A teenager faces upwards of 10 years in prison for downloading 7,000 freedom of information releases that contained people’s sensitive personal information. On 11 April, Nova Scotia’s police raided the home of a yet-unnamed 19-year-old. As many as 15 officers seized computer equipment from the teen, who lives with his parents and siblings and is […]… Read More
The post Teen Faces 10 Years in Prison for Downloading 7K Freedom of Information Releases appeared first on The State of Security.
A newly issued patch plugs more than a dozen vulnerabilities that affect certain versions of an industrial multiport secure router series. On 13 April, Cisco Talos published a report revealing the security weaknesses as part of a coordinated disclosure strategy with Moxa, an automation solutions provider for companies seeking to get the most out of […]… Read More
The post Patch Plugs More Than a Dozen Vulnerabilities Affecting Industrial Secure Router Series appeared first on The State of Security.
The chief executive officer of a Bitcoin exchange believes the theft of more than $3 million from the platform was an inside job. On 12 April, the team behind Coinsecure replaced the Indian exchange’s website with a statement. The notice reveals that someone exposed users’ Bitcoin funds and then stole them out of a wallet […]… Read More
The post Inside Job Behind Theft of $3M from Bitcoin Exchange, Says CEO appeared first on The State of Security.
A U.S. federal appeals court has ruled that victims of a payment card data breach at Barnes & Noble can seek damages against the national bookseller. According to Reuters, the decision came on 11 April when the 7th U.S. Circuit Court of Appeals in Chicago said that Heather Dieffenbach of California and Susan Winstead of […]… Read More
The post U.S. Appeals Court Says Barnes & Noble Data Breach Victims Can Seek Damages appeared first on The State of Security.
Great Western Rail has taken the precaution of resetting the passwords for all its customers after detecting a limited campaign of password reuse attacks. As reported by The Register, the British train operating company detected password reuse attacks against some of its customers’ GWR.com accounts. In total, it found that bad actors had targeted 1,000 […]… Read More
The post Great Western Rail Resets All Customer Passwords after Detecting Password Reuse Attacks appeared first on The State of Security.
Verizon Enterprise has named ransomware the most prevalent variety of malware in its 2018 Data Breach Investigations Report (DBIR). For the 11th edition of its report, Verizon Enterprise analyzed 53,308 incidents with 2,216 confirmed data breaches. Researchers with the American multinational telecommunications conglomerate found that three in 10 incidents included malware. Of those that did, […]… Read More
The post Ransomware Named Most Prevalent Malware in Verizon’s 2018 DBIR appeared first on The State of Security.
The United States Secret Service is warning of a new scam in which thieves are targeting the chip-based debit cards issued to corporations. As reported by Brian Krebs, the scam involves criminals intercepting a newly issued debit card along its way to a corporation, tampering with the chip and waiting until it’s activated so that […]… Read More
The post New Scam Targeting Corporations’ Chip Cards, Warns Secret Service appeared first on The State of Security.
A shopper has filed a class-action lawsuit seeking at least $5 million in damages for a data breach that affected Saks Fifth Avenue and Lord & Taylor. According to Women’s Wear Daily, shopper Antranik Mekerdijian filed a class action lawsuit against Hudson’s Bay Company, owner of the two luxury department stores, in a California federal […]… Read More
The post Shopper’s Lawsuit Seeks $5M in Damages for Data Breach at Saks Fifth Avenue, Lord & Taylor appeared first on The State of Security.
Mark Zuckerberg doesn’t plan on extending the European Union’s General Data Protection Regulation (GDPR) to all Facebook users. On 3 April, Facebook’s chief executive told Reuters in a phone interview that the social networking platform was working on applying a version of the Regulation to users worldwide. When asked what parts of the framework would […]… Read More
The post Mark Zuckerberg Doesn’t Plan to Extend GDPR to All Facebook Users appeared first on The State of Security.
The personal information of millions of Panera Bread customers was reportedly left exposed online for at least eight months. According to reports, the popular US bakery-café chain, which operates over 2,100 locations, was initially alerted of the data leak back in August 2017. As reported by security journalist Brian Krebs, researcher Dylan Houlihan contacted the […]… Read More
The post Panera Bread’s Website Reportedly Leaked Millions of Customer Records appeared first on The State of Security.
A major U.S. pipeline network temporarily disabled a system that digitally processes customer transactions following a digital attack. Energy Transfer Partners (ETP), a Fortune 500 oil and natural gas company, disclosed the incident on 2 April in a notice sent to shippers. According to Dallas News, the announcement reveals that digital attackers targeted the electronic […]… Read More
The post U.S. Pipeline Network Disables Transactions System After Digital Attack appeared first on The State of Security.
Saks Fifth Avenue and Lord & Taylor have both suffered a data breach involving customers’ debit and credit card information. The data breach became apparent on 28 March when Joker’s Stash, a seller of stolen payment card details on underground markets, announced its “BIGBADABOOM-2” sale of five million cards. Working with financial organizations, Gemini Advisory […]… Read More
The post Saks Fifth Avenue, Lord & Taylor Suffer Payment Card Data Breach appeared first on The State of Security.
Under Armour has taken steps to notify 150 million MyFitnessPal users of a data breach that might have affected their account information. On 29 March, Under Armour published a statement announcing that it was working to notify approximately 150 million users of MyFitnessPal, a food and nutrition app and website for the American clothing manufacturer, […]… Read More
The post Under Armour Notifies 150M MyFitnessPal Users of Data Breach appeared first on The State of Security.
Facebook has announced its plans to expand its bug bounty program to include issues of app developers misusing users’ data. On 26 March, Facebook’s director of product partnerships Ime Archibong made public the social network’s intention to reward researchers for spotting instances of data misuse by app developers. The change is expected to take effect […]… Read More
The post Facebook to Include Data Misuse Issues in Bug Bounty Program appeared first on The State of Security.
Ransomware is still rampant across organizations worldwide, with roughly 56 percent of businesses experiencing a ransomware attack in the last 12 months, new research revealed. The findings come from SentinelOne’s 2018 Global Ransomware Study conducted by Vanson Bourne, which surveyed 500 businesses in the UK, France, Germany and the United States. Of the organizations affected […]… Read More
The post 56% of Orgs Hit with Ransomware Attack in the Past Year, Finds New Survey appeared first on The State of Security.
City officials have confirmed they detected what they’re calling a “limited breach” on a system that supports Baltimore’s 911 emergency services. According to The Baltimore Sun, city personnel detected the intrusion at 08:30 local time on 25 March. The quickly determined that unknown attackers had hacked into the municipality’s computer-aided dispatch (CAD) system. This type […]… Read More
The post “Limited Breach” Detected on System Supporting Baltimore’s 911 Emergency Services appeared first on The State of Security.
The city of Atlanta is struggling to recover from a ransomware infection days after the initial attack targeted its computer network. As of 26 March, the municipality was still struggling to collect customers’ online payments for bills and fees. Such disruption continues to plague the State of Georgia’s capital city at a time when Atlanta […]… Read More
The post Atlanta Struggling to Recover from Ransomware Infection Days After Attack appeared first on The State of Security.
Nearly one in five students at Ohio State University clicked on unverified links in emails sent to them as part of a phishing simulation. On 31 January, the IT risk management office at Ohio State University (OSU) initiated a phishing exercise against the university’s student population. Its intention was to determine how many students would […]… Read More
The post 19% of Ohio State University Students Clicked on Links in Phishing Simulation appeared first on The State of Security.
The city of Atlanta’s computer network is reportedly experiencing outages, which are believed to have been caused by a targeted cyber-attack. According to Atlanta-based news station 11Alive, multiple sources familiar with the situation confirmed that various city systems had been impacted. In a statement on Twitter, the city said it is “currently experiencing outages on […]… Read More
The post City of Atlanta Computer Systems Reportedly Hit by Cyber-Attack appeared first on The State of Security.
Netflix has launched a public bug bounty program through which security researchers can receive rewards of up to $15,000. Announced on 21 March, the streaming service’s new vulnerability responsible disclosure framework will award researchers upwards of thousands of dollars for reporting weaknesses discovered in Netflix’s primary targets. In-scope applications include the American entertainment company’s API, […]… Read More
The post Researchers Can Earn up to $15K in Netflix’s New Public Bug Bounty Program appeared first on The State of Security.
The oil and gas sector in the Middle East has become a top target for cybercriminals, enduring 50 percent of all cyber-attacks in the region, revealed a new report. The study, conducted by industrial giant Siemens and the Ponemon Institute, polled around 200 individuals in the Middle East responsible for securing or overseeing cyber risk […]… Read More
The post New Survey: 75% of Middle East Oil & Gas Companies Have Suffered a Security Compromise appeared first on The State of Security.
Texas-chartered Frost Bank has detected an instance of unauthorized access that might have exposed the images of some electronically stored checks. Frost, which is one of the largest banks in Texas at 139 branches across the state, detected the security incident in March 2018. According to a statement published on its website, the event involved […]… Read More
The post Frost Bank Detects Unauthorized Access that Could Have Exposed Check Images appeared first on The State of Security.
Microsoft has launched a limited-time bug bounty program to help discover and address vulnerabilities similar to Spectre and Meltdown. On 14 March, the Redmond-based tech giant announced a framework for speculative execution side channel vulnerabilities. The program encourages researchers to submit their discoveries of hardware design weaknesses on par with Spectre and Meltown, two vulnerabilities […]… Read More
The post Microsoft Launches Limited-Time Bug Bounty Program for Bugs Like Spectre and Meltdown appeared first on The State of Security.
For the first time on record, the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) publicly blamed Russia for attempting to hack U.S. energy infrastructure. On 15 March, DHS and FBI published a joint Technical Alert (TA) via the United States Computer Emergency Readiness Team (US-CERT). In it, officials say Russian […]… Read More
The post For the First Time, DHS and FBI Accuse Russia of Hacking U.S. Energy Organizations appeared first on The State of Security.
A US-based power company has agreed to pay a $2.7 million penalty after inadvertently exposing sensitive data online and violating energy industry cybersecurity standards. According to an electronic filing by the North American Electric Reliability Corporation (NERC) on Feb. 28, the unnamed utility reached the settlement with power regulators despite neither admitting nor denying the […]… Read More
The post US Power Company Fined $2.7M for Failing to Comply with Energy Industry Cyber Standards appeared first on The State of Security.
A new family of point-of-sale malware called “PinkKite” uses a unique method to exfiltrate consumers’ stolen payment card information. Kroll Inc. researchers Matt Bromiley and Courtney Dayter presented on the threat during Kaspersky’s Security Analyst Summit 2018 on 9 March. In their talk entitled “It’s a Small World After All: The Evolution of Small POS […]… Read More
The post Unique Data Exfiltration Method Makes PinkKite POS Malware Stand Out appeared first on The State of Security.