Information Security – Data Breach

Hackers Briefly Take Over HBO Twitter Accounts

by

Hackers Briefly Take Over HBO Twitter Accounts.
Several of HBO’s Twitter accounts were hacked late Wednesday night, raising further security concerns at a moment when the premium cable channel has been dealing with the sustained leaking of proprietary information.
A group that identified itself as OurMine infiltrated HBO’s main Twitter account and accounts for TV shows like “Game of Thrones” and “Girls.” In two tweets posted to several of HBO’s accounts, the hackers wrote “we are just testing your security” and “let’s make #HBOHacked trending!” It did not last long.
HBO appeared to have reclaimed control of the accounts and had deleted the hacker’s tweets within an hour of the breach.
There is nothing unique about major companies’ social media accounts getting hacked, but the incident on Wednesday night comes after a single hacker has tormented HBO since the beginning of the month.
In emails to the news media in recent weeks, the hacker, who identifies himself as “Mr.
But that’s not the end of it.
Two unaired episodes of “Game of Thrones” were also leaked online this month, including one set to broadcast on Sunday, though neither leak was related to the wider breach.
It also did not appear that Wednesday night’s Twitter hacking was related to the Mr. Smith attack.
“We are investigating,” a spokesman for the network said.

After Cybersecurity Shift, Black Duck is Growing Fast & Eyeing Deals

by

After Cybersecurity Shift, Black Duck is Growing Fast & Eyeing Deals.
It looks like Black Duck Software has figured out how to pull it off.
Under founding CEO Doug Levin, Black Duck made a name for itself by providing tools to help software developers vet all of the open-source code they’re using and make sure they comply with licenses.
In late 2013, Lou Shipley was brought in to replace Yeaton, who had held the CEO position for nearly five years.
But as the use of open-source code in companies’ software products has grown, so too has the risk of cyber breaches.
Black Duck has been cash-flow positive for the past two years, Shipley says.
(It launched its first cybersecurity product in early 2015.)
The company’s competitors include Sonatype and Flexera, Shipley says, both of which offer tools for open-source software development and security.
“It’s taken a long time to get here.
But a lot of companies take a long time to get to the size and scale that we’re at now.” Jeff Engel is a senior editor at Xconomy.

Stalker policewoman became ‘obsessed’ with friend’s husband and hacked his Facebook to wreck their marriage

by

A policewoman stalked a former friend’s husband and became obsessed with him, hacking into his Facebook account in a bid to wreck his marriage, a court heard.
Ashley Boyd, 26, fancied Kevin O’Connor from when she first saw him but when she couldn’t have him, she hacked into his social media accounts to pose as him and posted messages and slurs about his wife Rhona.
Boyd changed his Facebook relationship status to single and had chats with his friends claiming that his marriage was unhappy.
She also phoned a hospital pretending to be Rhona to cancel an appointment, the Daily Record reports.
Boyd, from Moodiesburn, Lanarkshire, pleaded guilty yesterday to stalking and causing the couple “fear and alarm” between June and September last year.
She also admitted a charge of attempting to pervert the course of justice.
Andrew Beadsworth, prosecuting, said: “Boyd appears to have become fixated upon Kevin O’Connor.” The court heard Rhona became friends with Boyd when they worked in Boots together, although the friendship had deteriorated by the end of 2013.
Boyd resigned from Boots in March 2015 and joined Police Scotland later that year.
She resigned from the force in December 2016.
He also received a text from a colleague relating a “strange” conversation she had with “him” on Facebook Messenger about being unhappy in his marriage.

HBO Twitter Accounts Hacked

by

HBO Twitter Accounts Hacked.
HBO’s official Twitter account was the victim of an apparent hack Wednesday, as were the accounts of several of the cable network’s shows.
A later tweet read, “let’s make #HBOHacked trending!”
Affected show accounts included those for Vinyl, True Blood, Silicon Valley, Looking, Last Week Tonight, Veep and The Leftovers. “We are investigating,” a HBO spokesperson told The Hollywood Reporter.
The Twitter hack comes at a time when HBO has been dealing with anonymous hackers who claim to have stolen a huge tranche of data from the company’s servers and have threatened to release it if their ransom demands are not met.
The hackers behind the July 31 cyberattack, claimed to have stolen 1.5 terabytes of data including emails, show scripts and unaired episodes of hit shows Game of Thrones, Ballers and Room 104.
The FBI starting investigating the hack a few days after HBO went public.
Two days later, the hackers released a screenshot of an email dated July 27 allegedly showing a senior vp for the network offering them $250,000 as a “bug bounty payment.”
On August 13, the hackers leaked several unaired episodes from the ninth season of Curb Your Enthusiasm, the comedy that’s not set to return to screens until October.

HBO social media hacked in latest cyber security breach

by

HBO social media hacked in latest cyber security breach.
HBO’s Facebook and Twitter accounts have been compromised in the latest cyber security breach to hit the firm.
A group called OurMine appeared to take control of the main HBO accounts, as well as those for the network’s shows including Game of Thrones.
It is the latest cyber security headache for the entertainment firm after hackers released Game of Thrones scripts and company data.
HBO did not immediately respond to the BBC’s request for comment.
OurMine has a reputation for hacking high profile Twitter accounts.
Out of the haul they released Game of Thrones scripts, company documents and unbroadcast episodes of HBO’s other shows including Curb Your Enthusiasm and Insecure.
Separately, four people have been arrested for leaking an episode of Game of Thrones before it aired.
The accused were current and former employees of a Mumbai-based company that stores and processes the series for an online streaming service.
An episode of the fantasy show was mistakenly released on to its broadcaster’s Spanish and Nordic streaming platforms days before it was scheduled to be broadcast.

Discover a Data Breach? Try Compassion First

by

Discover a Data Breach?
The reactions to a big data breach often resemble the five stages of grief, so a little empathy is needed.
Sometimes permissions on Internet-accessible systems are left wide open by accident or security patches didn’t get applied in time, leaving the system vulnerable to attack.
There are the organizational users, who get tricked into opening a malicious attachment or clicking on a bad link, and either have their passwords stolen or their computers compromised.
As security professionals, it’s our job to keep track of every emerging technology and analyze almost in real time how it could affect the security of the enterprise.
This is critical, since even as we fortify networks and systems, the sysadmins remain a preferred target of the adversary, who wants to leverage a sysadmin’s access to do harm.
By helping them work through these “data breach grief stages,” we were often able to let them reach acceptance, which is a key step toward recovering from a compromise, picking up the pieces, and making sure it doesn’t happen again.
But in an age of highly sophisticated attack methodologies and weaponized zero-day exploits, even a fully patched and secured system may be no match for a motivated attacker.
This often leaves the people charged with securing the critical systems outgunned and getting blamed even if they did everything within their power to do the right thing.
Caption Settings Dialog Beginning of dialog window.

Companies Are Acquiring Bitcoin to Pay off Hackers, Says Cybersecurity Firm CEO

by

Companies Are Acquiring Bitcoin to Pay off Hackers, Says Cybersecurity Firm CEO.
Get Trading Recommendations and Read Analysis on Hacked.com for just $39 per month.
In the wake of the HBO hack, in which hackers threatened to release 1.5 TB of data if they didn’t get about $6 million worth of bitcoin, a cybersecurity CEO stated that companies are acquiring bitcoin to pay off hackers.
On CNBC’s Mad Money, hosted by Jim Cramer, cybersecurity firm CyberArk’s CEO Udi Mokady made his notable statement, as hackers are becoming more sophisticated and managing to infiltrate top companies who, as a result, are forced to buy bitcoins to pay for possible ransoms.
He stated: “That’s the requirement of most of these hackers.
Often lives are put at risk, as healthcare networks are preferred targets due to the nature of the services they provide.
Bitcoin’s price recently hit a new all-time high above $4,400, and that helps motivate bad actors to keep blackmailing organizations.
The CEO stated that he thinks this is going to help expedite the education process of cyberattacks.
According to him, the companies his firm works with are trying to be one step ahead of those that are forced to pay bitcoin ransoms and learn from their mistakes, so as to prevent attacks instead of having to pay off hackers.
Featured image from Shutterstock.

Nationwide Mutual Insurance agrees to $5.5M Settlement for Data Breach

Nationwide Mutual Insurance agrees to $5.5M Settlement for Data Breach

by

Nationwide Mutual Insurance agrees to $5.5M Settlement for Data Breach.
This was the settlement amount for Nationwide failing to prevent a data breach that happened in 2012 where 1.27 million consumers personal information was exposed.
Nationwide had failed to apply a critical security patch which would have prevented the hackers from getting into their network.
Nationwide later stated on a website related to the breach that a security freeze on their credit reports would prevent consumers from gaining credit.
Nationwide did not offer to pay this for those consumers who did decide to take put one in place.
For the states involved in the settlement, they are authorized to make use of the money for litigation costs, law enforcement, and consumer security related programs.
Ongoing Breaches This settlement reflects the prolonged damage a data breach can cause an organization.
The length and scope of the case likely cost millions more than the final settlement.
These were just a few of this year’s victims.
Teramind offers a flexible security solution that uses the latest developments in security technology to help you prevent insider incidents and detect compromise in your system.

Researchers Hacked Into DNA and Encoded it With Malware

by

Researchers Hacked Into DNA and Encoded it With Malware.
A group of biohackers at the University of Washington found a way to sequence gene bases to implant malware through a laboratory computer.
Though still in its early stages, they have invented a sci-fi device of biopunk ingenuity.
Welcome to the World of Biohacking Biologists pay scrupulous attention to DNA synthesis, not just out of a need for precision, but also as a precaution.
Scientists don’t want to create or spread a dangerous stretch of genetic code that, with a little bit of criminal ingenuity, could be used to make a toxin or an infectious disease.
This is a far cry from a criminal implementation.
“We know that if an adversary has control over the data a computer is processing, it can potentially take over that computer,” said Tadayoshi Kohno, Computer Science Professor at the University of Washington in an interview with WIRED, noting the similarity to traditional hacker attacks.
“That means when you’re looking at the security of computational biology systems, you’re not only thinking about the network connectivity and the USB drive and the user at the keyboard but also the information stored in the DNA they’re sequencing.
It’s about considering a different class of threat,” he added.
Called an “exploit” by hackers, this specific kind of computer attack is known as a “buffer overflow” which fills the space in a computer’s memory allocated for the gene sequence and then spills out into other parts of the computer’s memory until it can plant its own commands.

Data Breach at UC Health and Healthcare’s Ongoing Struggle

by

In Cincinnati, Ohio (USA), the Daniel Drake Center for Post-Acute Care of the UC Health system has reported unauthorized access to patient medical records for the past two years by an employee.
They also have not disclosed how they identified the recent breach.
Additionally, the Daniel Drake Center will be providing training to all employees about cyber security.
Healthcare Security Challenges General consensus among security experts is that the healthcare sector is the most unprepared for protecting data.
This has been the case year after year.
Part of the unique security challenge within healthcare is the fact that healthcare organizations must share patient data.
Another challenge for the healthcare sector is that cyber security is not a priority for the healthcare industry.
UBA is the activity of tracking, collecting, and analysis of log data.
It is important to have security integrated into the daily processes of work for employees.
If they’re able to identify vulnerabilities then they can be tasked with patching them up.