Recent Comments

    Blogroll

    Search

    Archive for Security Breeches

    Quest Diagnostics Clients Exposed

    June 4th, 2019 by

    Billing Details for 11.9M Quest Diagnostics Clients Exposed

    Quest Diagnostics Incorporated, a Fortune 500 diagnostic services provider, says that approximately 12 million of its clients may have been impacted by a data breach reported by one of its billing providers.

    The company reported to the U.S. Securities and Exchange Commission (SEC) that it received a notification from its billing collection provider American Medical Collection Agency (AMCA) that their web payment page was breached.

    Posted in Security Breeches | No Comments »

    Yet Another Massive data breech – this time it’s First American Financial!

    May 25th, 2019 by

    First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records

    “The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. [NYSE:FAF] leaked hundreds of millions of documents related to mortgage deals going back to 2003, until notified this week by KrebsOnSecurity. The digitized records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images — were available without authentication to anyone with a Web browser.”

    Posted in Security Breeches | No Comments »

    Microsoft reveals hackers accessed some Outlook.com accounts for months

    April 14th, 2019 by

    Microsoft reveals hackers accessed some Outlook.com accounts for months

    “Microsoft has started notifying some Outlook.com users that a hacker was able to access accounts for months earlier this year. The software giant discovered that a support agent’s credentials were compromised for its web mail service, allowing unauthorized access to some accounts between January 1st and March 28th, 2019. Microsoft says the hackers could have viewed account email addresses, folder names, and subject lines of emails, but not the content of emails or attachments.”

    Posted in Identity Theft, Security Breeches | No Comments »

    Yet another breach: Buca di Beppo

    March 30th, 2019 by

    Once more a malware installed on Point of Sale terminals…

    A Month After 2 Million Customer Cards Sold Online, Buca di Beppo Parent Admits Breach

    Posted in Identity Theft, Malware, Security Breeches | No Comments »

    Multi-Factor Bypassed (Office 365 and G Suite)?

    March 16th, 2019 by

    Multi-Factor Auth Bypassed in Office 365 and G Suite IMAP Attacks

    “Massive IMAP-based password-spraying attacks successfully breached Microsoft Office 365 and G Suite accounts, circumventing multi-factor authentication (MFA) according to an analysis by Proofpoint.

    This technique takes advantage of the fact that the legacy authentication IMAP protocol bypasses MFA, allowing malicious actors to perform credential stuffing attacks against assets that would have been otherwise protected.”

    Posted in Security Breeches | No Comments »

    TurboTax Tax Returns Exposed

    February 23rd, 2019 by

    Tax Returns Exposed in TurboTax Credential Stuffing Attacks

    “Financial software company Intuit discovered that tax return info was accessed by an unauthorized party after an undisclosed number of TurboTax tax preparation software accounts were breached in a credential stuffing attack.”

    Posted in Identity Theft, Security Breeches | No Comments »

    Big FaceTime bug! Caller can snoop without permission

    January 29th, 2019 by

    Bug Lets Callers Snoop On You Without Permission

    “A serious Apple iOS bug has been discovered that allows FaceTime users to access the microphone and front facing camera of who they are calling even if the person does not answer the call.”

    Suggestion is to disable FaceTime until a patch is released later this week.

    Posted in Security Breeches, Smart Phones | No Comments »

    DNS Infrastructure Hijacking Campaign

    January 25th, 2019 by

    Alert (AA19-024A) DNS Infrastructure Hijacking Campaign

    “The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a global Domain Name System (DNS) infrastructure hijacking campaign. Using compromised credentials, an attacker can modify the location to which an organization’s domain name resources resolve. This enables the attacker to redirect user traffic to attacker-controlled infrastructure and obtain valid encryption certificates for an organization’s domain names, enabling man-in-the-middle attacks.”

    Posted in Malware, Scams, Security Breeches | No Comments »

    Marriott reveals data breach affecting 500 million hotel guests

    January 20th, 2019 by

    Marriott reveals data breach affecting 500 million hotel guests

    “International hotel chain Marriott announced today a security breach during which the personal details of 500 million hotel guests was stolen.

    The breach happened in 2014, but Marriott says it became aware of it on September 10, two days after its staff spotted an alert from an internal security tool about an attempt to access the Starwood guest reservation database in the United States.”

    Posted in Security Breeches | No Comments »

    WiFi firmware bug affects laptops, smartphones, routers, gaming devices

    January 20th, 2019 by

    WiFi firmware bug affects laptops, smartphones, routers, gaming devices

    List of impacted devices includes PS4, Xbox One, Samsung Chromebooks, and Microsoft Surface devices.

    Posted in Malware, Security Breeches | No Comments »

    « Previous Entries