The Republican Party's House campaign committee said it was a victim of "cyber intrusion" during the 2018 midterm campaign. Party officials told Politico that "thousands of sensitive emails" were stolen in the National Republican Congressional Committee hack. The party has reported the incident to the FBI.
Source: Associated Press
Over the course of this week, some printers have been printing out a strange message asking people to subscribe to PewDiePie's YouTube channel. The message appears to be the result of a simple exploit that allows printers to receive data over the internet, including print commands. A person with the online handle TheHackerGiraffe has claimed responsibility for the attack.
Via: The Verge
Earlier this month, hackers attempted to breach Dell's network and obtain customer information, according to the company. While it says there's no conclusive evidence the hackers were successful in their November 9th attack, it's still possible they obtained some data.
Via: The Verge
Police in Bulgaria have arrested an alleged Russian hacker who may be responsible for a huge Android ad scam that netted $10 million. The individual identified as Alexander Zhukov is a Saint Petersburg native who's been living in Varna, Bulgaria, since 2010 and was apprehended on November 6th after the US issued an international warrant for his arrest, according to ZDNet.
The Centers for Medicare and Medicaid Services (CMS) now has details about the data stolen in the breach of Healthcare.gov that occurred last month. According to the government agency, a significant amount of personal information including partial Social Security numbers, tax information and immigration status was compromised in the breach. No financial information was stolen.
The Justice Department has charged ten Chinese nationals -- two of which are intelligence officers -- of hacking into and stealing intellectual property from a pair of unnamed US and French companies between January 2015 to at least May of 2015. The hackers were after a type of turbofan (portmanteau of turbine and fan), a large commercial airline engine, to either circumvent its own development costs or avoid having to buy it. According to the complaint by the Department of Justice, a Chinese aerospace manufacturer was simultaneously working on making a comparable engine. The hack afflicted unnamed aerospace companies located in Arizona, Massachusetts and Oregon.
Via: ZD Net
Source: US Department of Justice
The hackers who were responsible for the Uber data breach that affected 57 million users around the world have been indicted... for another hack altogether, according to TechCrunch. Canadian citizen Vasile Mereacre and Florida resident Brandon Glover have been indicted for stealing account information from LinkedIn training site Lynda.com, but a TechCrunch source said they were also behind the massive Uber breach back in 2016. If true, then they got caught for a much smaller scheme: the Lynda cyberattack only compromised 55,000 accounts.
Cathay Pacific, the primary airline of Hong Kong known for its high-speed WiFi, was hit with a major data breach that affects up to 9.4 million passengers. The company said that personal information including passport numbers, identity card numbers, credit card numbers, frequent flyer membership program numbers, customer service comments and travel history had been compromised. No passwords were compromised, which may not be any consolation.
Via: The Guardian
Source: Cathay Pacific
Dan Coats, the US director of national intelligence, said there's "no evidence" that Chinese spies tampered with servers bought by up to 30 companies, including the likes of Apple and a telecom provider, as Bloomberg reported earlier this month. However, he told Cyberscoop that "we're not taking anything for granted. We haven't seen anything, but we're always watching."
Via: The Verge
Earlier this month, Bloomberg reported that San Jose-based server company Super Micro installed surveillance micro-chips in the Chinese data center hardware of up to 30 companies, including Amazon and Apple. These chips were supposedly used to steal intellectual property. However, all companies that were named in the initial report have denied Bloomberg's claims. Now, Apple CEO Tim Cook is calling on the well-reputed publication to retract its story altogether, according to BuzzFeed News.
Source: BuzzFeed News
Facebook couldn't have picked a worse time to introduce Portal, a camera-equipped smart display designed to make video chatting in your home easier. And, if the rumors are true, the company is reportedly also preparing to launch a video chat camera for your TV, based on the same system as Portal. Not only does news of this hardware come at a time when when Facebook is under major scrutiny after suffering a massive data breach in September, which exposed private information of 29 million users, including usernames, birth date, gender, location, religion and the devices used to browse the site. But the most concerning part about Portal, is that Facebook's own executives don't seem to have a basic understanding of what types of data the company will be collecting or what it will be using it for.
The Pentagon still has to grapple with data security woes despite efforts to harden its sites and networks. Defense Department officials have revealed that a travel record data breach at an unnamed contractor exposed the personal info of military and civilian staffers, including credit cards. An AP source said that this didn't compromise classified material, but it affected "as many as" 30,000 workers. There's a chance that number might get larger, according to the source.
Source: AP News
According to cybersecurity firm Palo Alto Networks, it discovered a fake Flash updater that has been duping conscientious computer users since August. The fake updater installs files to sneak a cryptocurrency mining bot called XMRig, which mines for Monero.
But here's the catch, while the fake updater is installing the XMRig malware, it's also updating the user's Flash.
Via: The Next Web
Source: Palo Alto Networks
Today, Facebook provided additional information on the data breach it disclosed last month. Whereas it initially said up to 50 million users might have been affected, it now reports that 30 million were impacted by the breach. By exploiting a system vulnerability, attackers were able to steal digital keys called access tokens from those 30 million users, and Facebook has now laid out how those users were affected. The company is also notifying those impacted, but if you don't want to wait to be notified, you can check if your account was affected through this link.
Even though the number of users affected by Facebook's most recent hack was lowered to 29 million, from 50 million, it's still safe to say the attack was worse than originally thought. That's because we now know that the breach, which Facebook revealed a couple of weeks ago, exposed very detailed information of 14 million of those users, including their username, birthdate, gender, location, relationship status, religion, hometown, self-reported current city, education, work, the devices they used to access Facebook and the last 10 places they checked into (or were tagged in) on the site. The attackers, whose identities Facebook won't reveal because of an ongoing FBI investigation, were also able to view which people/Pages were followed by these 14 million users, as well as their 15 most recent searches on Facebook.
Late last month, Facebook announced a data breach that affected up to 50 million of its users. The issue involved access tokens -- digital keys that let people remain logged into Facebook -- and a vulnerability allowed attackers to steal those tokens and hijack other users' Facebook accounts. The company has now released an update on that report and it now says fewer people were affected that it originally thought. "Of the 50 million people whose access tokens we believed were affected, about 30 million actually had their tokens stolen," it said.
Users of two major mobile payment services in China -- Alipay and WeChat Pay -- have reported unauthorized Apple App Store spending in recent days, with some losing nearly $300 through fraudulent transactions. The companies say that stolen Apple IDs are to blame, the Wall Street Journal reports, and Alipay has asked Apple to investigate. In the meantime, Alipay is telling its customers to minimize potential losses by reducing how much money can be used from their accounts without a password.
Data center hardware used by Apple and Amazon may have been fitted with surveillance micro-chips by Chinese server company Super Micro, claims Bloomberg in a new report. Almost 30 US companies reportedly fell prey to the "attack," with the chips used to snatch intellectual property and trade secrets, according to Bloomberg's anonymous government and corporate sources. The report notes that no "consumer data is known to have been stolen."
Source: Bloomberg Businessweek
The Facebook hack compromised 50 million users, but the damage might not be as extensive as some expected. In a statement, company security VP Guy Rosen revealed that investigators "found no evidence" of the intruders accessing third-party apps with its Facebook Login feature. Some sites using the single sign-on also confirmed that there was no indication of a data breach on their end, although they're not necessarily taking chances.
Facebook announced on Friday that it has suffered a data breach affecting up to 50 million users. According to a report from the New York Times, Facebook discovered the attack on Tuesday and have contacted the FBI. The exploit reportedly enables attackers to take over control of accounts so, as a precaution, the social network has automatically logged out more than 90 million potentially compromised accounts.
One of the men involved in an ATM jackpotting scheme in January this year is already facing punishment. A district court in Connecticut has sentenced Argenys Rodriguez to just over a year in prison, plus two years of supervised release and $121,355 in restitution, for collaborating on hacks that slipped malware into bank machines and forced the devices to spit out their cash. Rodriguez had pleaded guilty to bank fraud in June and will start his sentence on November 26th.
Source: Department of Justice
A white-hat hacker briefly promised to livestream his bid to hack into Mark Zuckerberg's Facebook account on Sunday, September 30th). "Broadcasting the deletion of Facebook founder Zuck's account," Chang Chi-yuan told his 26,000-plus followers on the social network, adding: "Scheduled to go live." By Friday afternoon, the stream had been cancelled.
Source: Chang Chi-yuan (Facebook)
Last year, reports surfaced that Uber had been hit with a data breach, but instead of reporting it to the government or to those affected, it chose to cover it up. Now, the company will pay $148 million as part of a settlement, and the money will be disbursed between each US state and Washington, DC. After the hack and Uber's response to it became public, a number of states launched investigations into the incident while others filed lawsuits.
Source: New York Attorney General
It's not just British companies succumbing to large-scale payment data breaches in recent weeks. RiskIQ and Volexity have discovered that hackers inserted Magecart card skimming code into Newegg's payment page between August 14th and September 18th, intercepting credit card data and sending it to a server with a similar-looking domain.
The latest government data breach affected State Department employee emails. On September 7th, workers were notified that their personally identifiable information was obtained by an unnamed actor, according to a recent report from Politico. It apparently impacted "less than one percent" of employees and direct victims of the breach were alerted at the time. Apparently, this didn't affect classified information, so at least there's that.