1.
Data breach exposes 10M health
records from New York insurer, "More than 10 million records were exposed in a data breach of
health insurer Excellus BlueCross BlueShield and a partner company. Excellus
revealed the breach on Wednesday, telling customers they would receive
identity-monitoring services and that the FBI is investigating the crime. The
records included Social Security numbers and other identifying information, as
well as claims members made to pay for medical care." That's only a fraction
of the size of a similar hack earlier this year, but it raises the question, "Again?" This blog for the week
of May 18th had reported that breach of 1.1M records.
2.
Britain’s Largest Bank And Insurer
Admit to Massive Data Theft. Website of RSA (Royal Insurance and Sun Alliance) had the following
update - A storage device that contained information about some of our
customers is missing and has been reported as stolen. The privacy and security
of our customers’ personal information is a top priority for RSA. We value the
trust our customers place in us to keep their personal information secure and
we regret the concern that this loss may cause. We’re making available two
years of identity protection to anyone affected by this incident as well as
providing more information on this site on how to protect your personal
information.
3.
When
hackers swiped an estimated 37 million
accounts associated with AshleyMadison.com, a site which helps married
people cheat on their partners, there was a rush to find out what had been
stolen. A month after the breach was reported, hackers released the first cache
of stolen data and the list of the worst passwords in the Ashley Madison breach
just got longer -- and a lot more depressing. '123456', '12345', 'password', 'default', '123456789' are the top five
passwords.
4.
Researcher discloses zero-day vulnerability
in FireEye
"Last week, Kristian Erik Hermansen of a German firm ERNW, disclosed a
zero-day vulnerability in FireEye's core product, which if exploited, results
in unauthorized file disclosure. As proof, he also posted a brief example of
how to trigger the vulnerability and a copy of the /etc/passwd file. What's
more, he claimed to have had three other vulnerabilities, and said they were
for sale." FireEye responded to this by releasing patches for all the
vulnerabilities but not before issuing an Injunction to the researcher -
refraining him from going public and in the process facing significant wrath
from the internet community for stifling
not only free speech but the ability to warn and educate their customers.
5.
Websense Security Labs identified a
rising trend in bold, well-researched, targeted fraud attacks using typo-squatting and false headers as their primary
gambit. Since then, these fraudulent attacks have continued, logging immense
gains in both volume and success: the FBI’s Internet Crime Complaint Center
(IC3) reports a 270% increase in identified victims and dollar losses since
January. Typo-squatting is a technique in which the hacker registers a fake domain
with only one character’s difference to the target domain or feature transposed
characters. Most often hackers exploit these domains - within hours of
registration and according the IC3, the money trail takes several hops around
the world, but primarily ends up in Asian banks (specifically mainland China
and Hong Kong).
6.
Mozilla admitted last week that its
Bugzilla bug tracking system was breached by an attacker, who was then able to get access to
information about unpatched zero-day bugs. According to Mozilla, the attacker
was able to breach a user's account that had privileged access to Bugzilla,
including the non-public zero-day flaw information. As far as Mozilla has been
able to determine at this time, the attacker accessed approximately 185 bugs
that were non-public. Of those bugs, Mozilla considered 53 to be severe vulnerabilities.
7.
DOE Hacked 159 Times From 2010 To
2014, Report Says.
It's no surprise that the US Department of Energy (DOE) is a major target for cyber-attacks,
but new data shows just how often the agency gets hit, the agency reported
1,131 attack attempts during a 48-month period, of which 159 were
"successful," the publication reports.
8.
Over two months after Italian
surveillance software maker Hacking Team had its internal data leaked by
hackers, vendors
are apparently still fixing zero-day exploits from the company's arsenal. On
Tuesday (Patch Tuesday), Microsoft
published 12 security bulletins covering 56 vulnerabilities in the new Edge
browser, Internet Explorer, Windows, Office, Skype for Business, .NET Framework
and some of its other software products.
9.
"The New York Times on Monday
reported that Apple was served a court order by the Justice Department this summer over an
investigation involving drug and gun crime, demanding it provide real time
access to text messages sent between suspects using iPhones. Apple reportedly
said its iMessage system was
encrypted and, as a result, it couldn't comply with the order. Consequently,
the company can't provide the same interception capabilities to law enforcement
officials under US wiretap laws as telecoms operators can."
10. Digital India and ‘Make in India’ are two initiatives launched by the
Government of India.
According to Avinash Kadam (Advisor, ISACA India) - these initiatives would
succeed only if the industries and enterprises prosper. The industries and
enterprise would prosper only if they take care of the 4 Ms of manufacturing
(Man, Machine, Material and Method) and now, most importantly, the cyber security.
2014 – 783 Breaches – 80 Million records.
2015 (till 8th Sep 2015) – 541 Breaches – 140 Million
records.
Excellent Compilation, Mr Ajay.
ReplyDeletethanks Gotuam
Delete