Recent Comments



    Archive for Security Breeches

    Microsoft reveals hackers accessed some accounts for months

    April 14th, 2019 by

    Microsoft reveals hackers accessed some accounts for months

    “Microsoft has started notifying some users that a hacker was able to access accounts for months earlier this year. The software giant discovered that a support agent’s credentials were compromised for its web mail service, allowing unauthorized access to some accounts between January 1st and March 28th, 2019. Microsoft says the hackers could have viewed account email addresses, folder names, and subject lines of emails, but not the content of emails or attachments.”

    Posted in Identity Theft, Security Breeches | No Comments »

    Yet another breach: Buca di Beppo

    March 30th, 2019 by

    Once more a malware installed on Point of Sale terminals…

    A Month After 2 Million Customer Cards Sold Online, Buca di Beppo Parent Admits Breach

    Posted in Identity Theft, Malware, Security Breeches | No Comments »

    Multi-Factor Bypassed (Office 365 and G Suite)?

    March 16th, 2019 by

    Multi-Factor Auth Bypassed in Office 365 and G Suite IMAP Attacks

    “Massive IMAP-based password-spraying attacks successfully breached Microsoft Office 365 and G Suite accounts, circumventing multi-factor authentication (MFA) according to an analysis by Proofpoint.

    This technique takes advantage of the fact that the legacy authentication IMAP protocol bypasses MFA, allowing malicious actors to perform credential stuffing attacks against assets that would have been otherwise protected.”

    Posted in Security Breeches | No Comments »

    TurboTax Tax Returns Exposed

    February 23rd, 2019 by

    Tax Returns Exposed in TurboTax Credential Stuffing Attacks

    “Financial software company Intuit discovered that tax return info was accessed by an unauthorized party after an undisclosed number of TurboTax tax preparation software accounts were breached in a credential stuffing attack.”

    Posted in Identity Theft, Security Breeches | No Comments »

    Big FaceTime bug! Caller can snoop without permission

    January 29th, 2019 by

    Bug Lets Callers Snoop On You Without Permission

    “A serious Apple iOS bug has been discovered that allows FaceTime users to access the microphone and front facing camera of who they are calling even if the person does not answer the call.”

    Suggestion is to disable FaceTime until a patch is released later this week.

    Posted in Security Breeches, Smart Phones | No Comments »

    DNS Infrastructure Hijacking Campaign

    January 25th, 2019 by

    Alert (AA19-024A) DNS Infrastructure Hijacking Campaign

    “The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a global Domain Name System (DNS) infrastructure hijacking campaign. Using compromised credentials, an attacker can modify the location to which an organization’s domain name resources resolve. This enables the attacker to redirect user traffic to attacker-controlled infrastructure and obtain valid encryption certificates for an organization’s domain names, enabling man-in-the-middle attacks.”

    Posted in Malware, Scams, Security Breeches | No Comments »

    Marriott reveals data breach affecting 500 million hotel guests

    January 20th, 2019 by

    Marriott reveals data breach affecting 500 million hotel guests

    “International hotel chain Marriott announced today a security breach during which the personal details of 500 million hotel guests was stolen.

    The breach happened in 2014, but Marriott says it became aware of it on September 10, two days after its staff spotted an alert from an internal security tool about an attempt to access the Starwood guest reservation database in the United States.”

    Posted in Security Breeches | No Comments »

    WiFi firmware bug affects laptops, smartphones, routers, gaming devices

    January 20th, 2019 by

    WiFi firmware bug affects laptops, smartphones, routers, gaming devices

    List of impacted devices includes PS4, Xbox One, Samsung Chromebooks, and Microsoft Surface devices.

    Posted in Malware, Security Breeches | No Comments »

    Q&A Site “Quora” exposed 100 Million accounts

    December 5th, 2018 by

    100 Million Quora users affected by massive data breach

    Have you noticed that the latest breeches tend to be 100 Million Plus? Anyway, if you use the site, be sure to change the password and any other sites that are linked (e.g., social networks).

    Quora Security Update

    For approximately 100 million Quora users, the following information may have been compromised:

    • Account information, e.g. name, email address, encrypted password (hashed using bcrypt with a salt that varies for each user), data imported from linked networks when authorized by users
    • Public content and actions, e.g. questions, answers, comments, upvotes
    • Non-public content and actions, e.g. answer requests, downvotes, direct messages (note that a low percentage of Quora users have sent or received such messages)

    Questions and answers that were written anonymously are not affected by this breach as we do not store the identities of people who post anonymous content.

    The overwhelming majority of the content accessed was already public on Quora, but the compromise of account and other private information is serious.

    Posted in Identity Theft, Security Breeches | No Comments »

    Jared & Kay Jewelers left customer data exposed

    December 3rd, 2018 by

    Jared, Kay Jewelers Parent Fixes Data Leak

    “The parent firm of bling retailers Jared and Kay Jewelers has fixed a bug in the Web sites of both companies that exposed the order information for all of their online customers.”

    It apparently does not affect other retailers owned by Signet Jewelers (like Zales and Piercing Pagoda).

    Posted in Identity Theft, Security Breeches | No Comments »

    « Previous Entries