Round Up of Major Breaches and Scams
Gov. Asa Hutchinson said he learned Friday evening that an applicant for the program is believed to have somehow accessed the system, prompting an investigation of a possible data breach. The probe will determine if any personal data from applicants was obtained. If any individuals had their data compromised, they will be notified and steps will be taken to address the situation, including possible credit monitoring, Hutchinson said.
PsyGenics, Inc. is providing notice of an incident that may affect the security of certain PsyGenics customers. While PsyGenics is unaware of any attempted or actual misuse of this information, notice is being provided to potentially affected individuals, as well as certain federal regulators.
Denial-of-service (DoS) attacks have spiked over the past year, while cyber-espionage campaigns have spiraled downwards. That’s according to Verizon’s 2020 Data Breach Investigations Report (DBIR) released Tuesday, which analyzed 32,002 security incidents and 3,950 data breaches across 16 industry verticals.
US and foreign government officials say that an attack last week on an Iranian port facility appears to have originated with Israel, The Washington Post reported on Monday. The attack on May 9 targeted the shipping traffic at Iran’s Shahid Rajaee port terminal. Computers that regulate the flow of vessels, trucks and goods all crashed at once, creating massive backups on waterways and roads leading to the facility.
The personal details of nine million customers of budget airline EasyJet have been accessed by hackers in what the budget airline is describing as a “highly sophisticated attack.” The email addresses and travel details of nine million passengers are thought to have been accessed by the hackers, as well as the credit card details of 2,208 customers.
Data breaches in the European Union are subject to a law named the General Data Protection Regulation (GDPR). While usually, you have firms that would comply with them seeing the power of the regulatory authorities and hefty fines, what happens when those that are the lawmakers get caught under the grasp of the act in itself?
Round Up of Major Malware and Ransomware Incidents
A card-skimming Magecart malware infection lingered on a British outdoor clothing retailer’s website without detection for nearly eight months despite regular security scans. London-based Páramo told customers last week that it had discovered a “small piece of computer code covertly installed within our website”.
Palo Alto Networks Unit 42 researchers observed both the Mirai and Hoaxcalls botnets using an exploit for a post-authentication Remote Code Execution vulnerability in legacy Symantec Web Gateways 184.108.40.206.
Round Up of Major Vulnerabilities and Patches
The FBI says hackers are exploiting a three-year-old vulnerability in a Magento plugin to take over online stores and plant a malicious script that records and steals buyers’ payment card data. This type of attack is known as web skimming, e-skimming, or Magecart, and the FBI previously warned about a rise in attacks in October, last year.
Academics from École Polytechnique Fédérale de Lausanne (EPFL) disclosed a security vulnerability in Bluetooth that could potentially allow an attacker to spoof a remotely paired device, exposing over a billion of modern devices to hackers.