Data Breaches - W/E - 092118
Breach of Email System Affects Some State Department Employees (09/19/2018)
A data breach hit the State Department's unclassified email system and a portion of the agency's employees had their information exposed. A September 7 alert that was shared with Politico stated that the incident affected "less than 1% of employee inboxes" and "We have determined that certain employees' personally identifiable information (PII) may have been exposed. We have notified those employees."
A data breach hit the State Department's unclassified email system and a portion of the agency's employees had their information exposed. A September 7 alert that was shared with Politico stated that the incident affected "less than 1% of employee inboxes" and "We have determined that certain employees' personally identifiable information (PII) may have been exposed. We have notified those employees."
Iranian Hackers Breach UK Universities, Sell Sensitive Data on WhatsApp (09/18/2018)
Oxford, Cambridge, and other top level UK universities have had their sensitive research breached by Iranian hackers, The Telegraph reported. While much of the information that was stolen isn't critical, some of it pertains to nuclear development and computer encryption. The documents are being sold on Farsi language sites and WhatsApp messaging app at prices as low as $2.63 USD. SecureWorks identified the theft in August after uncovering an URL spoofing login page and linking the activity to Iran.
Oxford, Cambridge, and other top level UK universities have had their sensitive research breached by Iranian hackers, The Telegraph reported. While much of the information that was stolen isn't critical, some of it pertains to nuclear development and computer encryption. The documents are being sold on Farsi language sites and WhatsApp messaging app at prices as low as $2.63 USD. SecureWorks identified the theft in August after uncovering an URL spoofing login page and linking the activity to Iran.
Magecart Threat Actor Breaches US Retailer Newegg (09/19/2018)
Analysis from RiskIQ and Volexity shows the Magecart threat actor breached online retailer Newegg after creating a phony Web site to draw victims in. The fake site enabled the thieves to skim credit card information. RiskIQ's report and Volexity's assessment provide further information into Magecart's tactics and the Newegg breach, which ran from August 14 until September 18.
Analysis from RiskIQ and Volexity shows the Magecart threat actor breached online retailer Newegg after creating a phony Web site to draw victims in. The fake site enabled the thieves to skim credit card information. RiskIQ's report and Volexity's assessment provide further information into Magecart's tactics and the Newegg breach, which ran from August 14 until September 18.
MongoDB Exposes 11 Million Records (09/19/2018)
Eleven million customer records have been exposed due to an insecure MongoDB database that was discovered by Kromtech's Bob Diachenko. He found the unprotected database on September 17, but it had been exposed for four days and leaked 43.5 GB of information, which amounted to nearly 11 million records originating from Yahoo accounts. It is not known where this database originated.
Eleven million customer records have been exposed due to an insecure MongoDB database that was discovered by Kromtech's Bob Diachenko. He found the unprotected database on September 17, but it had been exposed for four days and leaked 43.5 GB of information, which amounted to nearly 11 million records originating from Yahoo accounts. It is not known where this database originated.