Security researchers report a massive uptick in the number of MongoDB databases hijacked and held for ransom.
Tag Archives: breach
Acer Ecommerce Site Spills Credit Card Information of Thousands
Taiwanese electronics company Acer sent letters to customers indicating that some of their financial information – credit card data included – may have been accessed over the last year.
Report: Federal Reserve Target of Constant Attacks
The U.S. Federal Reserve reported 50 breaches over the past five years including two that it is classifying as acts of cyber espionage, according to a Reuters Freedom of Information Request.
LinkedIn is Latest Contributor to Breach Fatigue
Expert Troy Hunt waxes on last week’s LinkedIn data dump of 117 million credentials and how it reflects on a new breed of hackers.
BREACH Attacks Revived to Steal Private Messages from Gmail, Facebook
New life has been injected into the BREACH crypto attacks by researchers who have discovered how to bypass existing mitigations.
ReverbNation breach points to an old yet newly ‘known unknown’
Having worked in the IT security industry for even a few years is enough to make one cynical at times, skeptical usually, and shocked rarely. But one thing did surprise me this morning when I opened my Gmail inbox: an “Important Security Notice About Your Password” from online music and band-hosting platform ReverbNation.
The post ReverbNation breach points to an old yet newly ‘known unknown’ appeared first on Avira Blog.
United Airlines customer flight records breached
United Airlines customer flight records have been lost in a data breach it has been reported.
The post United Airlines customer flight records breached appeared first on We Live Security.
LastPass Has Been Breached: Change Your Master Password Now
Luckily no passwords were actually stolen in the attack on LastPass last Friday, according to the Company’s Blog: “In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed.” Nonetheless account email addresses, password reminders, server per user salts, and authentication hashes were compromised.
Because of that everyone using the LastPass service will receive a mail, prompting them to reset their master password, according to the blog entry. On top of that the company will also require users who log in from a new device or IP address to verify their ID via mail if multifactor authentication is not enabled for the specific account.
Considering your stored passwords the blog says: “Because encrypted user data was not taken, you do not need to change your passwords on sites stored in your LastPass vault. As always, we also recommend enabling multifactor authentication for added protection for your LastPass account.”
So apparently there is no need to change every password you have stored with them. You can if you are really really concered for your accounts, but according to LastPass there is no need for it. Just make sure none of the other passwords you use is the same as the master password of your LastPass account.
The post LastPass Has Been Breached: Change Your Master Password Now appeared first on Avira Blog.
OPM Data Breach: Data of 4 Million Federal Workers Exposed
According to the official news release, hackers managed to breach the Office of Personnel Management (OPM). With the information of 4 million federal government workers exposed, it is one of the biggest in the federal government’s history. The hack was discovered because “within the last year, the OPM has undertaken an aggressive effort to update its cybersecurity posture, adding numerous tools and capabilities to its networks”.
In order to determine the full impact the OPM is now investigating the issue together with the U.S. Department of Homeland Security’s Computer Emergency Readiness Team (US-CERT) and the Federal Bureau of Investigation (FBI).
In their statement the agency wrote: “Since the intrusion, OPM has instituted additional network security precautions, including: restricting remote access for network administrators and restricting network administration functions remotely; a review of all connections to ensure that only legitimate business connections have access to the internet; and deploying anti-malware software across the environment to protect and prevent the deployment or execution of tools that could compromise the network.”
Sounds all good, but who is to blame? According to The Washington Post and the Wall Street Journal the hackers might have been Chinese, a link that China’s Foreign Ministry Spokesman calls “irresponsible”.
The post OPM Data Breach: Data of 4 Million Federal Workers Exposed appeared first on Avira Blog.
4 million government employees’ personal data stolen in OPM hack
Four million federal employees have had their personal data stolen from the Office of Personnel Management, according to a statement on its website.
The post 4 million government employees’ personal data stolen in OPM hack appeared first on We Live Security.
