Research by Proofpoint has identified a phishing attack on twitter targeting brand managers and influencers. The attack is carried out by means of a legitimate twitter ad offering account verification.
The ads are from @SupportForAll6 account and uses twitter branding, logos and colours making it look authentic. Users who follow the link are directed to a domain twitterhelp[.]info where users are required to provide their twitter username, email address, phone number and account password in a form. In the next step, the user is asked to provide a credit card number and security code for “verification purposes”
User education and technical processes like ad blocking are a must in the fight against phishing and other cyber attacks.
Students and staff records in a Michigan State University database has been accessed by unauthorized third party
How many victims? 400,000 records of 449 students and staff.
What type of information? Names, social security numbers, MSU identification numbers, and in some cases, date of birth of faculty, staff and students who were employed by MSU between 1970 and Nov. 13, 2016, and students who attended MSU between 1991 and 2016.
What happened? Michigan State University announced last Friday that a server and a database containing the breached information was accessed by an unauthorized third party on November 13. The database was taken offline in less than 24 hours but the attacker accessed records of 449 individuals.
What was the response? MSU’s IT team immediately determined the cause and nature of the breach and the MSU Police Department is working with federal law enforcement to investigate the crime. The university already notified affected parties and has offered them two years of identity theft protection, fraud recovery credit card monitoring for free. They also ensured that the database did not contain passwords, financial, acadmeic, contact, gift or health information, according to SC Magazine.
1.3 million personal and medical records leaked in Australia’s biggest data breach
How many victims? 1.28 million records
What type of information? Personal and medical information such name, gender, physical and email address, phone number, date of birth, blood type and country of birth. It also contains sensitive data such as whether someone has engaged in high-risk sexual behaviour.
What happened? An anonymous source found 1.74GB file containing 1.28 million donor records going back to 2010 on a publicly accessible website and notified Troy Hunt. The discovery was made via a scan of IP address built to search for publicly exposed web servers that returned directory listings containing .sql files.
What was the response? The Australian Red Cross has said that it had made contact with the Australian Cyber Security Centre and the Australian Federal Police and notified the Office of the Australian Information Commissioner of the data breach. “We are deeply disappointed this could happen. We take full responsibility for this mistake and apologise unreservedly,” said Jim Birch, chair and Shelly Park, chief executive of the Blood Service. “We would like to assure you we are doing everything in our power to not only right this but to prevent it from happening again.”
Quote: “With sensitive data often passing between multiple companies during partnerships and sales, it’s essential that organisations have a data-centric security strategy in place to ensure that data is secure wherever it goes,” Steve Murphy Senior CP EMEA, Informatica told SCMagazineUK.com
The Hutchinson Community Foundation in Kansas was hit with a data breach and ransomware attack.
How many victims? Nearly 5,500
What type of information? Personal and financial information.
What happened? On September 19, officials at the foundation found ransomware on the foundation’s network server after clicking on a file and finding its contents encrypted. Upon further investigation they found that intruders had done more than infect their files with ransomware and had actually made it into the foundation’s systems.
What was the response? The foundation didn’t pay the ransom and was able to restore all of their data from backup files however; officials said the data breach could have allowed attackers to access the databases and files on its servers and declared the incident a breach. Not all of the donor records contained sensitive information, but those who had their financial information and other sensitive data stored on the compromised serves are being notified of the incident and will be offered up to a year of free identity monitoring services. Continue reading
Security researcher, Brian Krebs has described the operations of a specific skimmer that is bluetooth enabled. The skimmer fits neatly over the top of an Ingenico ISC250 point of sale terminal. The skimmer has its own battery and can grab data and send it to a mobile device within the bluetooth coverage area.
This makes it possible for cybercriminals to leave the mobile device running nearby and return for it later or store up the stolen information in the skimmer and download them later, SC Magazine reports.
A report by a security advisor for IBM, Limor Kessem showed how cyber criminals are employing a new tactic of using live chats to extract banking and personal information directly from victims in Brazil.
The report describes how the attack begins by sending an email with a link to the target victim. The link takes the victim to a fake webpage that emulates the victim’s bank website. The victim is then social engineered into divulging critical information through a live chat on the fake website.
The criminals can check the information provided since they are online and push an error message to the target if the information provided is not correct.
In the end, the victim is notified that the update was successful but should wait for 24 hours before login into their account. This gives them time for their fraudulent transactions to clear before the user realizes.
Over the past week, internet hosting company, OVH has suffered a massive DDoS attack with peaks of over 1Tb/s of traffic. This is the biggest DDoS attack known to date.
The founder and CTO of OVH tweeted: This botnet with 145607 cameras/dvr (1-30Mbps per IP) is able to send >1.5Tbps DDoS. Type: tcp/ack, tcp/ack+psh, tcp/syn,” and “last days, we got lot of huge DDoS. Here, the list of ‘bigger that 100Gbps’ only. You can see the simultaneous DDoS are close to 1Tbps!”.
KrebsonSecurity also suffered a huge attack of between 620 and 665 Gbps last week.