Round Up of Major Breaches and Scams
Brazilian company Embraer, considered today’s third-largest airplane maker after Boeing and Airbus, was the victim of a ransomware attack last month. Today, hackers involved in the intrusion have leaked some of the company’s private files as revenge after the airplane maker refused to negotiate and instead chose to restore systems from backups without paying their ransom demand.
The researcher identified over 75000 data points of his phone being tracked. Most of us already know that our smartphones are being tracked constantly through either telecommunication service providers, tech giants like Google, or the various apps that we use. One researcher decided to see where the information or data was collected similar to when a student traced his phone’s thief.
Cyber-criminals have created a new type of web malware that hides inside images used for social media sharing buttons in order to steal credit card information entered in payment forms on online stores. The malware, known as a web skimmer, or Magecart script, was spotted on online stores in June and September this year by Dutch security firm Sanguine Security (SangSec).
A 2017 data breach at Flight Centre occurred when passport and credit card numbers for 6918 customers were accidentally left in a dataset used by the participants of a hackathon. Details of the breach are revealed in a determination by the Australian Information Commissioner and Privacy Commissioner Angelene Falk that Flight Centre breached Australian privacy principles, including by using data for purposes other than the reason it was originally collected.
Round Up of Major Malware and Ransomware Incidents
The data that has been made public is a 32.7MB archive which contains 184 files including legal documents, business files, accounting spreadsheets, and some financial reports. After the data was published by the ransomware operators, a security notification regarding the confirmation of the same was issued by Randstad. However, there is no clarity on whether the personal data of employees or clients was compromised during the attack.
The Greater Baltimore Medical Center in Towson, Maryland was hit by a ransomware attack that impacted computer systems and medical procedures, the healthcare provider said Sunday. While few details have been provided, operator GBMC HealthCare says the incident has impacted information technology systems and forced some procedures scheduled for Monday to be cancelled.
Round Up of Major Vulnerabilities and Patches
Verizon Communications, an American telecommunications company, has been found exposing customers’ personal data for months due to a technical glitch in its chatbox on the company’s website. As reported by Ars Technica, the vulnerability is making the chat window display the conversations between Verizon’s employees and customers. Customers’ personal details such as transcripts, full names, phone numbers, addresses, account numbers, etc., are displayed when users click on a link to chat.