Information Security – Data Breach

Data Breach At Public School Board

by

Data Breach At Public School Board.
BlackburnNews.com has learned personal information of staff members at the Greater Essex County District School Board has been accessed in a possible data breach.
An email that was sent out to staff was sent to BlackburnNews.com anonymously.
It says information such as the names, dates of birth, social security number and direct deposit information of staff members was made accessible through the internal computer network.
The email states that “the full scope of information that was potentially vulnerable is still undergoing investigation.” A student discovered and reported the data breach to staff Monday morning.
At least three students were aware of the system vulnerability, but it is believed none of the students copied or shared the information.
It is believed the software issue was rectified and access to the information is no longer available.
However, the school board has contacted the Office of the Information and Privacy Commissioner of Ontario to notify them of the breach.
Police have also been notified.
BlackburnNews.com has reached out to Greater Essex County District School for comment.

Shamoon Data-Wiping Malware Now Comes with Ransomware Option

by

The malware, dubbed StoneDrill by the researchers, has possible ties to the attack group behind the infamous and recently resurrected Shamoon data-wiping malware.
One researcher not affiliated with Kaspersky Lab confirmed that some nation-state groups already have employed ransomware against their targets – mainly to appear as a cybercriminal group and not to tip their hands as an APT. “It makes sense that Shamoon, a destructive malware, would have ransomware with it,” Oppenheim says.
Kaspersky Lab makes it a policy not to identify attackers by their nation or other affiliation, but other research teams say NewsBeef/Charming Kitten are an Iranian APT.
CrowdStrike expects more such attacks as the geopolitical climate continues to intensify. “Some of that is being represented in this reporting,” he says of the new Kaspersky Lab findings.
CrowdStrike’s Meyers, says part of the equation is studying who’s being attacked.
Kaspersky Lab’s Andrés Guerrero-Saade says his team hasn’t yet seen Shamoon 2.0 or StoneDrill attacks against US organizations, however.
He recommends beefing up attack defenses for these types of threats. “There have been less than ten in the past decade, which suggest how careful and unusual they are even for well-established APT actors,” Andrés Guerrero-Saade says.

US Lawmakers Seek Grant For State, Local Cybersecurity

by

US Lawmakers Seek Grant For State, Local Cybersecurity.
US lawmakers from both parties and houses of Congress have introduced a bill called the State Cyber Resiliency Act to increase resources to states and local governments for ensuring cybersecurity, reports GCN.
The bill was introduced by Representatives Derek Kilmer and Barbara Comstock and Senators Mark Warner and Cory Gardner.
The grant program, say the bill’s sponsors, will increase resources to state and local government bodies so they can strengthen their cyber plans, develop a stronger cybersecurity workforce and fight threats.
Currently less than 2% of IT budgets are dedicated to cybersecurity, they claim.
This prompted the Department of Homeland Security to label the state voting infrastructure “critical infrastructure.”
Click here for more.
Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events.
For more information from the original source of the news item, please follow the link provided in this article.
View Full Bio

How can you predict the costs of a data breach for your company?

by

How can you predict the costs of a data breach for your company?.
A common fear of privacy officers is a data breach, the unauthorized acquisition or processing of personal information that is maintained by an organization.
Anticipating the cost of a data breach When I discuss data breaches with my clients, the question of the impacts to their organization always comes up.
The Analytics Cup breaks the class into teams with each team working on a project defined by a business.
In the fall of this year, my company, Privacy Ref, proposed a project to predict the cost of a data breach for a company.
A predictive model for the costs of a data breach The guidelines for developing the model had one requirement, it must be “easy.” It had to be easy to use, easy to distribute and easy to understand the results.
Each team developed a survey to gather estimates of costs contributing to the overall cost of a data breach.
The difference between the two models were how the survey information was gathered and how the results were presented.
Starting from the work the students have done, an organization can obtain an estimate or they may enhance the model to have a more finely tailored estimate of the cost of a data breach.
Getting the model The model is available free of charge (though a donation to the St. Joseph’s University is preferred), on the Presentation & Papers page at the Privacy Ref website.

New data breach law drives Australia’s cyber security focus

by

New data breach law drives Australia’s cyber security focus.
A new mandatory data breach notification law has come to Australia.
Dire cyber security skills shortage expected to continue into 2020.
According to the Australian Cyber Security Centre (“ACSC”), it lacks a clear view of cyber security incidents suffered by Australian businesses because they are not sufficiently reported on the current voluntary basis.
The GDPR will however increase potential fines to 4% of global annual turnover for the preceding year or €20m.
According to leading cybersecurity market intelligence agency, Cybersecurity Ventures, cybercrime will continue to rise and cost businesses globally more than $6 trillion annually by 2021.
Some of the more infamous UK incidents involved Sports Direct (in early 2017) where employees data was compromised; Three Mobile, one of Britain’s largest mobile operators, who revealed a major data breach in 2016 that put millions of its customers at risk; Tesco Bank hacked in 2016 with money stolen from 20,000 customer accounts; and – last but not least – the UK telco Talk Talk who suffered a data breach[11] that resulted in the highest ever fine (400,000 GBP) issued by the ICO in 2016 and cost the company a total of £80 million and 100,000 lost customers.
Data breaches in Australia Australia led the APAC region in reported data breaches in 2016[12].
The cyber skills shortfall [20] The global cyber security market is forecast to be worth US$120 billion in 2017 and rise to US$1 trillion by 2020[21].
The most lacking cyber security skills are said to be intrusion detection, software development and attack mitigation.

Spammers expose their entire operation through bad backups

by

From Hipchat logs and domain registration records, to accounting details, infrastructure planning and production notes, scripts, and business affiliations.
CoReg emails come from people who signed-up for something online, and had their address shared with a third-party or partner.
Law enforcement was informed about the breach and the questionable activities it exposed.
Based on campaign logging documents, the data breach also exposed more than 300 active MX records.
The process works like this: RCM will send messages for a given campaign to these warm-up accounts, and since they’re not generating complaints from these messages (they’re not going to complain about themselves after all), the Email Service Provider or affiliate program will mark them as a good sender.
Some of the documents exposed by RCM’s data breach show plans to purchase aged domains at auction.
Salted Hash reached out to all of the providers and shared the scripts and notes exposed by the data breach.
Based on the records exposed by RCM, the company gets a lot of its domains from Domainers Choice, and uses MXLeads or Fenix Network to handle click tracking and unsubscribes.
IP records exposed by RCM show Slocombe tracking TierPoint IP addresses while working on various campaigns.
The largest marketing firm connected to RCM, based on documents exposed by the data breach, public filings, and domain registration records, appears to be Amobee.

Consumer Reports to factor cybersecurity into reviews

by

Consumer Reports to factor cybersecurity into reviews.
Consumer Reports says it will start including cybersecurity and privacy safeguards in its product reviews.
The nonprofit, which reviews everything from cars to appliances, has worked with several organizations to develop methods for evaluating how vulnerable a product is to hacking and how securely data it collects is stored, Consumer Reports said in a Monday press release. “The goal is to help consumers understand which digital products do the most to protect their privacy and security, and give them the most control over their personal data,” a blog about the initiative reads.
Maria Rerecich, the organization’s director of electronics testing, told Reuters that Consumer Reports would introduce the reviews over time. “This is a complicated area,” Rerecich was quoted as saying. “There is going to be a lot of refinement to get this right.”
The internet of things is expected to exacerbate the problem as more and more connected devices come online.
First published March 6, 1:44 p.m. PT.
Update, 2:20 p.m.: Adds confirmation from Consumer Reports.

Database of 1.4 Billion Records leaked from World’s Biggest Spam Networks

by

A database of 1.4 billion email addresses combined with real names, IP addresses, and often physical address has been exposed in what appears to be one the largest data breach of this year.
What’s worrisome?
Spammer’s Entire Operation Exposed The database contains sensitive information about the company’s operations, including nearly 1.4 Billion user records, which was left completely exposed to anyone – even without any username or password.
According to MacKeeper security researcher Vickery, RCM, which claims to be a legitimate marketing firm, is responsible for sending around a billion unwanted messages per day.
Besides exposing more than a billion email addresses, real names, IP addresses and, in some cases, physical addresses, the leak exposed many documents that revealed the inner workings of RCM’s spam operation. “Chances are that you, or at least someone you know, is affected.”
Vickery wasn’t able to fully verify the leak but said he discovered addresses he knew were accurate in the database.
Illegal Hacking Techniques Used by RCM The company employed many illegal hacking techniques to target as many users as possible.
One of the primary hacking methods described by the researchers is the Slowloris attacks, a method designed to cripple a web server rather than subvert it in this manner.
In response to the latest discovery, Spamhaus will be blacklisting RCM’s entire infrastructure from its Register of Known Spam Operations (ROKSO) database that tracks professional spam operations and lists them using a three-strike rule.

1.3 billion records leaked: spam operator suffers data breach

by

1.3 billion records leaked: spam operator suffers data breach.
After a weekend of speculation, River City Media (RCM), an “illegal spam operation”, was revealed to be the victim of a data breach that affected a staggering 1.37 billion email accounts.
The data from this operation was discovered by ‘data breach hunter’ Chris Vickery, a security researcher for MacKeeper, who first teased the leak on Friday.
Data breach hunter The leak was first identified by Vickery last Friday.
In addition, Vickery uncovered 1.34 billion email accounts.
These are the accounts that receive spam, or what RCM calls offers.
Aadhaar, India’s biometrics database of its citizens, was also considered, as well as mainstream Chinese social media companies that have over 1 billion users.
The unexpected nature of this breach has caught many off guard.
There will be more information to follow.
Subscribe to the Daily Sentinel for updates on this story and all the latest cyber security news.

Difficult-to-detect new malware hides in memory

by

Difficult-to-detect new malware hides in memory.
Researchers at Cisco Systems Inc.’s Talos threat research group have published a report on a scary new form of malware that’s difficult to detect.
Dubbed DNSMessenger, the malware uses Microsoft PowerShell scripts to hide itself and connect directly with a server using a victim’s Domain Name Service port.
It’s distributed as a Microsoft Word document spread through a phishing campaign, which attempts to appear like a known or reputable source.
Not surprisingly, there’s no content in the file and the second click instead executes the malicious script in the file, eventually leading to the victim’s computer being compromised.
But that’s where the similarities with usual malware ends.
Instead of writing the malicious code to the victim’s hard drive, the malware does everything in memory instead, making it difficult to detect.
What isn’t clear is exactly what sort of malicious commands the hackers are using the DNS backdoor to execute.
“Given the targeted nature of this attack, it is likely that the attackers would only issue active C2 commands to their intended target.” While HTTP and HTTPS gateways are regularly monitored by networks, the same can’t be said for DNS, and the hackers are well aware of this.
“It also illustrates the importance that in addition to inspecting and filtering network protocols such as HTTP/HTTPS, SMTP/POP3, etc.