shutterstock_490960141-1

Industry News: ESG5

Know Your Breach: Orbitz

The target: Orbitz, a subsidiary of online travel agency Expedia Inc.

The take: Payment card information and personal data such as billing addresses, phone numbers, and emails.

The attack vector: About 880,000 payment cards had been hit by a security breach. The attacker may have accessed personal information that was submitted for certain purchases made during an entire year.

Read more...

Behind KKR’s Big Bet On Cybersecurity

2019-04-15

Fortune: It’s no secret that private equity has been on a cybersecurity kick as of late—and for good reason. With online attacks and digital fraud only becoming more prevalent, global spending on technology to protect sensitive data and information is expected to reach an unprecedented $124 billion this year, according to research firm Gartner...

Read more...

 

FBI Head of Cybersecurity in San Francisco Warns: Look to Inside Threats

2019-04-16

Forbes: The arrest of Wikileaks founder Julian Assange marks the first step toward bringing to court one of the most prominent cyber crimes in American history. With cyber-threat actors making a living off of hacked information, it should come as no surprise that U.S. government intelligence agencies are shifting focus and resources to address the issue, which includes $15 billion set aside from the President’s budget for cybersecurity-related activities...

Read more...

 

Russian Lawmakers Approve New Internet Law

2019-04-16

Reuters: Russia’s lower house of parliament approved on Tuesday the third reading of a draft law that aims to increase Moscow’s sovereignty over its Internet segment and defend against foreign meddling, Interfax agency reported. The bill must now be approved by parliament’s upper house and the presidency before passing into law. The bill’s authors said earlier that the measures are needed to defend the country after the United States adopted what they described as aggressive new cyber security policies last year...

Read more...

 

Pregnancy Club Fined £400,000 for Illegally Sharing Data of over 14 Million People

2019-04-15

ZDNet:  Pregnancy club Bounty UK Limited has been fined £400,000 for illegally sharing and selling information belonging to 14 million individuals without their explicit consent. The fine was imposed by the UK's data protection watchdog, the Information Commissioner's Office (ICO). Personal data relating to pregnancy, new mothers, mothers-to-be, and the birth dates & sex of children were shared. The ICO said the data was collected from those who were "potentially vulnerable."...

Read more...

 

NYC Tech Commissioner Left Atlanta Job Shortly Before Crippling Cyberattack

2019-04-11

Nypost:  City Hall’s bumbling tech czar previously held a similar job in Atlanta — which was crippled by a cyberattack shortly after he left for the Big Apple. Samir Saini, who’s enmeshed in a scandal over an entirely preventable crash of the city’s in-house wireless network, was Atlanta’s chief information officer when Mayor Bill de Blasio named him head of the Department of Information Technology and Telecommunications in January 2018...

Read more...

 

A Hacker has Dumped Nearly One Billion User Records Over the Past Two Months

2019-04-15

ZDNet:  A hacker who spoke with ZDNet in February about wanting to put up for sale the data of over one billion users is getting dangerously close to his goal after releasing another 65.5 million records last week and reaching a grand total of 932 million records overall. The hacker's name is Gnosticplayers, and he's responsible for the hacks of 44 companies, including last week's revelations...

Read more...

 

How Blackberry has Become a Cyber-Security Player

2019-04-16

eWeek:  BlackBerry is a very different company today than it was a decade ago, as the one-time mobile giant is now firmly positioning itself to be a global player in the cyber-security market. Among the new assets in the BlackBerry security portfolio is Cylance, which BlackBerry acquired in a $1.4 billion deal announced in November 2018. Cylance is, however, only one of many cyber-security technologies within BlackBerry. In a video interview with eWEEK, BlackBerry CTO Charles Eagan explains what his company is now doing in cyber-security as it transitions away from its mobile device past...

Read more...

 

Know Your Breach: Timehop

The target: Timehop, an application which aggregates old posts and photos from user’s social media feeds.

The take: Personal information including some combinations of name, e-mail address and phone number, to a total of 21 million records.

The attack vector: An account with administrative access to Timehop’s cloud computing environment was not protected with two-factor authentication – the attacker accessed the account, created a separate administrator credential for their own use in December of 2017. The attacker maintained access and performed reconnaissance for eight months until they proceeded to exfiltrate user data in July of 2018.

Read more...

With $600 Million Cybersecurity Budget, JP Morgan Chief Endorses AI and Cloud

2019-04-08

Security Week:  JPMorgan Chase spends Roughly $600 Million Annually on its Security Efforts, and Employs Around 3,000 People Involved With Cybersecurity. In his annual letter to shareholders, Jamie Dimon, chairman and CEO of JPMorgan Chase discusses the position and role of the bank in America and the American economy. Against a background of strong performance ($32.5 billion in net income on revenue of $111.5 billion in the last year...

Read more...

 

Yahoo Strikes $117.5 Million Data Breach Settlement After Earlier Accord Rejected

2019-04-09

Reuters:  Yahoo has struck a revised $117.5 million settlement with millions of people whose email addresses and other personal information were stolen in the largest data breach in history. The proposed class-action settlement made public on Tuesday was designed to address criticisms of U.S. District Judge Lucy Koh in San Jose, California. She rejected an earlier version of the accord on Jan. 28, and her approval is still required...

Read more...

 

Canada ‘Very Likely’ Will be Hit by Foreign Cyber Threats Before October Election: Federal Report

2019-04-08

IT World Canada:  Despite widespread publicity, finger-pointing and the laying of criminal indictments, some countries continue trying to interfere online with democratic processes around the world. As a result Canada’s electronic spy agency believes it is now “very likely” Canadians voters will encounter some form of foreign cyber interference during the run-up to October’s federal election, most likely through disinformation — commonly called fake news...

Read more...

 

More than 300,000 Cyber Criminals are Selling your Credit Card Details on Facebook, Experts Warn

2019-04-08

TheSun:  Cyber-crime Facebook groups where members buy and sell the credit card numbers of fraud victims and share other online crime tips have been uncovered by a report. A total of 74 groups have been found so far and they contain around 385,000 members...

Read more...

 

City Treasurer Sends $128,000 to Fraudsters in Email Phishing Scam

2019-04-09

CTV:  After an investigation, City of Ottawa Auditor General, Ken Hughes, says City Treasurer, Marian Simulik, sent nearly $98,000US to fraudsters posing as City Manager Steve Kanellakos. It happened in July 2018. Hughes says that’s when Simulik received an email that looked like it was from Kanellakos asking the treasurer to send money to a company for work done...

Read more...

 

WhatsApp Scams Explode: Hongkongers Bilked of HK$2.7 Million in Three Months on Facebook-owned Messaging Service

2019-04-09

CSO:  More than 150 Hongkongers have been bilked out of HK$2.7 million (US$340,000) in WhatsApp scams this year, with creative fraudsters devising new ways to use the popular messaging service. Police on Monday said that the amount of defrauded money was up 50 per cent from last year, even as the number of WhatsApp victims fell by more than 40 per cent...

Read more...

 

Know Your Breach: Delta

The target: Delta Air Lines, a major American airline.

The take: Hackers may have accessed names, addresses, credit card numbers, CVV numbers and expiration dates for “several hundred thousand” customers during approximately two months.

The attack vector: [24]7.ai, Delta's online chat services provider, suffered a malware attack and failed to notify its client of the breach until a few months following the intrusion.

Read more...

HSBC’s Voice Recognition Technology has Saved Bank £300 Million in Fraud

2019-04-01

Tech Digest:  Technology which enables HSBC customers to access bank accounts using their voice as a password has prevented over £300 million falling into the hands of fraudsters since it launched in the UK, claims the bank. More than 1.6 million HSBC customers across the UK now use VoiceID, which launched in 2016. HSBC said attempted frauds have been growing, with general increased activity by fraudsters thought to be as a result of a significant number of third-party data breaches as well as phishing emails and scam text messages in recent years...

Read more...

 

Microsoft Seizes Websites it Traces to Iranian Hackers

2019-03-27

New York Times:  Microsoft took control of 99 websites that it said Iranian hackers had used to try to steal sensitive information from targets in the United States, according to court documents unsealed Wednesday. By taking over the sites, Microsoft can stop future cyberattacks and monitor how previously infected computers were compromised, the company said...

Read more...

 

Toyota Announces Second Security Breach in the Last Five Weeks

2019-03-29

ZD Net:  Japanese car maker Toyota announced its second data breach today, making it the second cyber-security incident the company acknowledged in the past five weeks. While the first incident took place at its Australian subsidiary, today's breach was announced by the company's main offices in Japan...

Read more...

 

U.S.-Israeli Cybersecurity Firm Aqua Raises $62 Million

2019-04-03

Reuters:  U.S.-Israeli cybersecurity firm Aqua Security said on Wednesday it raised $62 million in a funding round led by Insight Partners, bringing the company’s total venture funding to more than $100 million. Aqua’s existing investors - Lightspeed Venture Partners, Microsoft’s venture fund M12, TLV Partners and Israeli billionaire Shlomo Kramer - also participated in the round...

Read more...

 

Iran Conducted Cyber Attacks on UK Infrastructure

2019-04-03

Silicon:  The risk of data security incidents is increasing as pension funds insufficiently factor cybersecurity into their risk assessments, Dutch pensions supervisor De Nederlandsche Bank (DNB) has warned. In its annual security monitor, the regulator said that financial institutions, including pension funds, insufficiently evaluated their risk management in this area, or failed to anticipate developments in data security...

Read more...

 

Pension Funds Falling Short on Cybersecurity, Regulator Warns

2019-04-01

IPE:  The risk of data security incidents is increasing as pension funds insufficiently factor cybersecurity into their risk assessments, Dutch pensions supervisor De Nederlandsche Bank (DNB) has warned. In its annual security monitor, the regulator said that financial institutions, including pension funds, insufficiently evaluated their risk management in this area, or failed to anticipate developments in data security...

Read more...

First Australian Threat Report From Cyber Security Firm Carbon Black Finds That 89% Of Australian Businesses Surveyed Have Been Breached During The Past 12 Months

2019-04-01

CSO: Carbon Black, a leader in cloud-delivered, next generation endpoint security, today released the results of its first Australian Threat Report. According to the survey research, attacks are increasing in volume and sophistication, causing regular security breaches affecting 89% of organisations surveyed. The report analyses survey results from different industries, organisation sizes and IT team sizes to build a picture of the modern attack and cyber defence landscape in Australia...

Read more...

Know Your Breach: Verification.io

The target: Verification.io, who offer ‘e-mail validation’ services to advertisers.

The take: Over two billion records were exposed, consisting of e-mail addresses, often with associated names, social media accounts, phone numbers, dates of birth, ZIP codes – as well as credit score information, mortgage amounts, interest rates, and other data. Also exposed were names, revenues, and other business-specific data for a number of companies.

The attack vector: A database server was discovered by security researchers to be exposed to the public web, completely unencrypted and without any form of password protection or access control in place.

Read more...

Hackers Attacked One-Million Plus Asus Users Through Malicious Update

2019-03-25

Reuters: Hackers were able to deliver malware to the more one million-plus Asus computer owners last year by hijacking the company’s software update system, security researchers said on Monday. Moscow-based cyber security provider Kaspersky Lab said the attack took place between June and November last year and was used to deliver a software update with a “backdoor” that would give hackers access to infected machines...

Read more...

E-Mail Log-in Details of Govt Staff Put Up for Sale on Dark Web

2019-03-22

StraitsTimes: E-mail log-in information of employees in several government agencies and educational institutions, as well as details of over 19,000 compromised payment cards from banks here, has been put up for sale online by hackers. Russian cyber-security company Group-IB revealed on Tuesday that it discovered the user log-ins and passwords from several government organisations on the Dark Web over the past two years. The compromised payment card information, which it said was valued at more than US$640,000 (S$863,000), was found last year...

Read more...

Aluminium Firm Cyber-attack Cost at Least £25.6m

2019-03-27

BBC: A cyber-attack on a Norwegian aluminium company has cost it at least 300 million Norwegian kroner (£25.6m). Hydro, which employs 35,000 people in 40 countries, was hit by malware last week. The company said it was slowly bringing affected systems back online but the "preliminary" cost of the incident had been about 300-350 million kroner. Most of those losses had been in its Extruded Solutions division, which makes aluminium facades, Hydro said...

Read more...

The Latest Dark Web Cyber-criminal Trend: Selling Children's Personal Data

2019-03-27

Zdnet: Imagine you're a teenager, applying for credit to buy your first car or maybe a loan to go to university. You don't remember taking out a credit card when you were six years old, but the bank is adamant, and now you have a poor credit rating and in their eyes, you're persona non grata. That future suddenly isn't so bright. How could this be? Cyber criminals are hacking into sensitive networks to steal the identities of children and are selling it on in underground market places...

Read more...

More than 110,000 Australians Caught up In September's Facebook Cyber-attack

2019-03-26

TheGuardian: The detailed personal information of more than 60,000 Australians was exposed in a massive cyber-attack on Facebook last year, giving hackers the ability to access their movements, hometown, search history, email and phone number. Internal documents reveal the attack on Facebook in September last year affected an estimated 111,813 Australians, among roughly 29 million worldwide...

Read more...

Ukrainian Man Faces up to 6 Years in Jail for Cryptojacking on his own Websites

2019-03-27

Cointelegraph: Ukraine’s Cyber Police have arrested a man who allegedly placed crypto mining malware scripts on his own websites, local law enforcement reported on March 26. The cyber crime unit of the national police of Ukraine arrested a 32-year-old man from the Bukovina region who allegedly placed cryptojacking software on a number of educational websites that he created and administered. The unspecified websites and internet resources had 1.5 million monthly visitors, the police reported...

Read more...

Council Staff Caught Out By Fake Phishing Emails to Test Cyber Security

2019-03-26

Chichester: Members of the regulation, audit & accounts committee were told on Monday that, in order to assess weak points within the council’s cyber defence, a variety of emails were sent to 886 staff. The messages, which were sent by a third party, included offers for cheap pizza and free iPhones. Another told them they needed to change their bank details, while another claimed to be from the council itself and told them they needed to reset their work passwords...

Read more...