Smishing is the latest Social Security scam going around

 

  • Smushing (SMS + Phishing) is the latest social security scam in which hackers are trying to fool people into disclosing their private information or downloading malicious code to their mobile phones.
  • Smishing attacks involve the same sort of trickery as phone scams, including the same false claims that the message is from the IRS, Social Security Administration, a long-lost friend, or a bank.
  • Texting has replaced the phone call as the most popular consumer communication channel. So while we ignore phone calls, we are conditioned to respond to text messages — and phishers are using this to their advantage

 

*Source: Considerable, September 30, 2019

 

Senate Passes Bill Aimed At Combating Ransomware Attacks

 

  • As the number of sophisticated ransomware attacks increase, the US Senate approves new legislation aimed at helping government agencies and private sector companies combat such attacks in the future.
  • In August, Texas officials were left scrambling after up to 22 Texas entities were hit by a coordinated ransomware attack. Other cities have also been hit, including New Bedford, Mass., dual Florida cities and several Atlanta city systems. The proposed law authorizes the Department of Homeland Security (DHS) to invest in and develop “incident response teams” to fight these attacks.

*Source: Threatpost, September 30, 2019

ANU incident report on massive data breach is a must-read

 

  • Australian National University has released a detailed report on the massive data breach it suffered from in 2018, where the hackers had gained access to almost 19 years’ worth of data.
  • ANU has set a new standard for transparent data breach reporting. The report is an example to everyone else on how to deal with cyberattacks – honest, technical, detailed, and full of good advice for protecting data. Attacks will keep happening. This is the way to understand them and learn to improve our defenses.

*Source: Zdnet, October 02, 2019

Hiding a Data Breach Can Derail an Acquisition

 

  • Research by the world’s largest non-profit association of certified #cybersecurity professionals, (ISC)2, states that companies can drive down their value by hiding or mishandling.
  • Out of the 250 M&A experts who were questioned – 49% have seen deals derailed after due diligence brought an undisclosed breach to light, 86% said that if a company publicly reported a breach of customer or other critical data in its past, it would detract from the acquisition price assigned and 77% had recommended a particular company be acquired over another because of the strength of its cybersecurity program.

*Source: infosecurity-magazine, October 3, 2019

218M Words with Friends Players Compromised in Data Breach

 

  • A Pakistani hacker, going by the online alias Gnosticplayers, has claimed to have hacked the popular mobile social game company Zynga Inc and gained unauthorized access to a massive database of more than 218 million users.
  • An investigation was immediately commenced, leading third-party forensics firms were retained to assist, and we have contacted law enforcement. As a precaution, we have taken steps to protect these users’ accounts from invalid logins. We plan to notify players as the investigation proceeds further

*Source: DarkReading, September 30, 2019

Zendesk Alerts Users Of Data Breach That Occurred in 2016

 

  • The customer support ticketing platform Zendesk has confessed to a security incident affecting thousands of customers. As revealed, Zendesk suffered a data breach back in 2016 that impacted 10,000 users.
  • As stated by the firm, On September 24, we identified approximately 10,000 Zendesk Support and Chat accounts, including expired trial accounts and accounts that are no longer active, whose account information was accessed without authorization prior to November of 2016.

*Source: latesthackingnews, September 26 2019