DocuSign Users Sent Phishing Emails After Data Breach*:
- Electronic signature service provider DocuSign has admitted customer email addresses were accessed in a data breach.
- The addresses were then targeted in a series of phishing emails from “a malicious third party”.
- The messages invited recipients to click on a link to a Microsoft Word document containing malware.
- DocuSign says that no other information was accessed in the incident, and the e-signature service remained secure.
- The company has advised people to delete any suspicious messages immediately.
- A malicious third party gained temporary access to a separate, non-core system that allows DocuSign to communicate service-related announcements to users via email.
- The emails included the DocuSign branding and appeared to come from addresses ending in “docus.com”.
- The malware contained in the attachment could be used to steal passwords and banking credentials.
*Source: BBC, May 17, 2017
Zomato Breach Exposes 17 Million Users*:
- Some 17 million users are said to have been affected after restaurant search platform Zomato was breached.
- The firm’s chief technologist said the stolen information included user IDs, names, usernames, email addresses and password hashes with salt, but no financial information was compromised.
- All passwords were immediately reset and users locked out of their accounts and forced to log back in following the incident.
- The company managed to make contact with the hacker who breached the site and the hacker has agreed to destroy all copies of the stolen data if Zomato introduces a bug bounty program to find security vulnerabilities.
- Zomato is urging its 6.6 million users with exposed passwords to change them on other services they may have also used them to access.
*Source: InfoSecurity Magazine, May 19, 2017
United Flight Attendant Reportedly Posted Cockpit Access Codes Online*:
- A United Airlines employee posted security codes online that are used to access the cockpit, possibly compromising security.
- Access codes are a security measure airlines use to request access to the cockpit.
- The flight attendant who posted the information did so by accident according to reports.
- United said it used multiple methods, including access codes, to ensure security.
- The company said in a statement that, “We have learned that some cockpit door access information may have been made public.”
- The company also noted that other security measures and protocol ensure that their cockpits remain safe.
*Source: Business Insider, May 15, 2017
Singapore University Breaches Reveal Wider Attack Surface to Safeguard*:
- Two Singapore universities suffered APT (advanced persistent threat) attacks last month, with the hackers specifically targeting government and research data.
- The universities notified Cyber Security Agency of Singapore (CSA), the government agency tasked with overseeing the country's cybersecurity operations, which helped both institutions conduct forensic investigations into the attacks.
- CSA determined that the breaches were the result of APT attacks and were carefully planned.
- Critical IT systems, such as student admissions and databases containing examination documents, were not affected, and CSA said “the objective may be to steal information related to government or research.”
- The agency said it was helping the universities with incident responses and measures to further mitigate any potential impact.
- An executive at CSA said the agency knows who did it and what they were after; they also said no classified data was stolen.
- In its bid to contain potential data leaks, the Singapore government last June said it was restricting internet access on all computers used by civil servants.
- The Singapore government had been actively involved in various data research efforts as well as increased its collaboration with industry players.
- Its efforts to digitally transform the nation and prep its citizens for a digital economy are commendable and should be encouraged, but it also unravels a significantly wider attack surface on which malicious hackers can target.
- Reducing the mean time to detect and respond must be the key objective for any cybersecurity infrastructure today.
*Source: ZD Net, May 14, 2017
The Massive, Worldwide Ransomware Attack was Stopped by a Researcher ‘Accidentally’*:
- Organizations across the globe, including hospitals, telecom firms and automakers in Europe, were dealing with a massive cyber-attack that locked people out of their computers.
- The ransomware demanded money in exchange for unlocking the computer systems, and thus giving people access to their data.
- A young British security researcher stopped the attack – by accident.
- The researcher saw that the ransomware system was routinely pinging an unclaimed web domain, and he claimed that domain in hopes of studying the ransomware’s activity.
- In claiming the domain, he unknowingly killed the entire attack; the malware apparently only worked so long as the domain was unclaimed.
- All of this was also possible because of a flaw in an old version of Microsoft Windows; the company released an update for the software following the attack.
*Source: Recode, May 13, 2017
Protect Yourself from the Latest Database Breach*:
- A massive database of stolen passwords has surfaced online and while this database is composed largely of passwords from a variety of sources, many of them years old, its newfound accessibility is cause for concern.
- Although "online safety" feels increasingly like an oxymoron these days, there are still steps you can take to protect yourself when breaches like this occur.
- The most secure password in the world is useless if a hacker steals it, but it becomes much less useful if it's not the same password you use for every single log-in.
- It’s essential that you employ a different password everywhere you conduct online affairs, and the only effective way to do that is with a password manager.
- Short of a fingerprint reader, two-step verification (aka two-step authorization) may be the single best way to protect online accounts.
- It is also a good idea to take the time to delete old, unused accounts so that a hacker can’t access personal information that might still be stored there.
*Source: CNET, May 16, 2017