Update.
Equifax
Hack: Keep Your Friends Close, but Your Supply Chain Closer
After
more than 145 million customer records were compromised in the
Equifax data breach, the company’s stock plummeted by more than 30
percent. That amounted to market capitalization losses
north of $5 billion. The hack was one of the largest in history, and
the records stolen included Social Security and driver’s license
numbers.
And
yet, that could be just a drop in the bucket compared to the fallout
yet to come. It wasn’t just Equifax that was hacked. Suppliers to
Equifax may also be at risk of compromise, which could expose the
information of millions of more customers.
For
instance, both Visa and MasterCard recently sent alerts to banks
notifying them about 200,000
credit cards that may have also been compromised. Indeed,
there’s been a spike in attempted credit card fraud this August,
with a 15 percent increase year-over-year.
… Visa
and MasterCard – which both explicitly blamed Equifax – may be
the first of many companies to come forward with statements that
their data was also compromised in the Equifax data breach. Any
company that has interacted with Equifax is at risk.
The
risk that companies inherit from their suppliers is a pervasive
problem for cyber security. Dynamic supply chains are a necessity in
today’s fast-paced business environment, but every new supplier
expands a company’s threat surface.
Investigators
found the source before the company noticed?
Bill Cooke
reports:
With the help of self-professed “data and crypto addict” Flash Gordon, iAfrikan CEO Tefo Mohapi connected the leak to GoVault.
GoVault is a platform operated by Dracore, and is billed as a “goldmine of information” which offers access to the contact details of South African consumers and homeowners.
Read more on GearsofBiz.
@s7nsins (aka “Flash Gordon”) had informed DataBreaches.net of
this leak, and is not surprised to read how he helped others try to
track down the source of the leak. He is one of a number of
dedicated researchers who scour the net to see what can be viewed
that shouldn’t be viewable.
(Related)
Questions
about the Massive South African "Master Deeds" Data Breach
Answered
(Related). Same thing, different country?
VIJANDREN reports:
This is not looking good. Late yesterday, we received a tip off that someone was selling huge databases of personal details belonging to Malaysians on Lowyat Forums.
While we did brush it off as just another scammer looking to make a quick buck at first, we decided to dig a little further and discovered that this could be one of the biggest data breaches ever in Malaysian history.
What is up for sale – for an undisclosed amount in bitcoin is millions of personal data of Malaysians belonging to Jobstreet.com, the Malaysian Medical Council, the Malaysian Medical Association, Academy of Medicine Malaysia, the Malaysian Housing Loan Applications, the Malaysian Dental Association and the National Specialist Register of Malaysia.
Thats not all, the mother load however is customer data from a huge list of Malaysian Telcos, that include Altel, Celcom, DiGi, Enabling Asia, Friendimobile, Maxis, MerchantTradeAsia, PLDT, RedTone, TuneTalk, Umobile and XOX.
Read more on lowyat.net.
Some breach analysis.
You can access their report here.
Once again, we saw insider wrongdoing breaches taking a long time to
discover. Hacking accounted for 50% of the 46 breaches we recorded
for the month, and eight of the hacks also involved extortion
demands. If you’re thinking, “That sounds like TheDarkOverlord,”
give yourself a pat on the back. Yes, the 8 extortion-hacks were all
by TheDarkOverlord.
You can find information on many of the 46
incidents disclosed in September by searching this site.
How should Twitter be penalized? (It’s not
really a problem until everyone agrees it’s a problem?) It’s
hard to accept anyone would believe some of these stories.
Twitter Was
Warned Repeatedly About This Fake Account Run By A Russian Troll Farm
And Refused To Take It Down
Twitter took 11 months to close a Russian troll
account that claimed to speak for the Tennessee Republican Party even
after that state's real GOP notified the social media company that
the account was a fake.
The account, @TEN_GOP, was enormously popular,
amassing at least 136,000 followers between its creation in November
2015 and when Twitter shut it down in August, according to a snapshot
of the account captured by the Internet
Archive just before the account was "permanently suspended."
For my
Computer Security students.
CRS Report
– Dark Web
by Sabrina
I. Pacifici on Oct 18, 2017
Dark
Web, Kristin Finklea, Specialist in Domestic Security.
March 10, 2017. via FAS
“The layers of the Internet go far beyond the
surface content that many can easily access in their daily searches.
The other content is that of the Deep Web, content that has not been
indexed by traditional search engines such as Google. The furthest
corners of the Deep Web, segments known as the Dark Web, contain
content that has been intentionally concealed. The Dark Web may be
used for legitimate purposes as well as to conceal criminal or
otherwise malicious activities. It is the exploitation of the Dark
Web for illegal practices that has garnered the interest of officials
and policymakers. Individuals can access the Dark Web by using
special software such as Tor (short for The Onion Router). Tor
relies upon a network of volunteer computers to route users’ web
traffic through a series of other users’ computers such that the
traffic cannot be traced to the original user. Some developers have
created tools—such as Tor2web—that may allow individuals access
to Tor- hosted content without downloading and installing the Tor
software, though accessing the Dark Web through these means does not
anonymize activity. Once on the Dark Web, users often navigate it
through directories such as the “Hidden Wiki,” which organizes
sites by category, similar to Wikipedia. Individuals can also search
the Dark Web with search engines, which may be broad, searching
across the Deep Web, or more specific, searching for contraband like
illicit drugs, guns, or counterfeit money. While on the Dark Web,
individuals may communicate through means such as secure email, web
chats, or personal messaging hosted on Tor. Though tools such as Tor
aim to anonymize content and activity, researchers and security
experts are constantly developing means by which certain hidden
services or individuals could be identified or “deanonymized.”…”
How do you control a “major threat?” Probably
not by automating waivers.
Onward and
Skyward! FAA Launches Automated Drone Approval Process
The Federal Aviation Administration (FAA) has
approved a fast-track, automated approval process that allows
commercial drone operators instant
access to controlled airspace. The move helps reduce wait
times to seconds for businesses, which previously had to seek
approval over a months-long process.
… "Based on customer feedback, we know
most of their jobs are in
controlled airspace [Somehow,
I doubt that. Bob] and getting access to fly in these
areas is one of their largest business pain points," Mariah
Scott, co-president of Skyward, said
in a statement. "Operators have had to wait 60 to 90 days
to receive authorization under the existing system. Now, with
Skyward and LAANC, enterprises can get approval to fly in just two
clicks. With this hurdle gone, we can expect to see substantial
adoption of drone technology at the enterprise level."
My spreadsheet class is small, so I can show them
lots of tricks that are “outside the textbook.”
Charts help shorten the decision-making process,
as we can immediately see our results and where we need to make
changes. The difficulty in handling data and charting is that you
constantly have to go back to the chart and update it for new data.
Well, no more! I’m going to show you three easy
steps to creating charts in Excel that self-update. All you’ll
have to do is add data to the spreadsheet, and the chart will
automatically graph it. You won’t have to depend on others to
manipulate or mess up the chart, and you won’t have to do all that
extra work either. You don’t need any Visual Basic skills, but you
do need to understand the basic fundamentals of Excel charts.
No comments:
Post a Comment