Industry News: ESG5

2019-04-16

eWeek:  BlackBerry is a very different company today than it was a decade ago, as the one-time mobile giant is now firmly positioning itself to be a global player in the cyber-security market. Among the new assets in the BlackBerry security portfolio is Cylance, which BlackBerry acquired in a $1.4 billion deal announced in November 2018. Cylance is, however, only one of many cyber-security technologies within BlackBerry. In a video interview with eWEEK, BlackBerry CTO Charles Eagan explains what his company is now doing in cyber-security as it transitions away from its mobile device past...

The target: Timehop, an application which aggregates old posts and photos from user’s social media feeds.

The take: Personal information including some combinations of name, e-mail address and phone number, to a total of 21 million records.

The attack vector: An account with administrative access to Timehop’s cloud computing environment was not protected with two-factor authentication – the attacker accessed the account, created a separate administrator credential for their own use in December of 2017. The attacker maintained access and performed reconnaissance for eight months until they proceeded to exfiltrate user data in July of 2018.

Read more...

2019-04-08

Security Week:  JPMorgan Chase spends Roughly $600 Million Annually on its Security Efforts, and Employs Around 3,000 People Involved With Cybersecurity. In his annual letter to shareholders, Jamie Dimon, chairman and CEO of JPMorgan Chase discusses the position and role of the bank in America and the American economy. Against a background of strong performance ($32.5 billion in net income on revenue of $111.5 billion in the last year...

2019-04-09

Reuters:  Yahoo has struck a revised $117.5 million settlement with millions of people whose email addresses and other personal information were stolen in the largest data breach in history. The proposed class-action settlement made public on Tuesday was designed to address criticisms of U.S. District Judge Lucy Koh in San Jose, California. She rejected an earlier version of the accord on Jan. 28, and her approval is still required...

2019-04-08

IT World Canada:  Despite widespread publicity, finger-pointing and the laying of criminal indictments, some countries continue trying to interfere online with democratic processes around the world. As a result Canada’s electronic spy agency believes it is now “very likely” Canadians voters will encounter some form of foreign cyber interference during the run-up to October’s federal election, most likely through disinformation — commonly called fake news...

2019-04-08

TheSun:  Cyber-crime Facebook groups where members buy and sell the credit card numbers of fraud victims and share other online crime tips have been uncovered by a report. A total of 74 groups have been found so far and they contain around 385,000 members...

2019-04-09

CTV:  After an investigation, City of Ottawa Auditor General, Ken Hughes, says City Treasurer, Marian Simulik, sent nearly $98,000US to fraudsters posing as City Manager Steve Kanellakos. It happened in July 2018. Hughes says that’s when Simulik received an email that looked like it was from Kanellakos asking the treasurer to send money to a company for work done...

2019-04-09

CSO:  More than 150 Hongkongers have been bilked out of HK$2.7 million (US$340,000) in WhatsApp scams this year, with creative fraudsters devising new ways to use the popular messaging service. Police on Monday said that the amount of defrauded money was up 50 per cent from last year, even as the number of WhatsApp victims fell by more than 40 per cent...

The target: Delta Air Lines, a major American airline.

The take: Hackers may have accessed names, addresses, credit card numbers, CVV numbers and expiration dates for “several hundred thousand” customers during approximately two months.

The attack vector: [24]7.ai, Delta's online chat services provider, suffered a malware attack and failed to notify its client of the breach until a few months following the intrusion.

Read more...

2019-04-01

Tech Digest:  Technology which enables HSBC customers to access bank accounts using their voice as a password has prevented over £300 million falling into the hands of fraudsters since it launched in the UK, claims the bank. More than 1.6 million HSBC customers across the UK now use VoiceID, which launched in 2016. HSBC said attempted frauds have been growing, with general increased activity by fraudsters thought to be as a result of a significant number of third-party data breaches as well as phishing emails and scam text messages in recent years...