and addressed a potential security incident that was related to transactions made on GameStop ’ s website during a specific period of time , ” the company said in a statement provided to Threatpost . “ GameStop mailed notification letters to customers who made purchases during that time frame advising them of the incident and providing information on steps they can take. ” Still unknown about the breachAttack.Databreachare how many customers may have been impacted , how was the data stolenAttack.Databreachand how was GameStop alerted to the fact the data had been stolenAttack.Databreach. In April , GameStop issued the statement : “ GameStop recently received notification from a third party that it believed payment card data from cards used on the GameStop.com website was being offered for sale on a website. ” Krebs on Security reported in April that GameStop had received an alert from a credit card processor stating that its website was potentially comprised . Originally , it was believed that the breachAttack.Databreachinvolved GameStop retail stores and that the company ’ s point-of-sale system may have been infected with malware . That was because the breachAttack.Databreachoccurred at the height of the holiday sales season and that stolen data included card verification values ( CVV2 ) . Online merchants are not supposed to store CVV2 codes on their e-commerce sites . However , since GameStop said no retail customers were impacted , it is now believed that GameStop.com was hacked and that the data was stolenAttack.Databreachthrough the use of malware . Over the past 12 months , there has been an unprecedented number of data breachesAttack.Databreach. Some of those impacted have been ecommerce sites running vulnerable versions of Magento and WordPress and ecommerce platforms Powerfront CMS and OpenCart . Criminals have used a number of techniques to siphonAttack.Databreachoff credit card data from these sites ranging from compromised ecommerce plugins that can perform reflected XSS ( cross-site scripting ) attacks , web-based keyloggers , and DOM-based XSS attacks . Over 2,000 WordPress sites are infected as part of a keylogger campaign that leverages an old malicious script .
A group of financially motivated hackers is targeting networks and systems of North American companies , threatening to leak the stolen information and cripple the company by disrupting their networks if they don ’ t pay a hefty ransomAttack.Ransom. The group , dubbed FIN10 by FireEye researchers , first gets access to the target companies ’ systems through spear-phishingAttack.Phishing( and possibly other means ) , then uses publicly available software , scripts and techniques to gain a foothold into victims ’ networks . They use Meterpreter or the SplinterRAT to establish the initial foothold within victim environments ( and later a permanent backdoor ) , then custom PowerShell-based utilities , the pen-testing tool PowerShell Empire , and scheduled tasks to achieve persistence . “ We have also observed FIN10 using PowerShell to load Metasploit Meterpreter stagers into memory , ” the researchers noted . The group leverages Windows Remote Desktop Protocol ( RDP ) and single-factor protected VPN to access various systems within the environment . Finally , they deploy destructive batch scripts intended to delete critical system files and shutdown network systems , in order to disrupt the normal operations of those systems . “ In all but one targeted intrusion we have attributed to FIN10 , the attacker ( s ) demandedAttack.Ransoma variable sum payable in Bitcoin for the non-release of sensitive data obtained during network reconnaissance stages , ” the researchers say . They requested sum varies between 100 to 500 Bitcoin . If the ransom isn’t paidAttack.Ransom, they publish the stolen data on Pastebin-type sites . The researchers do not mention if any of the companies refused to payAttack.Ransomand ended up having their systems and networks disrupted . For the time being , the group seems to have concentrated on hitting companies in North America , predominately in Canada . They ’ ve also concentrated on two types of businesses : mining companies and casinos . Still , it ’ s possible that they ’ ve targeted companies in other industries , or will do so in the future . FIN10 sends the extortion emails to staff and board members of the victim organizations , and are also known to contact bloggers and local journalists to inform them about the breach , likely in an attempt to pressure affected organizations into paying the ransomAttack.Ransom. Finally , even though they sign their emails with monikers used by Russian and Serbian hackers ( “ Angels_Of_Truth , ” “ Tesla Team , ” Anonymous Threat Agent ” ) , the quality of the group ’ s English , the low quality of their Russian , and inconsistencies in tradecraft all point away from these particular individuals or groups . “ Emphasis in regional targeting of North American-based organizations could possibly suggest the attacker ( s ) familiarity with the region , ” the researchers noted . They also point out that the “ relative degree of operational success enjoyed by FIN10 makes it highly probable the group will continue to conduct similar extortionAttack.Ransom- based campaigns at least in the near term. ” Companies that have been received a similar ransom demandAttack.Ransomare advised to move fast to confirm that the breach has actually happened , to determine the scope of the breach , to contain the attack , to boot the attackers from their networks , and make sure they can ’ t come back . Those last two steps are , perhaps , better done after the company definitely decides that they are ready to deal with the consequences of the attackers ’ anger . Calling in law enforcement and legal counsel for advice on what to do is also a good idea . “ Understand that paying the ransomAttack.Ransommay be the right option , but there are no guarantees the attacker ( s ) won ’ t come back for more money or simply leak the data anyway . Include experts in the decision-making process and understand the risks associated with all options , ” the researchers advise . Companies that have yet to be targeted by these or other hackers would do well to improve their security posture , but also to prepare for data breachesAttack.Databreachby tightening access to their backup environment , and knowing exactly who will be called in to help in case of a breachAttack.Databreach.
Hackers are reportedly sellingAttack.Databreachstolen data from the Qatar National Bank ( QNB ) and UAE InvestBank on the dark web . Both the banks suffered major data breachesAttack.Databreachin 2016 and the data of thousands of customers was later leakedAttack.Databreachonline by hackers . Now , even as tensions escalate between the two Middle Eastern nations , cybercriminals appear to be cashing in on the underground cybercrime community . Hackers hitAttack.Databreachthe QNB in April 2016 and the UAE InvestBank in May 2016 . The Sharjah-based InvestBank 's stolen data was leakedAttack.Databreachonline by a hacker going by the pseudonym `` Buba '' , who demandedAttack.Ransoma $ 3m ransomAttack.Ransomfrom the bank . The stolen data , including customers ' financial details as well as personal details such as full names , addresses , passport numbers , phone numbers , account numbers , credit card numbers along with their CVV codes and more was leakedAttack.Databreachonline by the hacker after the bank refused to pay up the ransomAttack.Ransom. In the case of the QNB , a hacker group going by the pseudonym `` Bozkurt Hackers '' claimed responsibility for the data breachAttack.Databreach. Hackers leakedAttack.Databreach1.4GB data , which included customers ' financial records , credit card numbers and PIN codes as well as banking details pertaining to the Al-Thani Qatar Royal Family and Al Jazeera journalists . The stolen data from the QNB hackAttack.Databreachas well as the InvestBank data breachAttack.Databreachis now up for sale on an unspecified yet popular dark web marketplace , HackRead reported . This has not been independently verified by IBTimes UK . InvestBank 's data is allegedly being sold for a mere 0.0071 bitcoins ( $ 18.86 , £14.91 ) . The data on sale includes bank accounts , card details , customer IDs , branch codes as well as account holders ' full names . The stolen and leaked data from the QNB , which the bank later acknowledged may have been accurate , is also on sale for 0.0071 bitcoins . The data listed for sale includes the previously leaked QNB records such as bank accounts as well as card and personal details of customers . Dark web data sales from major breachesAttack.Databreachare not uncommon . In 2016 , a series of major breachesAttack.Databreachaffecting several leading tech firms including LinkedIn and Dropbox , eventually saw hackers sellingAttack.Databreachhacked and stolen databases on the dark web .
Security researchers are closely investigating a spate of newly discovered data breachesAttack.Databreachin the Middle East , in which each case involved the deployment of an advanced , disk-wiping malware variant . Reports from Symantec suggest that a series of recent intrusions share some similarities with an infamous 2012 hacking operation that disrupted multiple Saudi energy companies . The mysterious perpetrators behind the destructive 2012 cyberattacks were dubbed Shamoon , a loosely defined hacking group with advanced capabilities . The malware once used by the enigmatic group — W32.Disttrack and W32.Disttrack.B — first showed up in the 2012 incident but was then again found by digital forensic experts as recently as Nov. 2016 . When successfully installed , Disttrack can corruptAttack.Databreachfiles and overwrite a system ’ s master boot record , rendering the device unusable . “ Threats with such destructive payloads are unusual and are not typical of targeted attacks , ” security researchers wrote in a blog post shortly after the originally Saudi energy breach . On Monday , Symantec published what it believes are ties between Shamoon and another cyber espionage group , named Greenbug . Greenbug relies on a unique , custom information-stealingAttack.Databreachremote access trojan , or RAT , known as Trojan.Ismdoor , in addition to a suite of commoditized credentials stealing hacking tools . Greenbug tends to useAttack.Phishingphishing emails to infect victims . The group typically targets Middle Eastern aviation , government , investment and education organizations , Symantec ’ s research team said . Between June and November 2016 , Trojan.Ismdoor was used against multiple organizations based in the Middle East . “ The use and purpose [ of Trojan.Ismdoor ] do fit that of malware used by nation state attackers . Additionally , the information gathering conducted once the attacker is on the network also supports the types of operations seen by nation state attackers , ” Symantec senior threat intelligence analyst Jon DiMaggio told CyberScoop . Researchers say there is at least one case in which the two hacking groups — Shamoon and Greenbug — may have been simultaneously active inside a victim ’ s computer network . In this context , it is possible that Greenbug — acting as the espionage arm for Shamoon — collectsAttack.Databreachthe necessary information needed to conduct the disk-wiping attack .
PhishingAttack.Phishingand other hacking incidents have led to several recently reported large health data breachesAttack.Databreach, including one that UConn Health reports affected 326,000 individuals . In describing a phishing attackAttack.Phishing, UConn Health says that on Dec 24 , 2018 , it determined that an unauthorized third party illegally accessedAttack.Databreacha limited number of employee email accounts containing patient information , including some individuals ' names , dates of birth , addresses and limited medical information , such as billing and appointment information . The accounts also contained the Social Security numbers of some individuals . Several other healthcare entities also have recently reported to federal regulators data breachesAttack.Databreachinvolving apparent phishingAttack.Phishingand other email-related attacks . `` All of these incidents speak to the rampant attacks we are seeing across healthcare , and yet organizations are still not investing enough in protection or detection , '' says Mac McMillan , CEO of security consulting firm CynergisTek . UConn Health , an academic medical center , says in a media statement that it identified approximately 326,000 potentially impacted individuals whose personal information was contained in the compromisedAttack.Databreachemail accounts . For approximately 1,500 of these individuals , this information included Social Security numbers . `` It is important to note that , at this point , UConn Health does not know for certain if any personal information was ever viewed or acquiredAttack.Databreachby the unauthorized party , and is not aware of any instances of fraud or identity theft as a result of this incident , '' the statement notes . `` The incident had no impact on UConn Health 's computer networks or electronic medical record systems . '' UConn Health is offering prepaid identity theft protection services to individuals whose Social Security numbers may be impacted . The organization says it has notified law enforcement officials and retained a forensics firm to investigate the matter . Once the U.S.Department of Health and Human Services confirms the details , the attackAttack.Databreachon UConn Health could rank as the second largest health data breachAttack.Databreachreported so far this year , based on a snapshot of its HIPAA Breach Reporting Tool website on Monday . The largest health data breachAttack.Databreachrevealed so far this year , but not yet added to the tally , affected University of Washington Medicine . UW Medicine says a misconfigured database left patient data exposedAttack.Databreachon the internet for several weeks last December , resulting in a breachAttack.Databreachaffecting 974,000 individuals . Several other phishingAttack.Phishingand hacking incidents have been added to the HHS `` wall of shame '' tally in recent weeks . Among those is a hacking incident impacting 40,000 individuals reported on Feb 1 by Minnesota-based Reproductive Medicine and Infertility Associates . In a statement , the organization notes that on Dec 5 , 2018 , it discovered it had been the target of a `` criminal malware attack . '' An RMIA practice manager tells Information Security Media Group that independent computer forensics experts removed the malware , but did not definitively determine how the malware infection was launched . The practice suspects the malware was likely embedded in an email attachment , he says . RMIA 's statement notes that while the investigation did not identify any evidence of unauthorized accessAttack.Databreachto anyone 's personal information , `` we unfortunately could not completely rule out the possibility that patients ' personal information , including name , address , date of birth , health insurance information , limited treatment information and , for donors only , Social Security number , may have been accessibleAttack.Databreach. '' In the aftermath of the incident , RMIA says it 's adding another firewall , requiring changes to user credentials/passwords , implementing dual-factor authentication and providing additional staff training regarding information security . '' Also reporting a hacking incident in recent weeks was Charleston , S.C.-based Roper St.Francis Healthcare , which operates several hospitals in the region . The attack was reported as impacting nearly 35,300 individuals . In a Jan 29 statement , the entity says that on Nov 30 , 2018 , it learned that an unauthorized actor may have gained accessAttack.Databreachto some of its employees ' email accounts between Nov 15 and Dec 1 , 2018 , `` Our investigation determined that some patient information may have been contained in the email accounts , patients ' names , medical record numbers , information about services they received from Roper St.Francis , health insurance information , and , in some cases , Social Security numbers and financial information , '' the statement says . For those patients whose Social Security number was potentially exposedAttack.Databreach, the organization is offering prepaid credit monitoring and identity protection services . `` To help prevent something like this from happening again , we are continuing education with our staff on email protection and enhancing our email security , '' Roper St. Francis says . As phishingAttack.Phishingcontinues to menace healthcare entities , covered entities and business associates need to keep up with their defenses , some experts note . `` Phishing techniques have become more sophisticated than in the past , '' note Kate Borten , president of security and privacy consulting firm The Marblehead Group . `` Workforce training should include simulated phishing attacksAttack.Phishingto make people better prepared to recognize and thwart a real attack . '' To help mitigate breach risks , organizations should be deploying next-generation firewalls and multifactor authentication , plus employing advanced malware detection solutions , McMillan says . Too many organizations are overlooking the value of multifactor authentication , Borten adds . `` Two-factor user authentication was intended to be required over the internet and public networks in the proposed HIPAA Security Rule , '' she notes . `` Unfortunately , since that requirement was dropped in the final rule , healthcare is lagging on multifactor authentication , which is easier now than ever to implement . '' But McMillan advises healthcare organizations to avoid using multifactor authentication systems that use SMS to transmit a one-time password because those messages can be interceptedAttack.Databreach. `` The software- or hardware-based solutions are preferred , '' McMillan says . So what other technologies or best practices should covered entities and business associates consider to prevent falling victim to phishingAttack.Phishingand other attacks ? `` Unfortunately we have n't seen any silver bullets here yet , but one thing we might want to begin exploring is just what an attacker has accessAttack.Databreachto when they compromiseAttack.Databreacha user 's account , '' McMillan notes . `` All too often , we hear that the accounts compromisedAttack.Databreachhad incredibly large numbers of emails immediately accessibleAttack.Databreachto the attacker . The question is , are their better ways to deal with retention that mitigate risk as well ? ''
The toys -- which can receive and send voice messages from children and parents -- have been involved in a data breachAttack.Databreachdealing with more than 800,000 user accounts . The breachAttack.Databreach, which grabbed headlines on Monday , is drawing concerns from security researchers because it may have given hackers accessAttack.Databreachto voice recordings from the toy 's customers . But the company behind the products , Spiral Toys , is denying that any customers were hackedAttack.Databreach. Absolutely not , '' said Mark Meyers , CEO of the company . Security researcher Troy Hunt , who tracks data breachesAttack.Databreach, brought the incidentAttack.Databreachto light on Monday . Hackers appear to have accessedAttack.Databreachan exposed CloudPets ' database , which contained email addresses and hashed passwords , and they even sought to ransomAttack.Ransomthe information back in January , he said in a blog post . The incidentAttack.Databreachunderscores the danger with connected devices , including toys , and how data passing through them can be exposedAttack.Databreach, he added . In the case of CloudPets , the brand allegedly made the mistake of storing the customer information in a publicly exposedAttack.Databreachonline MongoDB database that required no authentication to access . That allowed anyone , including hackers , to view and stealAttack.Databreachthe data . On the plus side , the passwords exposedAttack.Databreachin the breachAttack.Databreachare hashed with the bcrypt algorithm , making them difficult to crack . Unfortunately , CloudPets placed no requirement on password strength , meaning that even a single character such as letter `` a '' was acceptable , according to Hunt , who was given a copy of the stolen data last week . As a result , Hunt was able to decipher a large number of the passwords , by simply checking them against common terms such as qwerty , 123456 , and cloudpets . `` Anyone with the data could crack a large number of passwords , log on to accounts and pull down the voice recordings , '' Hunt said in his blog post . Security researcher Victor Gevers from the GDI Foundation said he also discovered the exposed database from CloudPets and tried to contact the toy maker in late December . However , both Gevers and Hunt said the company never responded to their repeated warnings . On Monday , California-based Spiral Toys , which operates the CloudPets brand , claimed the company never received the warnings . `` The headlines that say 2 million messages were leakedAttack.Databreachon the internet are completely false , '' Meyers said . His company only became aware of the issue after a reporter from Vice Media contacted them last week . `` We looked at it and thought it was a very minimal issue , '' he said . A malicious actor would only be able to accessAttack.Databreacha customer 's voice recording if they managed to guess the password , he said . `` We have to find a balance , '' Meyers said , when he addressed the toy maker 's lack of password strength requirements . He also said that Spiral Toys had outsourced its server management to a third-party vendor . In January , the company implemented changes MongoDB requested to increase the server 's security . Spiral Toys hasn ’ t been the only company targeted . In recent months , several hacking groups have been attackingAttack.Databreachthousands of publicly exposed MongoDB databases . They ’ ve done so by erasing the data , and then saying they can restore it , but only if victims pay a ransom feeAttack.Ransom. In the CloudPets incident , different hackers appear to have deleted the original databases , but leftAttack.Ransomransom notes on the exposed systems , Hunt said . Although the CloudPets ’ databases are no longer publicly accessible , it appears that the toy maker hasn ’ t notified customers about the breachAttack.Databreach, Hunt said . The danger is that hackers might be using the stolen information to break into customer accounts registered with the toys . But Meyers said the company found no evidence that any hackers broke into customer accounts . To protect its users , the company is planning on a password reset for all users . `` Maybe our solution is to put more complex passwords , '' he said .
It 's been quiet since 2015 , but TorrentLocker has suddenly returned . And this time it wants to stealAttack.Databreachyour passwords too . Cybercriminals are always adding new malicious tricks to ransomware . A ransomware variant which has been relatively inactive for almost two years is back , and this time it 's stealingAttack.Databreachuser credentials from victims in addition to demanding a ransomAttack.Ransomto unencrypt locked files . TorrentLocker -- also known as Cryptolocker -- started targeting Windows users in 2014 before dropping off by the summer of 2015 . Like the majority of ransomware schemes , TorrentLocker spreads via spam email messages containing malicious attachments . Rising Bitcoin prices force Cryptolocker ransomware scammers to drop asking priceAttack.RansomBitcoin 's wild fluctuations have forced a price update to the Cryptolocker ransomware . If the victim enables the macros by choosing to 'Enable Editing ' , a PowerShell code is executed and the ransomware is downloaded , encrypting the victims ' files until they pay a ransomAttack.Ransom. But that is n't where the malicious activity ends , because as noted by cybersecurity researchers at Heimdal Security , this incarnation of TorrentLocker has new features , including the ability to spread itself to other computers via shared files ; something which could see the ransomware taking over a whole network in a very short space of time . In addition to holding networks to ransomAttack.Ransom, the new version of TorrentLocker also harvestsAttack.Databreachusernames and passwords from infected computers , putting businesses at risk of cyberespionage and data breachesAttack.Databreach, while users could see their personal or financial information leakedAttack.Databreachand sold to cybercriminals on the dark web . The researchers warn that the revived TorrentLocker campaign is `` very aggressive '' and that many well known antivirus software products have n't been updated to protect against it , even days after the campaign began . Heimdal Security warns users in its native Denmark that they 're being highly targeted by TorrentLocker . Indeed , it appears that European internet users are the main target for those behind the campaign , as Microsoft told BleepingComputer that Italy is by far the most targeted by the perpetrators .