A letter to the Californian attorney general’s office was notified by the HSBC of the breached accounts which contained the name, all types of address, DOB, payee account information and much more.HSBC said that only 1% of its 38 million customers were breached. The breach may have happened through a technique called as “Credential Stuffing”, a hacking technique with the assumption that same passwords are being used everywhere. More than 80% of U.S adults reuse the same password, from a 1000 people survey and this is the reason for the prevalence of “credential stuffing attack”. Prevention is that users must regularly change their passwords. HSBC eradicated online access after being breached. The impacted customers were asked to contact them for seeking remediation’s. After acknowledging the countless quantity of breaches, the European’s General Data Protection Regulation requires companies to disclose personal data breaches to affected customers before 72 hours of becoming aware of them.
The defrauded of nearly $12 million in a phishing scam compounded by human error. The fraud led university staff members to transfer $11.8 million to a bank account they believed belonged to the vendor, the university said. members were involved in the transfer, there was no process in place which required staff members to phone the vendor to confirm the request to change banking information, but that will change. We are looking at the levels of staffing it must go through for authorization before somebody changes that,” he said. “There is going to be a secondary and tertiary level of approval before this goes on.“This incident was a result of human error resulting from a phishing attack.”Beharry said three separate payments, ranging from $22,000 to $9.9 million, were made to the vendor between Aug. 10 and Aug. 19. The organizations would not have any knowledge that somebody is phishing.”
Rostov police are looking for an unknown hacker who deftly stole from the ATM 1 million 264 thousand rubles without breaking the ATM. Presumably, on August 14, the hacker opened the ATM's pin-keyboard then connected to it and withdrew a large sum of money. It is interesting to note that the loss of money was noticed only two weeks later, as the hacker did not damage the device. Only on August 29, the head of the security service of the Bank appealed to the police and reported the theft of a large sum of money. The hacker hasn't been caught yet.
The researchers discovered malicious servers attempting to reconfigure vulnerable IoT devices in Brazil using an unauthenticated remote configuration URL which changes the DNS server settings of the modems/routers and resulting in all name resolution within the home of the affected consumers to be routed through malicious DNS servers.The attack redirects users seeking popular financial site, such as those used to pay a bill or check a bank statement. Researchers said the malicious DNS server controlling the attacks effectively becomes the middleman that provides the malicious actor to bring up fake portals and web fonts to collect sensitive information from users whose routers were infected. these attacks target the IoT device owner rather than other entities.
Thirty-two suspected gang members were charged on suspicion of committing a “high-tech crime,” which involved hacking into credit card terminals in dental and medical offices, and stealing patient identities, the California Department of Justice announced Monday. The gangs, known as the BullyBoys and CoCo Boys, teamed up to steal at least 40 credit card terminals, which he called the “modern cash register.” The terminals which are used to process credit and debit card burglarized and hacked to process $1 million. Becerra said. Some of the debit cards were opened with stolen identities.“But remember here as well, dentists and doctors, it’s not just about money,” Becerra said. “Very personal and confidential information has now been leaked to people about six businesses in Sacramento County were broken. The gangs predominantly operate in the Bay Area and They said he did not know of any BullyBoys or CoCo Boys activity in Sacramento, but it’s not uncommon for gangs to move throughout the state as they expand their criminal activity.
A safety researcher has demonstrated, on the current Def Con safety convention, Mac pc working Apple’s Excessive Sierra working system may be very simply hacked by merely tweaking two strains of the code. This revelation was made by Patrick Wardle, an ex-NSA hacker. Report dated August 13, 2018, provides an in-depth rationalization of this vulnerability and its detection. The report says- “Your Mac pc working the Apple’s newest Excessive Sierra working system may be hacked by tweaking simply two strains of code, a researcher demonstrated on the Def Con safety convention Patrick Wardle himself explains: “By way of a single click on, numerous safety mechanisms could also be fully bypassed. Run the untrusted app? click on ...allowed. Authorize keychain entry? click on ...allowed. Load Third-party kernel extension? click on ...allowed. Authorize an outgoing community connection? click on allowed.”
Presented on oct 2018, Repercussions-paid huge amount for ransom.
23 servers in Connecticut have brutally gone haywire due to a storming catastrophic ransomware attack, incurred during the time line of 2.49 A.M to 3.16 A.M on Oct 16th Tuesday dawn, reports the city of West-Haven. The city later emerged with a positivity note stating that the attack has been contained by evening 5.30 on 17th Oct. The mayor alongside the local and national authorities were instantly informed about this ransomware by the city’s IT manager, David W. Richards, after its discovery.During the investigation phase, the West Haven police were assisted by “MS-ISAC”, a division of the U.S department homeland security as well the DHS information sharing and analysis center for improving cybersecurity on various scales. They determined that the attack has thrived from the outskirts of U.S, announced during Thursday by the West Haven mayor Nancy R. Rossi.
Federal Investigation Agency (FIA) confirmed the shocking news that almost all the Pakistani banks were affected by a security breach, reported by FIA cybercrimes retired captain Mohammad Shoaib after acknowledging the shocking revelations of the credit and debit cards hosted Dark web forums. “More than 100 cases have been registered with the FIA and are under investigation,” says captian Shoaib which contains 20,000 Pakistani data’s hosted on the Dark web and even several infrastructure of Pakistani Banks compromised.Recent attacks indicate the need to improve the Banks security system. To implement better security, Al official’s from the Banks were called for a meeting to limit the damages and to improve the security standards. Banks are the custodians of people’s money invested an so Pilferage of those is an absurdity- Shoaib said. Last week a cyber attack on Bank Islami compromised 2.6 million from its accounts. Due to these attacks, Pakistani banks suspended usage of Debit cards as well blocked international transactions on their cards. Pakistan Computer Emergency Response Team (PakCERT) released a report with details such as Timeline and scale of leaks, the card skimming process used for Data extraction, the sales offered on the site JokerStash that contained over 11,000 records with more than 8,000 records pertaining to nine Pakistani banks.
Advanced persistent threat group (APT) the Cobalt Gang, also known as Gold Kingswood, is spreading SpicyOmelette malware in campaigns targeting financial institutions worldwide.it is often financial institutions which bear the brunt. Banking customers hoodwinked by fraudulent schemes or those that become the victims of theft through the loss of their financial credentials will often try to claim back lost funds — of which, banks appear to vary when it comes to compensation. Cobalt has been connected to the theft of millions of dollars from financial institutions worldwide and is believed to have caused over €1bn in damages. Despite the arrest of the APT's suspected leader this year, the group shows no sign of stopping. Arrests of suspected Gold Kingswood operators in March 2018 did not deter the threat group's campaigns, likely due to its vast network of resources," CTU says. "[We] expect Gold Kingswood's operations and toolset to continue to evolve, and financial organizations of all sizes and geographies could be exposed to threats from this group."
Facebook reports that 120 million accounts were hacked with Facebook’s data’s, a part of it. Facebook later claimed that those allegations were false and it had taken steps to prevent hacks. Hackers offered to sell 10 cents per account with data’s from UK, US, Brazil and elsewhere. Guy Rosen, Facebook executive said that malicious extensions have been removed from their site. Breach 1st came to light in September after a post from FB Saler appeared on English-language internet forum. Cyber security company Digital shadows said that over 81,000 profiles that contained private data’s were posted online.With BBC Russian service contacting the 5 Russian victimized FB users and confirming it to be theirs.There were also hosted personal data’s like talks between son in law and mother in law, chats between 2 lovers in St Petersburg whose IP address was later flagged by the Cybercrime Tracker service. Various applications are from various browsers like Chrome, Opera, Firefox as third party extensions. Cyber experts said that if rogue extensions were the cause, then the responsibility weighs over the developers. John Smith, an Anonymous source said that 2.7 million were of Digital Shadows said BBC that this claim was suspicious. Russian users out of 120 million and he revealed that information had nothing to do with Data leak. John Smith didn’t advertise his services and when asked if the leaks were linked to Russian state or to the Internet Research Agency, with a grin he replied 'No'.
Presented on oct 2018, Repercussions-$882 M lost on exchange of cryptocurrency
As per the reports of Moscow based cybersecurity firm group-IB analysis, $882 million damages have been inflicted over two years during the exchange of cryptocurrency. The tally is likely to proliferate in the upcoming years due to the extravagant quantity of attention drawn towards cryptocurrency exchanges as well the initial coin offerings from various veteran Russian hacking groups such as Cobalt, Silence, MoneyTaker and the Lazarus group from North Korea. The number of targeted attacks on crypto exchanges will be elevated by 2019 with cryptocurrency exchanges showing certainty in being the latest target for most aggressive hacker groups usually attacking banks, writes GROUP-IB.
According to The Information, Instagram has suffered a serious security leak of its own that could've exposed user's passwords. While Facebook recently had a much more serious problem linked to its "View As" tool that was being actively exploited by someone, the Instagram issue is linked to its tool that allows users to download a copy of their data. Facebook notified the affected Instagram users that when they utilized the feature, it sent their password in plain text in the URL. For some reason, these passwords were also stored on Facebook's servers, however the notification said that data has been deleted and the tool was updated so it won't happen now. In a statement to The Information, a spokesperson said the issue only impacted a "small number of people" although if those people were using a shared computer, or on a compromised network then it could've left their account info wide open. If you haven't been notified then your account apparently was unaffected, but it's still a troubling gap left in the hole of security, especially on something as important as passwords. While everyone should be using unique password managers for every site and service (if you need a password manager to keep up with them, then that's the way to go, meanwhile you can enable two-factor authentication on Instagram as described here), not everyone does and so an exposure of this kind is just another troubling episode to hit Facebook.
A Notorious hacker group broke into the servers of music-streaming service Vevo, releasing more than 3 terabytes of internal documents and video content online — before removing them later Friday morning at Vevo’s request. The purloined cache, posted by hacking and security collective OurMine, included videos, a batch of documents labelled “premieres,” as well as marketing info, international social-media documents, and other internal files, as first reported by tech site Gizmodo. Vevo confirmed the hack, which it said was the result of a phishing scam via LinkedIn. “We have addressed the issue and are investigating the extent of exposure,” a Vevo rep said in an emailed statement. OurMine, in a post on its site, claimed it leaked the Vevo files late Thursday after an exchange with a Vevo employee who — upon being informed of the hack — allegedly told the hackers, “F— off, you don’t have anything. In an update, OurMine said that “We deleted the files because of a request from VEVO.
Researchers at cyber security company ESET discovered that a Javascript plugin was compromised through the injection of malicious scripts meant for targeting cryptocurrency exchanges. If detected, a second script replaced the victims bitcoin addresses with the ones used by attackers. Total losses of this attacks are unknown. Malicious injection of Java scripts through 3rd parties have been used to extract payment card data's through another technique, named as “Magecart”
The personal data of 5,400 customers of AXA Insurance in Singapore has been stolen due to a cyber attack. The life insurance firm sent out an email to most affected customers on Thursday (Sept 7), notifying them of the data breach..In the e-mail, AXA's data protection officer Eric Lelyon said: "We wish to inform you that because of a recent cyber attack, personal data belonging to about 5,400 of our customers, past and present, on our Health Portal was compromised."In particular, their email address, mobile number and date of birth were exposed. The firm said that no other personal data - including name, NRIC number, address, credit card or bank details, health status, claims history or marital status - was leaked.CEO assured customers that the firm's Health Portal "is now secure".No financial or health data was compromised."Mr Drouffe also said that the compromised data, by themselves, will not result in identity theft. Customers are, however, advised to be vigilant against phishing, most commonly via e-mail, to trick victims into disclosing their credentials
Presented on oct 2018, Repercussions-62 Million fine on tesco bank website-www.healthcare.gov
“Shopper Approved”- an ecommerce service based company that enables sites to gather local, merchant and product reviews, located in Ogden, Utah is cited as the latest scapegoat to in the hackers abattoir. Magecart attack was confirmed by “Shopper Approved” saying it first acknowledged about the potential incident from the security firm RISKIQ, on the 17th of September. "Fortunately, we were able to quickly detect and secure the code related to the incident. We also put additional security measures in place to help ensure that this doesn't happen again," Scott Brandley, CEO of Shopper Approved, says in a security alert on the company's website. "After a thorough investigation, we were able to determine that only a very small percentage of our clients were involved and we have already reached out to those clients directly in an effort to help them remediate any issues."
The repository contained a massive amount of sensitive information and researchers estimate It would take weeks to fully sort through all of the data. The most potentially damaging discovery was the fact that it contained internal development information such as SQL database dumps code with access credentials, access logs and more. These are all things that should not be publically available online. The two repositories contained thousands and thousands of records and reports for a number of Broadsoft clients with Time Warner Cable (TWC) appearing to be the most prominent and including applications like Phone 2 Go, TWC app, WFF etc. Much of the internal development data apparently saved by Broadsoft. For example “User Profile Dump, 07-07-2017” text file contains more than 4 million records, spanning the time period 11-26-2010 – 0707-2017, with Transaction ID, usernames, Mac addresses, Serial Numbers, Account Numbers, Service, Category details, and more. Other databases also have billing addresses, phone numbers etc. for hundreds of thousands of TWC customers.
The TCM Bank, a limited-purpose credit card bank wholly owned by ICBA Bancard, revealed recently that a website misconfiguration by the third party has leaked personal information of credit card applicants for 16 months. The victims are those who have applied in between March 2017 – July 2018, which is the time period the breach had hit the bank. The breach has exposed the applicants’ names, addresses, DOBs and social security numbers. The data revealed that only less than 10,000 applicants were victims among the whole of the applicants. It was less than 25% of the applications we processed during the relevant time period that were potentially affected, and less than one percent of our cardholder base was affected here.
Presented on oct 2018, Repercussions-9 million customers personal details exposed on Cathay Pacific Airways, website- www.cathaypacific.com
Airline Cathay pacific is the newest acclaimed brand to suffer a catastrophic data breach, after unleashing the startling fact that the data’s of 9.4 million passengers might be stolen.
On Wednesday the firm claimed that they figured out the unauthorized access to the IT systems sustaining a wide range of sensitive personal information, both for its customers as well of its business unit Hong Kong Dragon Airlines.The various personal data’s that got affected were passenger name, nationality, date of birth, phone number, email, address, passport number, Hong Kong identity card number, frequent flyer program membership number, customer service remarks and historic travel information.However, the number of expired card numbers were 403 and the number of credit card numbers with no of CVV exposed in the breach was 27. There’s no other info available on how the incident may have occurred, but the airline is atrophied by apathy and chilled in giving a reply by saying “there’s no evidence of data being misused at this point”. “We apologize for any tragic repercussions this data security event may cause our passengers. We responded instantly to contain the event, set up a thorough investigation with the assistance of a leading cybersecurity firm for further strengthening our IT security measures,” said CEO, Rupert Hogg.
4 bogus crypto-currency wallets were found through apps for NEO, Tether, Ethereum and Metamask on Google Play Store which tried to users personal data’s, reports an unanimous Blog. Those apps were intentionally initiated for phishing attacks. These wallets were distinguished into two as a “phishing wallet” (MetaMask) and as “Fake wallets” (other 3) by Stefanko.Stefanko in a video illustrated that “Fake Wallets” noted the example of fake NEO app “Neo wallet”, with over 1000 installs in it since October. The fake crypto wallets didn’t create a new wallet but displayed the attackers public address. These apps for development used Drag-n-Drop builder service, which means anyone can develop s trivial app for stealing data’s, reports Stefanko stating later that he even reported the fake apps to Google security team, with those wallets eventually being removed post acknowledgement. Coin-telegraph have reported that scammers compromised Google’s G suite and have reportedly spread an enticed message to stimulate users for participating in an illegitimate 10,000 Bitcoins takeaway.