Estimated to be the 95th largest website in the world with an average of 700 million visits per month, the question-and-answer website Quora, has suffered a data breach exposing account information of 100 million users. While no financial information was released, hackers gained access to personal account information, including usernames and encrypted passwords. As many people tend to use the same credentials for multiple accounts, including email and financial institutions, the hackers may be able to gain access to other accounts where Quora users have the same username and password.
Signet Jewelers, the parent company of retailers Jared and Kay Jewelers, has fixed a vulnerability found in the websites of both companies that could have potentially exposed the order information of their online customers. The vulnerability was caused by a common URL misconfiguration known as “insecure direct object references” where an altered URL address shows content not intended for the user.
Adobe has released an update for its Flash Player app after a vulnerability exploit as part of an APT attack against a Russian medical services organization. A security bulletin issued by Adobe identifies Flash Player 184.108.40.206 and earlier as the versions affected by this vulnerability. Cybersecurity experts expected the vulnerability to be commoditized and added to existing exploit kits (see our previous Threat Intelligence article) in the weeks following the attack.
Schools, government agencies and private organizations were the target of bomb threat emails that struck nationwide in December 2018. The emails demanded a payment in the form of bitcoin in order to halt the detonation of the alleged bomb. Victims of the email scam included local Wisconsin businesses in Appleton and Fon Du Lac.
The FBI and Department of Homeland Security’s United States Computer Emergency Readiness Team (US-CERT) both issued releases concerning the threats.
Source: SC Magazine
On December 19, 2018, Microsoft released an out-of-band update for the web browser, Internet Explorer, patching a zero-day vulnerability, identified by Google’s Threat Analysis Group, that had been exploited in targeted attacks.
Researchers at Trend Micro have identified a new type of malware hidden in memes posted to the social media site, Twitter. The tweets alone were not enough to cause an infection, serving only as a conduit to activate devices that had already been infected.
Online shoppers are warned to be on the lookout for order confirmation emails appearing to come from Amazon.
Associated Benefits and Risk Consulting offers several tools to help clients assess their cyber risk:
For more information about protecting your organization from cyber threats or risk management strategies in general, please contact us.
Jake Omann specializes in providing clients with risk management and executive risk services that cover their liabilities as a corporation, as well as the personal liabilities of their directors and officers. He started his career over 10 years ago in sales at a multinational financial services co
Jake Omann specializes in providing clients with risk management and executive risk services that cover their liabilities as a corporation, as well as the personal liabilities of their directors and officers. He started his career over 10 years ago in sales at a multinational financial services corporation before beginning his broker career in managing executive risk programs for Fortune 500 companies. Jake currently sits on the board for ACES for Kids.
Wire transfer requests top the list of business email compromise (BEC) objectives, according to a study by Barracuda Networks. Additional objectives laid out by the report include duping users into clicking on malicious links, establishing rapport and stealing information, with the end goal of extorting millions of dollars from unsuspecting companies.
This month's Threat Intelligence Report is about a large hotel chain that reports an “unauthorized access” to its customer database since 2014, exposing data of 500 million guests; a vulnerability in a postal service site that left 60 million customers exposed for more than a year; a third-party vendor breach that exposes data of millions of healthcare patients; a new report that profiles notorious MageCart cyber criminals; court documents that reveal first-ever indictment on ransomware charges; and a bundled pack that makes SamSam and other ransomware easier for hackers to obtain and deploy.
Send a Message
Find a Location