Tag: employees

August 29, 2018

The Week in Breach: 08/19/18 – 08/25/18

A slow, but troubling week to say the least! Phishing and compromised databases still rule the day. This Week in Breach highlights incidents involving a New York-based gaming developer, medical data held by a University, and the disclosure of sensitive data held by a popular babysitter application. Highlights from The Week in Breach: Dark Web Ads! Twitch.tv sees a breach. Healthcare Nightmare! In Other News: Is Breaking Bad? A German company by the name of Breaking Security has been up in arms about the use of their legitimate software named Remcos (Remote Control and Surveillance). Remcos is used for managing Windows systems remotely and is increasingly being used by hackers for malicious attacks known as Remote Access Trojan (RAT). The question is, however… are they telling the truth? Researchers have uncovered that the product sold by the company is widely advertised on Dark Web hacking forums and it seems that not only does the organization know that this is happening, they are encouraging it. Breaking Security has strongly stated that any license linked to malicious hacking campaigns are revoked, yet still, many hacking campaigns continue to use the service. https://www.darkreading.com/attacks-breaches/attackers-using-legitimate-remote-admin-tool-in-multiple-threat-campaigns/d/d-id/1332631 Not So Private Messages In May, the popular live streaming service, Twitch, exposed user’s private messages because of a bug in their code. The Amazon subsidiary disabled the service, which allowed users to download an archive of past messages. When a user requested this archive, the game streaming company accidentally intertwined messages from other users. Twitch has come out and said that this only affected a limited number of users and has provided a link for customers to visit so they can find out if any of their messages were exposed and what the messages were. https://www.bleepingcomputer.com/news/security/twitch-glitch-exposed-some-users-private-messages/ Podcasts: Know Tech Talks – Hosted by Barb Paluszkiewicz IT Provider Network – The Podcast for Growing IT Service The Continuum Podcast Security Now – Hosted by Steve Gibson, Leo Laporte Small Business, Big Marketing – Australia’s #1 Marketing Show! United States – Augusta University Exploit: Email compromise by phishing attacks. Risk to Small Business: High: This is a significant breach in scale and severity, and due to the sensitive nature of the data compromised the organization will likely face heavy fines. Individual Risk: Extreme: Individuals affected by this breach are at high risk for identity theft, as well as their medical information being sold on the Dark Web. Augusta University: Georgia based healthcare network. Date Occurred/Discovered: September 10, 2017 – July 11, 2018 Date Disclosed: August 20, 2018 Data Compromised: Medical record numbers Treatment information Surgical details Demographic information Medical data Diagnoses Medications Dates of services Insurance information Social Security numbers Driver’s license numbers Customers Impacted: 417,000 https://cyware.com/news/augusta-university-health-breach-exposes-personal-records-of-over-400k-patients-432de74e https://www.augusta.edu/notice/message.php United States – Animoto Exploit: Undisclosed. Risk to Small Business: High: A breach of customer trust, especially involving geolocation data, can be highly damaging to a company’s image. Individual Risk: Moderate: Users affected by this breach are at a higher risk of spam and phishing. Animoto: New York-based company that provides a cloud-based video-making service for social media sites. Date Occurred/Discovered: July 10, 2018 Date Disclosed: August 2018 Data Compromised: Names Dates of birth User email addresses Salted and hashed passwords Geolocation Customers Impacted: Unclear. https://techcrunch.com/2018/08/20/animoto-hack-exposes-personal-information-geolocation-data/ United States – Sitter Exploit: Exposed MongoDB database. Risk to Small Business: High: Most customers would be uncomfortable with a company leaking data about their kids and when they are left alone with someone who doesn’t live there. Individual Risk: High: A lot of sensitive personal information was exposed in this breach, much of it unsettling. Sitter: An app that connects babysitters and parents. Date Occurred/Discovered: August 14, 2018 Date Disclosed: August 14, 2018 Data Compromised: Encrypted passwords Number of children per family User home addresses Phone numbers Users address book contacts Partial payment card numbers Past in-app chats Details about sitting sessions Locations Times Customers Impacted: 93,000. https://www.linkedin.com/pulse/incident-report-no1-babysitter-application-exposure-bob-diachenko/ https://www.bleepingcomputer.com/news/security/mongodb-server-exposes-babysitting-apps-database/ Australia – Melbourne High School Exploit: Negligence. Risk to Small Business: Extreme: This is a major exposure of sensitive and potentially embarrassing information that could irreparably damage a company’s reputation. Individual Risk: High: Those affected by the data breach have sensitive information about their personal medical information that is considered highly private and could leave them exposed to identity theft. Melbourne High School: School in Melbourne. Date Occurred/Discovered: August 20-22, 2018 Date Disclosed: August 22, 2018 Data Compromised: Medical information Mental health conditions Learning behavioral difficulties Customers Impacted: 300 students. https://www.theguardian.com/australia-news/2018/aug/22/melbourne-student-health-records-posted-online-in-appalling-privacy-breach A note to your customers: Tick Tock. The cost of cybercrime is no joke. This is easy to say from the perspective of someone whose business it is to know all about cybercrime trends, attack vectors, and yada, yada, yada. But to really quantify how big of a problem cybercrime is in the world of business, it is often easier to compare it to day to day things… like a doctor explaining a complicated procedure or a mechanic telling you why your car is making that noise. So today I would like to compare the cost of cybercrime to the most universal understanding that there is… time. The cost of cybercrime each minute globally: $1,138,888 The number of cybercrime victims each minute globally: 1,861 Number of records leaked globally each minute (from publicly disclosed incidents): 5,518 The number of new phishing domains each minute: .21 As you can see, cybercrime buids by the minute. https://www.darkreading.com/application-security/how-threats-increase-in-internet-time/d/d-id/1332629 Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to [email protected] to let us know! Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!

Read More
November 30, 2017

I Now Have Everything I Need to Exploit You.

MSPs should read this, then enroll themselves and every customer in SpotLight ID NOW Chances are, you’ve come across cleverly-crafted ads on sites like CNN.com, Facebook, Yahoo and others that say something like, “Use this site to find out anything… about anyone.” If you are like most good citizens, you probably passed up on the opportunity to use one of these sites to dox, or to search for and publish private or identifying information about an individual on the Internet, typically with malicious intent. Good for you!

Read More
October 17, 2017

Protecting Employee Personal Data Fundamental to Corporate Security

If the keys to your house were sitting visibly outside for someone to take, would you just leave them in hopes that no one breaks in? Not likely. Similarly, the keys to the front door of most organizations are sitting on the Dark Web at the ready for use and exploit by criminal organizations and hackers. In fact, criminals, hacktivists and social hackers obtain and sell hundreds of thousands of stolen credentials on the Dark Web daily. Many times, exposure of employees’ personal credentials can lead to an internal corporate breach, where a compromise can turn into a corporate catastrophe.

Read More
June 08, 2017

Why Managed Service Providers Must Monitor for Compromised Credentials

If your customers are like most organizations, 75% of their employees recycle or use a variation of the same password across most of the systems and websites they access – both on and off their employer’s network. And this practice is becoming increasingly dangerous.

Read More
May 25, 2017

Dark Web ID Tracks and Identifies DHS and FBI “Data Dumps” Immediately After Release

Last weekend, more than 9,300 Department of Homeland Security (DHS) employees’ personal information was leaked online, all stemming from an apparent data breach to the DHS networks. Not only were those identities exposed, but the Twitter user that publicized the information immediately followed suit by exposing an additional 22,000 Federal Bureau of Investigation (FBI) employees’ information.

Read More
May 18, 2017

Three Types of Business E-Mail Compromise Scams You Need to Recognize

The internet has changed the way businesses operate around the world. Having access to a tool of this caliber is essential to the way corporations function today, but it also has its downfalls. In this case, we’re referring to the incredibly dangerous threat most business owners are either unaware of or hardly ever think about – cybercrimes like Business Email Compromises (BEC).

Read More
May 15, 2017

Why Employee Data May Pose Biggest Cyber Risk

Cyber risk is no longer a potential threat to put on the back burner for later review. The reality is that cyber risk is a threat right now. Many organizations are taking precautions to protect themselves and their people. However, despite the plethora of major companies and brands experiencing the repercussions of not instilling pre-breach precautions, the question remains: is it necessary to encrypt employee information?

Read More
April 20, 2017

How to Identify and Prevent Insider Data Breaches

A little known fact about corporate identity theft is that a large percentage of data breaches originate inside the organization’s walls. A recent report by Intel estimates that 43% of data breaches are the result of insider threats. Half of the insider breaches came from employee negligence and half came from malicious actions.

Read More
March 20, 2017

How to Increase Corporate Security and Employee Productivity with an Identity Monitoring Benefit

Protecting employees from cyber threats and identity theft is increasingly becoming a corporate responsibility. Every year, HR and Benefits Managers are faced with the task of simultaneously communicating cost increases and benefit reductions while finding ways to improve employee morale. At the same time, those focused on your corporate security are busy fighting the endless war game of trying to keep bad actors from exploiting their organization for gain.

Read More

Please fill in the form below to subscribe to our blog

Categories

Tags

Australia BullPhishID BullPhish ID Canada commercial credential stuffing cyberattack cybercrime cybersecurity Dark Web dark web credential loss Dark Web ID dark web monitoring dark web threat Data Breach Data Breach Alerts data compromised data loss prevention data theft France hacking healthcare insider threats Japan MSPs MSP Solutions MSP Space nation-state hackers Passly passwords phishing phishing resistance phishing resistance training ransomware remote working retail security security awareness training SMB cybersecurity stolen credentials supply chain risk The Week in Breach third party risk United Kingdom United States