Tuesday, September 25, 2018
Tripwire

Wendy’s Reportedly Sued Over Collection of Employees’ Fingerprints

Two former employees of Wendy’s reportedly filed a lawsuit accusing the fast food restaurant chain of breaking the law in the way it collects and stores employees’ fingerprints. According to ZDNet, former Wendy’s employees Martinique Owens and Amelia Garcia...
Tripwire

Romanian Citizen Admits Guilt in Police Department Ransomware Attack

A Romanian citizen has pleaded guilty to federal charges resulting from a ransomware attack that targeted a police department. On 20 September, Eveline Cismaru, 28, pleaded guilty before the Honorable Dabney L. Friedrich in the District of Columbia to...
Tripwire

ICO to Fine Equifax £500,000 for 2017 Data Breach

The Information Commissioner’s Office (ICO) of the United Kingdom announced it will fine Equifax £500,000 for a data breach that occurred in 2017. In a monetary penalty notice filed on 19 September, the ICO revealed its decision to impose...
Tripwire

State Department Says Some Employee Info Possibly Exposed in Security Incident

The U.S. State Department said that some employees’ information might have been exposed in a recent security incident. In a notice shared by Politico, the State Department disclosed that “activity of concern” on an email system might have exposed...
Tripwire

A Quarter of Civilian Federal Agencies Have Adopted DMARC and SPF for All Domains

A quarter of civilian federal agencies have adopted DMARC and SPF email authentication protocols for all their domains in compliance with a mandate. Thirty-four percent of 133 agencies are now fully compliant with what is known as BOD 18-01....
Tripwire

Ransomware Attack Takes Down Airport’s Flight Information Screens

A ransomware attack prevented an English airport from using its flight information screens to assist passengers in their travels. On 13 September, Bristol Airport tweeted out that its flight information systems were experiencing technical difficulties. We are currently experiencing...
Tripwire

ICO Receiving 500 Breach-Related Calls a Week Since GDPR Took Effect

The United Kingdom’s Information Commissioner’s Office (ICO) has been receiving 500 calls pertaining to data breaches since the European Union’s General Data Protection Regulation (GDPR) took effect. Speaking before hundreds of senior business leaders at the Confederation of British...
Tripwire

OilRig Launching Attack Campaigns With Updated BONDUPDATER Trojan

The OilRig group conducted at least one attack campaign containing an updated variant of the BONDUPDATER trojan as its final payload. In August 2018, Palo Alto Networks’ Unit 42 threat research team detected an OilRig campaign targeting a high-ranking...
Tripwire

Beware the Homeless Homebuyer Real Estate Scam!

Security professionals are warning users who are or soon will be engaged in real estate transactions to watch out for the “homeless homebuyer” scam. On 10 September, Verdict built upon its coverage of account takeover attacks found in its...
Tripwire

Tesla Encouraging “Good Faith” Security Research in Bug Bounty Program

Electric vehicle manufacturer Tesla is encouraging what it calls “good faith” security research in its bug bounty program. In its vulnerability disclosure program, Tesla says it welcomes “the community to participate in our responsible reporting process” for the company’s...
Tripwire

Compromised Chrome Extension Snooped on Users’ Credentials, Cryptocurrency Private Keys

Someone compromised a Google Chrome extension with malicious code designed to snoop on users’ account credentials and cryptocurrency private keys. On 4 September, a security researcher who goes by the name “SerHack” tweeted out a warning about version 3.39.4...
Tripwire

Police Investigating Data Breach at Chinese Hotel Group

Local authorities are currently investigating a data breach at a Chinese hotel group that could have exposed customers’ personal information. According to the Xinhua state news agency, Shanghai police launched an investigation into a data security incident involving Chinese...
Tripwire

Air Canada Alerts Customers of Mobile App Breach, 20,000 Users Affected

Air Canada announced on Wednesday that approximately 20,000 customers may have had their personal information compromised after a data breach in its mobile app. As a result, the airline says it locked down all 1.7 million accounts until users update...
Tripwire

Instagram to Support Authenticator Apps for Improved 2FA Feature

Instagram announced its plan to support third-party authenticator apps as part of an improved two-factor authentication (2FA) feature. On 28 August, Instagram co-founder and CTO Mike Krieger unveiled the photo- and video-sharing social networking service’s upcoming support for third-party...
Tripwire

Bank of Spain Reveals Its Website Suffered a DoS Attack

The Bank of Spain revealed that bad actors used a denial-of-service (DoS) attack to temporarily disrupt access to its website. On 27 August, a spokesperson for Spain’s central bank disclosed the attack. They clarified that that incident didn’t affect...

Breach at US Retailer SHEIN Hits Over Six Million Users

Breach at US Retailer SHEIN Hits Over Six Million UsersUS fashion retailer SHEIN has admitted suffering a major breach affecting the personal information of over six million customers. The women’s clothing company revealed at the end of last week that...
The Register

Bug? Feature? Power users baffled as BitLocker update switch-off continues

Microsoft claims issue confined to older kit Three months on, users continue to report that Microsoft's BitLocker disk encryption technology turns itself off during security updates.…
ZDNet

UK issues first-ever GDPR notice in connection to Facebook data scandal

Canadian firm AggregateIQ, linked to the Facebook & Cambridge Analytica data scandal, is the first to be put on notice.
SecurityWeek

Symantec Completes Internal Accounting Investigation

Symantec announced on Monday that it has completed its internal accounting audit, and while some issues have been uncovered, only one customer transaction has an impact on financial statements. read more

Are Colleges Teaching Real-World Cyber Security Skills?

The cybersecurity skill shortage is a well-recognized industry challenge, but the problem isn’t that there are too few people rather that many of them lack suitable skills and experience. Cybersecurity is a fast-growing profession, and talented graduates are in...