Thursday, October 19, 2017

Update.
Equifax Hack: Keep Your Friends Close, but Your Supply Chain Closer
After more than 145 million customer records were compromised in the Equifax data breach, the company’s stock plummeted by more than 30 percent. That amounted to market capitalization losses north of $5 billion. The hack was one of the largest in history, and the records stolen included Social Security and driver’s license numbers.
And yet, that could be just a drop in the bucket compared to the fallout yet to come. It wasn’t just Equifax that was hacked. Suppliers to Equifax may also be at risk of compromise, which could expose the information of millions of more customers.
For instance, both Visa and MasterCard recently sent alerts to banks notifying them about 200,000 credit cards that may have also been compromised. Indeed, there’s been a spike in attempted credit card fraud this August, with a 15 percent increase year-over-year.
Visa and MasterCard – which both explicitly blamed Equifax – may be the first of many companies to come forward with statements that their data was also compromised in the Equifax data breach. Any company that has interacted with Equifax is at risk.
The risk that companies inherit from their suppliers is a pervasive problem for cyber security. Dynamic supply chains are a necessity in today’s fast-paced business environment, but every new supplier expands a company’s threat surface.




Investigators found the source before the company noticed?
Bill Cooke reports:
With the help of self-professed “data and crypto addict” Flash Gordon, iAfrikan CEO Tefo Mohapi connected the leak to GoVault.
GoVault is a platform operated by Dracore, and is billed as a “goldmine of information” which offers access to the contact details of South African consumers and homeowners.
Read more on GearsofBiz. @s7nsins (aka “Flash Gordon”) had informed DataBreaches.net of this leak, and is not surprised to read how he helped others try to track down the source of the leak. He is one of a number of dedicated researchers who scour the net to see what can be viewed that shouldn’t be viewable.


(Related)
Questions about the Massive South African "Master Deeds" Data Breach Answered


(Related). Same thing, different country?
VIJANDREN reports:
This is not looking good. Late yesterday, we received a tip off that someone was selling huge databases of personal details belonging to Malaysians on Lowyat Forums.
While we did brush it off as just another scammer looking to make a quick buck at first, we decided to dig a little further and discovered that this could be one of the biggest data breaches ever in Malaysian history.
What is up for sale – for an undisclosed amount in bitcoin is millions of personal data of Malaysians belonging to Jobstreet.com, the Malaysian Medical Council, the Malaysian Medical Association, Academy of Medicine Malaysia, the Malaysian Housing Loan Applications, the Malaysian Dental Association and the National Specialist Register of Malaysia.
Thats not all, the mother load however is customer data from a huge list of Malaysian Telcos, that include Altel, Celcom, DiGi, Enabling Asia, Friendimobile, Maxis, MerchantTradeAsia, PLDT, RedTone, TuneTalk, Umobile and XOX.
Read more on lowyat.net.




Some breach analysis.
You can access their report here. Once again, we saw insider wrongdoing breaches taking a long time to discover. Hacking accounted for 50% of the 46 breaches we recorded for the month, and eight of the hacks also involved extortion demands. If you’re thinking, “That sounds like TheDarkOverlord,” give yourself a pat on the back. Yes, the 8 extortion-hacks were all by TheDarkOverlord.
You can find information on many of the 46 incidents disclosed in September by searching this site.




How should Twitter be penalized? (It’s not really a problem until everyone agrees it’s a problem?) It’s hard to accept anyone would believe some of these stories.
Twitter Was Warned Repeatedly About This Fake Account Run By A Russian Troll Farm And Refused To Take It Down
Twitter took 11 months to close a Russian troll account that claimed to speak for the Tennessee Republican Party even after that state's real GOP notified the social media company that the account was a fake.
The account, @TEN_GOP, was enormously popular, amassing at least 136,000 followers between its creation in November 2015 and when Twitter shut it down in August, according to a snapshot of the account captured by the Internet Archive just before the account was "permanently suspended."




For my Computer Security students.
CRS Report – Dark Web
by Sabrina I. Pacifici on Oct 18, 2017
Dark Web, Kristin Finklea, Specialist in Domestic Security. March 10, 2017. via FAS
“The layers of the Internet go far beyond the surface content that many can easily access in their daily searches. The other content is that of the Deep Web, content that has not been indexed by traditional search engines such as Google. The furthest corners of the Deep Web, segments known as the Dark Web, contain content that has been intentionally concealed. The Dark Web may be used for legitimate purposes as well as to conceal criminal or otherwise malicious activities. It is the exploitation of the Dark Web for illegal practices that has garnered the interest of officials and policymakers. Individuals can access the Dark Web by using special software such as Tor (short for The Onion Router). Tor relies upon a network of volunteer computers to route users’ web traffic through a series of other users’ computers such that the traffic cannot be traced to the original user. Some developers have created tools—such as Tor2web—that may allow individuals access to Tor- hosted content without downloading and installing the Tor software, though accessing the Dark Web through these means does not anonymize activity. Once on the Dark Web, users often navigate it through directories such as the “Hidden Wiki,” which organizes sites by category, similar to Wikipedia. Individuals can also search the Dark Web with search engines, which may be broad, searching across the Deep Web, or more specific, searching for contraband like illicit drugs, guns, or counterfeit money. While on the Dark Web, individuals may communicate through means such as secure email, web chats, or personal messaging hosted on Tor. Though tools such as Tor aim to anonymize content and activity, researchers and security experts are constantly developing means by which certain hidden services or individuals could be identified or “deanonymized.”…”




How do you control a “major threat?” Probably not by automating waivers.
Onward and Skyward! FAA Launches Automated Drone Approval Process
The Federal Aviation Administration (FAA) has approved a fast-track, automated approval process that allows commercial drone operators instant access to controlled airspace. The move helps reduce wait times to seconds for businesses, which previously had to seek approval over a months-long process.
… "Based on customer feedback, we know most of their jobs are in controlled airspace [Somehow, I doubt that. Bob] and getting access to fly in these areas is one of their largest business pain points," Mariah Scott, co-president of Skyward, said in a statement. "Operators have had to wait 60 to 90 days to receive authorization under the existing system. Now, with Skyward and LAANC, enterprises can get approval to fly in just two clicks. With this hurdle gone, we can expect to see substantial adoption of drone technology at the enterprise level."




My spreadsheet class is small, so I can show them lots of tricks that are “outside the textbook.”
Charts help shorten the decision-making process, as we can immediately see our results and where we need to make changes. The difficulty in handling data and charting is that you constantly have to go back to the chart and update it for new data.
Well, no more! I’m going to show you three easy steps to creating charts in Excel that self-update. All you’ll have to do is add data to the spreadsheet, and the chart will automatically graph it. You won’t have to depend on others to manipulate or mess up the chart, and you won’t have to do all that extra work either. You don’t need any Visual Basic skills, but you do need to understand the basic fundamentals of Excel charts.


No comments: