F-Secure says it can not prove which country was behind the hack but the group had links to 'entities ' in China , Russia and Ukraine The UK Foreign Office was targeted by a group of determined and well-funded hackers over several months last year . Research published by cybersecurity firm F-Secure suggested the attack was a “ spear-phishing Attack.Phishing ” campaign in which people are sent Attack.Phishing targeted emails with a link to a false login page to trick Attack.Phishing users into giving up their username and password . The hackers created Attack.Phishing websites that looked like Attack.Phishing legitimate Foreign Office websites , including those for accessing an internal email account online . The scam is believed to have been perpetrated by hackers who call themselves the Callisto Group . F-Secure said it did not know whether the attack was successful and the National Cyber Security Centre did not say whether data had been stolen Attack.Databreach . It was discovered after the spy agency analysed a successful attack on the French broadcaster TV5Monde in 2015 . The group forced the channel ’ s scheduled programming off air for 18 hours and replaced them with a screen showing the terror group ’ s flag . The inference with the UK ’ s government follows on from an ongoing probe into the Kremlin ’ s influence on the US elections last year . Hacking groups such as DC Leaks , Fancy Bears and Guccifer 2.0 who were responsible for the leaking Attack.Databreach of damaging information about the Democrat party . The most significant attack Attack.Databreach , the leaking Attack.Databreach of thousands of private emails between senior members of the DNC to Wikileaks by Fancy Bears , lead to the resignation of DNC Chair Debbie Wasserman-Schultz .

Ticketfly has been grounded . After a `` series of recent issues , '' the online ticketing service took down all its websites Thursday , saying it was `` the target of a cyber incident . '' `` Out of an abundance of caution , we have taken all Ticketfly systems temporarily offline as we continue to look into the issue , '' the company said across its many properties . Ticketfly did n't comment on whether any user information , such as credit card data , had been stolen Attack.Databreach in the cyberattack Attack.Databreach . `` We realize the gravity of this decision , but the security of client and customer data is our top priority , '' a Ticketfly spokeswoman said in an email . The company 's pages have been down since 6 a.m . ET . A hacker who goes by `` IShAkDz '' has taken credit for the attack . Before Ticketfly took down its websites , the hacker left a taunting message across the service 's website : `` Your security down , I 'm not sorry . Next time I will publish Attack.Databreach database . '' The hacker , who also left an e-mail address , appeared to have a database with more than 4,000 spreadsheets holding people 's information , including email addresses , phone numbers , names and addresses . In an email , the attacker told CNET that he or she contacted TicketFly about the potential exploit multiple times , but did n't hear back . The attacker demanded Attack.Ransom TicketFly pay Attack.Ransom 1 bitcoin to fix the cyberattack Attack.Ransom , which is currently worth $ 7,544 . The Ticketfly spokeswoman did n't comment on the alleged hacker . Eventbrite , which owns Ticketfly , does n't have any issues on its website .

GameStop customers received breach Attack.Databreach notification warnings this week , cautioning them that their personal and financial information could have been compromised Attack.Databreach nine months ago . According to postal letters sent to customers , GameStop said an undisclosed number of online customers had their credit card or bankcard data stolen Attack.Databreach , including the card numbers , expiration dates , names , addresses and the three-digit card verification values ( CVV2 ) . The breach Attack.Databreach occurred between Aug 10 , 2016 to Feb 9 , 2017 , according to GameStop . In April , the company publicly acknowledged the breach . But , it wasn ’ t until last week that affected customers were individually notified that their cards were likely stolen Attack.Databreach . “ I ’ m pretty upset at GameStop . I should have been notified when they knew about it in April , ” said GameStop customer Ryan Duff , a former cyber operations tactician at U.S. Cyber Command . As a security professional , he said he expected better of GameStop when it came to notifying him of a possible breach Attack.Databreach of his credit card information . Subsequently , Duff said , the card used on GameStop.com back in November had been compromised Attack.Databreach , according to his bank . “ There is no way it should have taken months to be notified , ” he said . Breach notification laws differ from state to state . But many states , such as Massachusetts , mandate victims be notified “ as soon as practicable and without unreasonable delay ” or the company may face civil penalties . The rules are there , in part , to allow for consumers to freeze accounts and avoid paying fees associated with having their card stolen . “ After receiving a report that data from payment card used on www.GameStop.com may have been obtained Attack.Databreach by unauthorized individuals , we immediately began an investigation and hired a leading cybersecurity firm to assist us , ” wrote J. Paul Raines , chief executive officer of GameStop in a letter dated June 2 that was sent sent to impacted customers . “ Although the investigation did not identify evidence of unauthorized access Attack.Databreach to payment card data , we determined on April 18 , 2017 that the potential for what to have occurred existed for certain transactions , ” he wrote . GameStop operates 7,500 retail stores and its consumer product network online includes GameStop.com , game site Kongregate.com and online retailer ThinkGeek . No retail customers were impacted by the breach , according to the company . “ GameStop identified and addressed a potential security incident that was related to transactions made on GameStop ’ s website during a specific period of time , ” the company said in a statement provided to Threatpost . “ GameStop mailed notification letters to customers who made purchases during that time frame advising them of the incident and providing information on steps they can take. ” Still unknown about the breach Attack.Databreach are how many customers may have been impacted , how was the data stolen Attack.Databreach and how was GameStop alerted to the fact the data had been stolen Attack.Databreach . In April , GameStop issued the statement : “ GameStop recently received notification from a third party that it believed payment card data from cards used on the GameStop.com website was being offered for sale on a website. ” Krebs on Security reported in April that GameStop had received an alert from a credit card processor stating that its website was potentially comprised . Originally , it was believed that the breach Attack.Databreach involved GameStop retail stores and that the company ’ s point-of-sale system may have been infected with malware . That was because the breach Attack.Databreach occurred at the height of the holiday sales season and that stolen data included card verification values ( CVV2 ) . Online merchants are not supposed to store CVV2 codes on their e-commerce sites . However , since GameStop said no retail customers were impacted , it is now believed that GameStop.com was hacked and that the data was stolen Attack.Databreach through the use of malware . Over the past 12 months , there has been an unprecedented number of data breaches Attack.Databreach . Some of those impacted have been ecommerce sites running vulnerable versions of Magento and WordPress and ecommerce platforms Powerfront CMS and OpenCart . Criminals have used a number of techniques to siphon Attack.Databreach off credit card data from these sites ranging from compromised ecommerce plugins that can perform reflected XSS ( cross-site scripting ) attacks , web-based keyloggers , and DOM-based XSS attacks . Over 2,000 WordPress sites are infected as part of a keylogger campaign that leverages an old malicious script .

Yahoo CEO Marissa Mayer said she 'll forego her 2016 bonus and any stock award for this year after the company admitted it failed to properly investigate hack attacks Attack.Databreach that compromised Attack.Databreach more than a billion user accounts . Further ReadingYahoo admits it ’ s been hacked Attack.Databreach again , and 1 billion accounts were exposed Attack.Databreach `` When I learned in September 2016 that a large number of our user database files had been stolen Attack.Databreach , I worked with the team to disclose the incident Attack.Databreach to users , regulators , and government agencies , '' she wrote in a note published Monday on Tumblr . `` However , I am the CEO of the company and since this incident happened during my tenure , I have agreed to forgo my annual bonus and my annual equity grant this year and have expressed my desire that my bonus be redistributed to our company ’ s hardworking employees , who contributed so much to Yahoo ’ s success in 2016 . '' Her note came as Yahoo for the first time said that outside investigators identified about 32 million accounts for which forged browser cookies were used or taken in 2015 and 2016 . The investigators said some of the forgeries were connected to the same nation-sponsored attackers who compromised Yahoo in 2014 . The cookies tied to the forgeries have since been invalidated . Yahoo also said that the 2014 attacks targeted 26 specific accounts by exploiting the company ’ s account management tool . The company went on to say unnamed senior executives failed to grasp the extent of the breach early enough . A filing submitted Monday with the US Securities and Exchange Commission stated : Based on its investigation , the Independent Committee concluded that the Company ’ s information security team had contemporaneous knowledge of the 2014 compromise of user accounts , as well as incidents by the same attacker involving cookie forging in 2015 and 2016 . In late 2014 , senior executives and relevant legal staff were aware that a state-sponsored actor had accessed certain user accounts by exploiting the Company ’ s account management tool . The Company took certain remedial actions , notifying 26 specifically targeted users and consulting with law enforcement . While significant additional security measures were implemented in response to those incidents , it appears certain senior executives did not properly comprehend or investigate , and therefore failed to act sufficiently upon , the full extent of knowledge known internally by the Company ’ s information security team . Specifically , as of December 2014 , the information security team understood that the attacker had exfiltrated Attack.Databreach copies of user database backup files containing the personal data of Yahoo users but it is unclear whether and to what extent such evidence of exfiltration was effectively communicated and understood outside the information security team . However , the Independent Committee did not conclude that there was an intentional suppression of relevant information . Nonetheless , the Committee found that the relevant legal team had sufficient information to warrant substantial further inquiry in 2014 , and they did not sufficiently pursue it . As a result , the 2014 Security Incident was not properly investigated and analyzed at the time , and the Company was not adequately advised with respect to the legal and business risks associated with the 2014 Security Incident . The Independent Committee found that failures in communication , management , inquiry and internal reporting contributed to the lack of proper comprehension and handling of the 2014 Security Incident .