Investigators with Hold Security , a Wisconsin-based security consultancy , on Tuesday afternoon discovered an unsecure internal customer service portal for the company 's Argentinian operations . The national ID numbers for at least 14,000 Argentinians have been exposed Attack.Databreach , but the leak Attack.Databreach could potentially affect tens of thousands more people . The website held thousands of credit-related dispute records , faxes and national identity numbers for Argentinians who had filed complaints . It also stored the usernames and passwords in plaintext for about 100 of the company 's customer service representatives . The findings were first reported by cybersecurity blogger Brian Krebs , who notified Equifax . The website has now been shut down . The findings will put further pressure on Equifax , which has been criticized for its haphazard and slow response to a breach Attack.Databreach that exposed Attack.Databreach the personal details of 143 million U.S. consumers , as well as an as-yet-unspecified number of British and Canadian residents . Alex Holden , founder and CTO of Hold Security , tells Information Security Media Group that the Equifax website for Argentina `` could be exploited by a 3-year-old . '' He says he did n't use any advanced hacking techniques to uncover the breach . Holden - a veteran investigator credited with discovering the massive Adobe Systems and Target data breaches in 2013 - says he still found the Equifax findings `` completely unexpected and surprising . '' Equifax says it acted immediately to halt the leak , which is unrelated to the breach it announced Sept 7 , says Meredith Griffanti , the company 's spokeswoman for Latin America . The data was a `` limited amount of public information strictly related to consumers who contacted our customer service center and the employees who managed those interactions , '' she says . `` We have no evidence at this time that any consumers , customers , or information in our commercial and credit databases were negatively affected , and we will continue to test and improve all security measures in the region , '' Griffanti says .

Here are five best practices that can help you boost end-user experiences , simplify performance management , and reduce the cost of your AWS environment . The number of successful cyberattacks per year per company has increased by 46 % over the last four years . But what really needs to be considered when exploring a solution ? The leaked database weighs in at 52.2GB , and according to ZDNet comes via business services firm Dun & Bradstreet , which sells it to marketers that send targeted email campaigns . After examining the data , Hunt has revealed that the data dump Attack.Databreach contains details belonging exclusively to US-based companies and government agencies . California is the most represented demographic with over four million records , followed by New York with 2.7 million records and Texas with 2.6 million records . The leading organisation by records is the Department of Defense , with 101,013 personnel records exposed in the dump Attack.Databreach . It is followed by the United States Postal Service ( USPS ) with 88,153 leaked employee records and AT & T with 67,382 . Other firms affected by the leak Attack.Databreach includes CVS with 40,739 records , Citigroup with 35,292 and IBM with 33,412 . The database contains dozens of fields , some including personal information such as names , job titles and functions , work email addresses , and phone numbers . While the database does n't contain more sensitive information , such as credit card numbers or SSNs , Hunt says it 's an `` absolute goldmine for targeted spear phishing Attack.Phishing . '' `` From this data , you can piece together organisational structures and tailor messaging Attack.Phishing to create an air of authenticity and that 's something that 's attractive to crooks and nation-state actors alike , '' he said . `` I often work with companies attempting to mitigate the damage of their organisational data being publicly exposed Attack.Databreach ( frequently due to data breaches Attack.Databreach ) , and I can confidently say that knowing this information is out there circulating would concern many of them . '' Dun & Bradstreet has denied responsibility for the leak Attack.Databreach and said it could have come from come from any of its thousands of clients . `` Based on our analysis , it is our determination that there has been no exposure Attack.Databreach of sensitive personal information from , and no infiltration of our system . The information in question is data typically found on a business card . `` As general practice , Dun & Bradstreet uses an agile security process and evaluates and evolves security controls to protect the integrity of our data , '' a spokesperson told the INQUIRER

Here are five best practices that can help you boost end-user experiences , simplify performance management , and reduce the cost of your AWS environment . The number of successful cyberattacks per year per company has increased by 46 % over the last four years . But what really needs to be considered when exploring a solution ? The leaked database weighs in at 52.2GB , and according to ZDNet comes via business services firm Dun & Bradstreet , which sells it to marketers that send targeted email campaigns . After examining the data , Hunt has revealed that the data dump Attack.Databreach contains details belonging exclusively to US-based companies and government agencies . California is the most represented demographic with over four million records , followed by New York with 2.7 million records and Texas with 2.6 million records . The leading organisation by records is the Department of Defense , with 101,013 personnel records exposed in the dump Attack.Databreach . It is followed by the United States Postal Service ( USPS ) with 88,153 leaked employee records and AT & T with 67,382 . Other firms affected by the leak Attack.Databreach includes CVS with 40,739 records , Citigroup with 35,292 and IBM with 33,412 . The database contains dozens of fields , some including personal information such as names , job titles and functions , work email addresses , and phone numbers . While the database does n't contain more sensitive information , such as credit card numbers or SSNs , Hunt says it 's an `` absolute goldmine for targeted spear phishing Attack.Phishing . '' `` From this data , you can piece together organisational structures and tailor messaging Attack.Phishing to create an air of authenticity and that 's something that 's attractive to crooks and nation-state actors alike , '' he said . `` I often work with companies attempting to mitigate the damage of their organisational data being publicly exposed Attack.Databreach ( frequently due to data breaches Attack.Databreach ) , and I can confidently say that knowing this information is out there circulating would concern many of them . '' Dun & Bradstreet has denied responsibility for the leak Attack.Databreach and said it could have come from come from any of its thousands of clients . `` Based on our analysis , it is our determination that there has been no exposure Attack.Databreach of sensitive personal information from , and no infiltration of our system . The information in question is data typically found on a business card . `` As general practice , Dun & Bradstreet uses an agile security process and evaluates and evolves security controls to protect the integrity of our data , '' a spokesperson told the INQUIRER

Things are getting messy at McDonald 's in India , and that 's not just for consumers of the Maharaja Mac - a double-stacked grilled chicken monstrosity with jalapenos and habanero sauce . The flaw , found Vulnerability-related.DiscoverVulnerability by payments company Fallible , exposed names , email addresses , phone numbers , home addresses and sometimes the coordinates of those homes , as well as links to social media profiles . And Fallible contends that the leak Attack.Databreach still has n't been properly fixed . I queried McDonald 's to see if it has tried to seal Vulnerability-related.PatchVulnerability the hole in the API and also whether it has notified customers or regulators , but I did n't get an immediate response . In a March 19 tweet , McDonald 's did n't issue any clear answers , instead taking the well-trodden path of seeking to reassure users by highlighting what was not breached Attack.Databreach . McDonald 's has dabbled in home delivery in many countries since the early 1990s , attracting budget diners willing to risk the short half-life of its sandwiches and fries versus the vagaries of home delivery . Fallible says it contacted McDonald 's India on Feb 7 , letting the fast-food chain know it could sequentially pull Attack.Databreach user information from the API using a curl request . `` An unprotected publicly accessible API endpoint for getting user details coupled with serially enumerable integers as customer IDs can be used to obtain access Attack.Databreach to all users personal information , '' Fallible writes in a blog post . But the issue appeared to remain unfixed Vulnerability-related.PatchVulnerability , so Fallible says McDonald 's another email on March 7 asking for a status update . Ten days later , it sent another email and received no response . Fallible chose to go public with the issue in a March 18 blog post Vulnerability-related.DiscoverVulnerability , prompting a public acknowledgement from McDonald 's on Twitter the next day . Fallible contends Vulnerability-related.DiscoverVulnerability the issue hasn't been fixed Vulnerability-related.PatchVulnerability , and it 's unclear from McDonald 's tweet if it was . India does n't have a specific law that requires mandatory reporting of data breaches Attack.Databreach . But there are regulations and laws that cover the disclosure of personal information .

Splunk has patched Vulnerability-related.PatchVulnerability a slip in its JavaScript implementation that leaks Attack.Databreach user information . The advisory at Full Disclosure explains that the leak Attack.Databreach happens if an attacker tricks Attack.Phishing an authenticated user into visiting a malicious Web page . It only leaks Attack.Databreach the username , and whether or not that user has enabled remote access ; but this would provide enough for an attacker to try follow-up phishing attacks Attack.Phishing to try and get the user 's credentials . The bug , the advisory says Vulnerability-related.DiscoverVulnerability , is how Splunk used Object prototypes in JavaScript . Here 's the proof-of-concept JavaScript from the advisory : The issue affects Vulnerability-related.DiscoverVulnerability Splunk Enterprise versions 6.5.x before 6.5.3 , 6.4.x before 6.4.6 , 6.3.x before 6.3.10 , 6.2.x before 6.2.13.1 , 6.1.x before 6.1.13 , 6.0.x before 6.0.14 , 5.0.x before 5.0.18 and Splunk Light before 6.5.2 , and the company has issued Vulnerability-related.PatchVulnerability patches for all versions

A leaked arsenal of hacking tools allegedly belonging to the National Security Agency ( NSA ) shows the US spy agency infiltrated the servers of a major Pakistani cellular service provider . The data dump Attack.Databreach , publicly released by the ShadowBrokers hacking group earlier this week , includes alleged digital weapons and notes shared by NSA operators about their access inside the servers of a Pakistani mobile network . Notes contained in the massive dump Attack.Databreach of encrypted data , which is still being analysed by network security researchers , include details of how NSA used the exploits to infiltrate cellular operators in Pakistan . One snippet from the leak , several terabytes in size , includes at least 14 lines mentioning different servers operated by a major Pakistani cellular network . The snippet , analysed by a security researcher who goes by the name X0rz , appears to show NSA operators sharing a step-by-step technical guide on how to hack into the servers . `` Try one of the following…old way , may not work on new machines , '' says one section of the snippet . Another section appears to show methods to retrieve Attack.Databreach call logs of users of the Pakistani cellular service . `` If searching for LACs and cell id 's , use the format in the documentation…if searching for phone numbers , use the normal format , '' it says . Hundreds of NSA cyber weapons variants publicly released including code showing hacking of Pakistan mobile system https : //t.co/bL833ktQpm In a tweet , Wikileaks claimed the leaked `` NSA cyber weapons variants '' include `` code showing hacking of Pakistan mobile system '' . The data dump Attack.Databreach was publicly released earlier this week by the ShadowBrokers hacking group after it failed to auction the arsenal of hacking tools . In a lengthy anonymous blog post , the group claimed it was releasing the files as a `` form of protest '' after losing faith in the leadership of US President Donald Trump . ShadowBrokers had announced the auction for the alleged NSA cyber weapons in August last year . The authenticity of the code being NSA software was later confirmed by documents provided by whistleblower and former National Security Agency contractor Edward Snowden to the Intercept . In the leak Attack.Databreach of top-secret documents , Snowden released Attack.Databreach a classified draft NSA manual on how to implant the SECONDDATE malware – malicious code used to monitor or control someone else 's computer . The draft NSA manual contained instructions telling NSA operators to use a specific string of characters associated with the SECONDDATE malware program . The documents revealed at least `` two documented cases of SECONDDATE being used to successfully infect computers overseas '' including `` successful attacks against computer systems in…Pakistan . '' A report by The Intercept claimed NSA hackers used the malicious program to breach targets in Pakistan ’ s NTC VIP Division , which contained documents pertaining to `` the backbone of Pakistan ’ s Green Line communications network '' used by the `` civilian and military leadership '' .

The mysterious group that claims to have stolen digital weapons once used by the National Security Agency published Attack.Databreach a trove of active Microsoft Windows software exploits on Thursday . The code dump Attack.Databreach , accompanied by a farewell message written in broken English by the enigmatic group the Shadow Brokers , confirms claims implicit in an earlier post Sunday . While the prior message showed filenames , directories and screenshots — implying the existence of these capabilities — along with an associated price tag , today ’ s download provides functional code . Of the 61 files provided in total in the newly released set , only one had ever been catalogued by anti-virus databases , based on a VirusTotal scan conducted earlier Thursday morning . The files contain user mode and kernel mode modules . Notably , the one tool effectively recognized by the virus scanner avoided detection from Malwarebytes , Panda , Comodo and Fortinet products , said Rendition Infosec founder Jake Williams . In their supposed final message , the ShadowBrokers say they are “ making [ an ] exit ” and “ going dark ” — although an associated bitcoin wallet will remain open for new bids . The group claims it will come out of hiding to provide the remaining stolen hacking tools only upon receiving 10,000 bitcoin , or $ 8.13 million worth of the anonymous currency . Cybersecurity experts tell CyberScoop the exploits are outdated because they are designed to work against old versions of Microsoft operating systems . “ This dump contains Windows Implants and not Unix tools , reinforcing the insider theory . And the outdated Windows target of those implants reinforce the opinion that Shadow Brokers only has old dirt , ” said Matt Suiche , founder of United Arab Emirates-based cybersecurity startup Comae Technologies . “ There is no reason to have all the tools of every platforms etc . The exploits can be understood as highly advanced hacking tools that were likely developed and deployed by a sophisticated adversary , like an intelligence service , explained Michael Zeberlein , director of intelligence analysis with Area 1 Security . “ They ’ re basically enterprise class IT infrastructure and systems management functions applied in an offensive fashion . They would help you get very granular control of computers and servers running in an enterprise environment , an entire organization , ” Zeberlein told CyberScoop . “ Really , these tools provide incredible capability ” . “ There ’ s no doubt that this is Equation Group ’ s stuff based on old reporting , ” said Zeberlein . A meticulous analysis associated with Sunday ’ s blog post suggests that the leaked information likely came Attack.Databreach from an insider , rather than a hacker with access Attack.Databreach to a compromised attack server , based on file configurations , CyberScoop first reported . “ Attackers and defenders around the globe will be reverse engineering these to repurpose [ attacks ] and create defenses , ” Williams said . “ This data , it ’ s a big deal … because it includes information related to client and server components , which will basically help [ intelligence analysts ] trace old breaches back to the Equation Group , ” a former U.S. intelligence official told CyberScoop on the condition of anonymity . The Shadow Brokers first emerged Vulnerability-related.DiscoverVulnerability on social media in August by similarly dumping operational code for a cohort of old firewall exploits that targeted vulnerabilities in Cisco , Fortinet and Juniper Networks products . Because the source code for these firewall exploits was provided in a public forum , random hackers began using the tools themselves . “ While we can not surmise the attacker ’ s [ Shadow Brokers ] identity or motivation nor where or how this pilfered trove came to be , we can state that several hundred tools from the leak Attack.Databreach share a strong connection with our previous findings from the Equation Group , ” Kaspersky Lab researchers , many of whom originally helped identify Equation Group ’ s existence in 2015 , wrote in a company blog post in August . The Equation Group is believed to have ties to the NSA

Ciphr , a company which offers encrypted communications for BlackBerry 10 and Samsung Knox smartphones , claims that a rival firm are behind a data dump Attack.Databreach of its customers ' email addresses and their device 's IMEI numbers . A website displaying the alleged leaked data claims that `` all Ciphr emails/servers have been compromised Attack.Databreach . '' Two sources that use Ciphr on their phones told Motherboard the leak Attack.Databreach includes their information as well as the data of other users . Specifically , the website lists users ' email addresses and IMEI numbers , data which law enforcement can leverage to expose Attack.Databreach a user . In a message provided to Motherboard from one of its sources , the privacy platform says the data dump Attack.Databreach was not the result of a data breach Attack.Databreach . Instead Ciphr blames a rival company for the incident : `` Our rapid growth has caught the attention of competitors seeking to slow us down by way of slander , blocking and DDOS [ distributed denial of service attacks ] .... We were shocked that any company in this industry would release information to the public under any circumstance . '' Ciphr 's management explains in a blog post that a rogue reseller who was granted access to its sales systems gave the information to SkySecure , which makes custom Blackberry devices . The company goes on to note that most of the information included in the data dump Attack.Databreach was already expired . But it does say a few active users ' email addresses and IMEI numbers were included in the leak Attack.Databreach .

Ciphr , a company which offers encrypted communications for BlackBerry 10 and Samsung Knox smartphones , claims that a rival firm are behind a data dump Attack.Databreach of its customers ' email addresses and their device 's IMEI numbers . A website displaying the alleged leaked data claims that `` all Ciphr emails/servers have been compromised Attack.Databreach . '' Two sources that use Ciphr on their phones told Motherboard the leak Attack.Databreach includes their information as well as the data of other users . Specifically , the website lists users ' email addresses and IMEI numbers , data which law enforcement can leverage to expose Attack.Databreach a user . In a message provided to Motherboard from one of its sources , the privacy platform says the data dump Attack.Databreach was not the result of a data breach Attack.Databreach . Instead Ciphr blames a rival company for the incident : `` Our rapid growth has caught the attention of competitors seeking to slow us down by way of slander , blocking and DDOS [ distributed denial of service attacks ] .... We were shocked that any company in this industry would release information to the public under any circumstance . '' Ciphr 's management explains in a blog post that a rogue reseller who was granted access to its sales systems gave the information to SkySecure , which makes custom Blackberry devices . The company goes on to note that most of the information included in the data dump Attack.Databreach was already expired . But it does say a few active users ' email addresses and IMEI numbers were included in the leak Attack.Databreach .

As everyone in TV-land knows , established broadcasters have been losing eyeballs to streaming companies such as Netflix and Amazon and their big-budget “ event ” shows . The upstarts look unstoppable but might an obscure hacker called The Dark Overlord , previously connected to health sector data extortion Attack.Ransom , have spotted an important flaw in the model ? Last week , Netflix found itself on the receiving end of a ransom demand Attack.Ransom from the individual or group , making unconfirmed demands Attack.Ransom in return for not releasing the unseen series 5 of the hit Orange Is the New Black , starring Dascha Polanco ( pictured , at Toronto Pride ) to the web . The company , understandably , refused to play ball and on Saturday reports emerged that a number of episodes had appeared on a popular torrenting service , the name of which it behoves us not to mention for reasons including the high risk of encountering malware . Visiting that resource , we managed to find one file with mention of a “ press release ” that has since been expunged , including from web caches . It reportedly read : We ’ ve decided to release Episodes 2-10 of “ Orange Is The New Black ” Season 5 after many lengthy discussions at the office where alcohol was present . Separately , the group ’ s Twitter feed crowed : And so let it be read that the loathsome giants do too fall . Hello Netflix , we ’ ve arrived . The account threatened the release of material stolen Attack.Databreach from other media companies , including ABC , National Geographic and Fox . Netflix acknowledged the leak Attack.Databreach , which it said was caused by a breach Attack.Databreach at a “ production vendor ” also used by other TV studios . Netflix is cleverly covering its back by pointing the level of integration – and vulnerability – in the TV industry , but there is no question the breach still lands at its door . It ’ s not clear whether the way streaming services process digital content is that different or less secure from established broadcasters but the minute a show exists in a form that can be copied it becomes vulnerable to theft . The BBC found this out to its cost when an episode of the Russian version of Sherlock found its way on to the internet before it was due to be broadcast . And yet , defying cybersecurity breach orthodoxy , perhaps this particular breach isn ’ t so bad after all : on Monday , Netflix ’ s share price even rose . One reason might be that content breaches Attack.Databreach aren ’ t the same as ones involving customer data . The latter will cost the victim organisation money , court time and , in most countries , regulatory investigation . A few people watching a Netflix show earlier than normal seems minor by comparison as long as it doesn ’ t happen too often . Assuming the company patches Vulnerability-related.PatchVulnerability the hole that let its show be thieved , it ’ s not stretching it to suggest The Dark Overlord ’ s leaking Attack.Databreach could even have given Orange Is the New Black an unintended publicity jump . Presumably that ’ s not what The Dark Overlord intended although it ’ s also possible this has always been about self-regarding publicity as much as simple extortion for money Attack.Ransom . If so , Netflix is starting to look like the winner on that front too .

A report released on Monday by The Centre for Internet and Society reveals that over 135 million records from India 's Aadhaar national ID systems have already leaked Attack.Databreach online . The leaks Attack.Databreach did n't take place because of a flaw in the national Aadhaar system , but through government agencies that handle Aadhar data . According to the report , just four government programs are responsible for leaking Attack.Databreach a whopping number of 135 million records . The programs mentioned in the report are India 's National Social Assistance Programme ( NSAP ) , the National Rural Employment Guarantee Scheme ( NREGA ) , the Govt . of Andhra Pradesh 's Chandranna Bima Scheme , and the Govt . of Andhra Pradesh 's Daily Online Payment Reports of NREGA . The prevalence of Aadhaar data is how The Centre for Internet and Society has discovered the leak Attack.Databreach . Improperly configured systems exposed Attack.Databreach the details of program participants on the Internet . While the full Aadhaar database was never exposed Attack.Databreach , details in the government program databases allow a fraudster to tie a person 's leaked details ( names , addresses , phone numbers ) to an Aadhaar 12-digit ID . If enough of these details leak Attack.Databreach in different places , fraudster can build comprehensive profiles on Indian citizens , even recreating the Aadhaar database themselves . For its part , the Indian government has admitted that some of the Aadhaar database has leaked Attack.Databreach online through its ministries , said it started investigations , and is already preparing changes to Aadhaa'rs security policies . Right now , because of the massive leak Attack.Databreach of 135 million details , including Aadhaar IDs , Indians stand to become victims of financial fraud . In the future , as other government programs leak Attack.Databreach more data , including biometrics , the problem will pass the point where the government could do anything to fix Vulnerability-related.PatchVulnerability it .

Files claiming to be the new Pirates of the Caribbean movie have leaked Attack.Databreach online after Disney refused to meet hackers ' demands Attack.Ransom . On 17 May , Softpedia 's Gabriela Vatu reported that two copies of Pirates of the Caribbean : Dead Men Tell No Tales had appeared on the popular ( and somewhat appropriate ) BitTorrent site The Pirate Bay . `` According to the information unearthed thus far , the hackers managed to get access Attack.Databreach to the systems of Larson Studios in Hollywood , a company that handles additional dialogue recorded for movies . It seems that the copies they 've managed to get their hands on are in various stages of production and not exactly what you 'd expect from a full cinema-ready release . '' News of the extortion attempt first appeared in The Hollywood Reporter on 15 May when Bob Iger , CEO at Walt Disney , revealed the hackers had demanded Attack.Ransom that Disney pay Attack.Ransom a `` huge sum '' in Bitcoins to prevent them from leaking a then-undisclosed movie online . At the time , the attackers said they would release the film incrementally to netizens , first publishing clips lasting only a few minutes and slowly building up to 20-minute segments . Iger said Disney decided to not pay Attack.Ransom the attackers and was working with federal law enforcement to investigate the theft of one of its productions . It 's unclear who exactly perpetrated the leak Attack.Databreach - if indeed the files really are of the movie . Even so , a potential candidate is The Dark Overlord , a group of hackers who released the fifth season of Orange Is the New Black after Netflix refused to meet its ransom demands Attack.Ransom back in April 2017 . Around that time , the hacking gang , which has also extorted Attack.Ransom non-film entities in the past , tweeted out that it had stolen Attack.Databreach content from a number of other media companies . It did not name Walt Disney by name , though it did point to FOX , ABC , and others . Who is next on the list ? FOX , IFC , NAT GEO , and ABC . Oh , what fun we 're all going to have . We 're not playing any games anymore . While Disney and Netflix continue to work with the FBI in tracking down The Dark Overlord , someone has already removed the two copies of what claimed to be the Pirates of the Caribbean film from The Pirate Bay . The hackers could release the movies again . Or they might be focusing on their next target . While movie-goers might celebrate a leak of the movie , media companies like Walt Disney do n't want viewers gaining early access to their content . That 's why organizations should take the opportunity to conduct some security awareness training with their employees . This effort should include phishing Attack.Phishing simulations and reviewing the security readiness of companies along their supply chains . Article updated 19 May 2017 . None of the files made available as downloadable torrents have been confirmed to contain footage of the movie . For more discussion on the issue , make sure to listen to this recent episode of the `` Smashing Security '' podcast . Your browser does not support this audio element .