Hacker Group threatens students and schools

According to a warning issued by the Cyber Division of the FBI and the Department of Education's Office of the Inspector General on 31 January, a hacker group called “TheDarkOverlord” (TDO) has tried to sell over 100 million private records and as for January, is responsible for over 69 attacks on schools and other businesses.

TDO is also allegedly responsible for the release of over 200,000 records including the PII of over 7,000 students due to nonpayment of ransoms.

The warning describes the group as “a loosely affiliated group of highly trained hackers” who, since April 2016, have “conducted various extortion schemes with a recent focus on the public school system.”

The warning says that TDO uses remote access tools to breach school district networks and steal sensitive data, which they then use to extort money from its victims, including students.

According to the report, TDO has also threatened violence in case of failure to meet demands.

Initially, TDO communicated their demands via email with threats of publicly releasing stolen data, but the warning notes that in September 2017, “TDO escalated its tactics by threatening school shootings through text messages and emails directed at students, staff, and local law enforcement officials.”

This caused several schools to shut down for few days as a precaution.

TDO was allegedly connected to multiple threats of violence on school campuses, however, the report says that while these threats caused panic, they “provided TDO with no apparent monetary gain.”

In a recent incident, TDO threatened to publicize the sensitive behavioral reports and private health information of students.

The FBI also recommends that victims do not give in to the ransom demands, as it does not guarantee regaining access to sensitive data. Rather, they advice to contact law enforcement, retain the original emails as evidence, and maintain a timeline of the attack, if possible.

Hacker sold Comcast's customers account information online

If we had to believe news reports, one hacker had sold , Comcast Corporation, formerly registered as Comcast Holdings is an American multinational mass media company and the largest broadcasting and largest cable company in the world by revenue, customers’ account information.

A news published in Chicago Tribune confirms that the concerned company has notified its 200,000 customers to change their email passwords after discovering their account information had been sold online via one website named “the dark web”, which is a collection of websites using anonymity tools to evade surveillance.

The spokesperson of Comcast confirmed that some 590,000 customers’ email accounts, including their names and passwords were put online for selling.

"The vast majority of the information that's out there was not accurate," Comcast spokeswoman said. "We discovered that about a third of the 590,000 were accurate.”

The hacker, who sold the account information, dubbed Orion said that he obtained the credentials when he popped a Comcast mail server in December 2013.

He told Vulture South that the breach yielded 800,000 Comcast credentials of which 590,000 contained cleartext passwords.

"So in 2013 December the f****s at NullCrew came across an exploit for Zimbra which Comcast used at this domain *****.comcast.net ," Orion says. "NullCrew only got [about] 27k emails with no passwords lol while I got 800k with only 590k users with plaintext passwords."

However, the company said it had "no evidence" of the December breach in which the then Zimbra directory traversal vulnerability (CVE-2013-7091) was exploited to gain access to the credentials.

The Recent TalkTalk security breach affects 157,000

Cyber attack on TalkTalk website has affected nearly 157,000 of its customers’, revealing  their personal details, company wrote on their website.

 The company said that customers should continue to reject any phone calls, text messages and emails. More than 15,600 bank account numbers and sort codes have been accessed.

TalkTalk have lost about a third of their share value since the news of the cyber-attack.

According to the firm  4% of their customers data are at risk. TalkTalk said: “Our ongoing forensic analysis of the site confirms that the scale of the attack was much more limited than initially suspected. It was a difficult decision to notify all our customers of the risk before we could establish the real extent of any data loss. We believe we had a responsibility to warn customers ahead of having the clarity we are finally able to give today.”

TalkTalk issued an updated statement stating:

  • In The total number of customers whose personal details were accessed is 156,959;
  • Of these customers, 15,656 bank account numbers and sort codes were accessed;
  • The 28,000 obscured credit and debit card numbers that were accessed cannot be used for financial transactions, and were ‘orphaned’, meaning that customers cannot be identified by the stolen data.

The company said that they have contacted the customers whose financial details were stolen, and will contact other affected customers “within the coming days”.

The cyber attack on TalkTalk's website happened on 21 October. Initially the firm described attack as "significant and sustained",  and stolen data includes names, addresses, dates of birth, telephone numbers and email addresses.

A 16-year-old  has been released this week, who was fourth accused in this case.

Till today four people have been arrested, includes three teenagers: a boy of 15 in Northern Ireland, a 16-year-old boy from west London, a 20-year-old Staffordshire, and a 16-year-old boy in Norwich. All four have been released on bail.

Cyber Attack on America’s Thrift Stores exposes credit card numbers

A charity store chain, America’s Thrift Stores discovered on Friday (October 09), that it had been become the victim of a malware-driven security breach which originated from a third-party service provider’s software to process credit card payments in Alabama, Georgia, Louisiana, Mississippi and Tennessee.

America’s Thrift Stores is a for-profit organization which operates 18 donations-based thrift stores throughout the southeast United States that collects used clothing and household items from local communities and sells them for a profit, which it shares with Christian charities.

The Birmingham-based company’s CEO, Kenneth Sobaski declared ina statement released that no customer names, phone numbers, addresses or emails were exposed, but credit card numbers were revealed.

The hack appears to have affected transactions between September 01 and September 27.
The organization cautioned the customers who feared for their data to be compromised to contact their card issuer or bank immediately, and to report any suspicious activity was discovered.

The malware has been removed from the stores’ computers, and purchases outside of those dates should not be at risk.

Security journalist, Brian Krebs stated in his blog that there were indications that data stolen from America's Thrift Store was already being used to create new counterfeit cards with details obtained from several banking sources who confirm a pattern of fraud on cards used at America’s Thrift Stores.

The company assured that U.S. Secret Service is investigating the breach.

The store chain employs over 1,000 employees and turns donated items into revenue to its non-profit partners for their causes. The store chain is estimated to pay out over $ 4 million annually toward its partners.

This store chain is not the only charity organization whose systems have been targeted by cyber criminals.

Last year, Goodwill Industries International’s system was breached which processed payments for twenty Goodwill members, representing roughly 10 percent of all stores.

Its investigation revealed that the attackers had access to the third party vendor’s systems for a year and a half, and leveraged point-of-sale (PoS) malware to steal data which they used for fraudulent purchases.

In these breaches, the problem does not arrive with the Operating system but the biggest problems have to do with various levels of access being given to third party businesses. The organizations fail miserably in protecting their level of access that makes these breaches possible and damaging.

The breach of America’s Thrift stores may be the repetition of Target breach that took place recently. Using easy passwords across the gamut of critical systems lead to such hacks. The Target’s security breach should have been a huge wake-up call for businesses everywhere to adapt and evolve their IT security practices.

Huge card breach at Hilton Hotel properties

Hilton Worldwide Holdings, Inc., an American global hospitality company formerly known as Hilton Worldwide and Hilton Hotels Corporation, has started its investigation after a security researcher Brian Krebs claimed that some hackers had compromised credit card data in gift shops and restaurants at a “large number” of Hilton Hotel and franchise properties across the United States.
The researcher said that the hackers broke into point-of-sale machines.

However, it is not clear that how many Hilton properties might get affected by the incident, that might have happened date back to November 2014, and may still be ongoing.

“In August, Visa sent confidential alerts to numerous financial institutions warning of a breach at a brick-and-mortar entity that is known to have extended from April 21, 2015 to July 27, 2015. The alerts to each bank included card numbers that were suspected of being compromised, but per Visa policy those notifications did not name the breached entity,” the researcher added.

He said that other five different banks had said that the common point-of-purchase for cards included in that alert had only one commonality. They were all were used at Hilton properties, including the company’s flagship Hilton locations as well as Embassy Suites, Doubletree, Hampton Inn and Suites, and the upscale Waldorf Astoria Hotels & Resorts.

“Hilton Worldwide is strongly committed to protecting our customers’ credit card information,” the company said in a statement. “We have many systems in place and work with some of the top experts in the field to address data security.  Unfortunately the possibility of fraudulent credit card activity is all too common for every company in today’s marketplace.  We take any potential issue very seriously, and we are looking into this matter.”

Hover reset its users’ password due to a possible Security Breach

Hover, Canada-based Internet services and telecommunications company Tucows, one of the world’s largest ICANN-accredited domain registrars, has reset its user passwords after discovering that one of its systems might have been breached.

Once it reset passwords, the company started sending emails to the customers on Tuesday.

“We are writing to let you know that we reset your password today. If you are unable to log into your Hover account, you will need to use the “I forgot my password” option on the sign in page to change your password,” the email read.

“We did this as a precautionary measure because there appears to have been a brief period of time when unauthorized access to one of our systems could have occurred. We have no evidence at all that any Hover accounts have been accessed, but even the possibility that this could have happened moved us to err on the side of extreme caution,” the company explained to its customers.

According to a post in SecurityWeek, unfortunately, as it often happens, the emails sent out by Hover have been mistaken for phishing attempts due to the URLs they contain.

However, the company confirmed it in twitter that the password reset emails are legitimate and clarified that the links have likely been changed by MailChimp, the email marketing product that was used to send out the notifications.

“That email was indeed from us. The links were changed when sending out through MailChimp. Sorry for the confusion,” Hover replied one of its followers in Twitter.

The company told SecurityWeek on Monday that it had not been able to determine the exact attack vector used by the hackers. However, it suspected that they may have leveraged a zero-day exploit since the breached server was fully patched.

Database breach occurs at Hanesbrands Inc.

Hanesbrands Inc. has reported that a database of their's containing 900 thousand contact details about their carious customers has been breached.

The hacker gained access to the database by posing as a guest on the brands website while checking out something.

The hacker got access to addresses, phone numbers and last four digits of a credit or debit card of customers according to Hanesbrands Inc.

The breach happened in the last month of June according to Hanesbrands spokesman Matt Hall and does not affect the retail stores of the brand.

The brand had themselves been contacted by the hacker to inform them of the breach.

PagerDuty hacked, update your password by Monday

After almost a month, PagerDuty, which provides alerting, on-call scheduling, escalation policies and incident tracking to increase uptime of your apps, servers, websites and databases, has confirmed that it detected an unauthorized intrusion on July 9 by an attacker who gained access to some information about their customers.

The PagerDuty has asked its users to set new strong passwords at this time. The users that do not reset their password by Monday, August 3rd at 12:00pm Pacific Time will be automatically logged out of the website and will receive an email prompting them to reset their password. At no time will alert delivery be affected by this process.

It posted on July 30 that within a few hours of the intrusion, its team stopped the attack. A leading cyber security forensics firm has been hired to investigate the attack.

“We immediately took steps to mitigate the issue, including enhancing our monitoring and detection capabilities, and further hardening our environment,” the blog read.

According to the company concerned, it has not found any evidence that corporate, technical, financial, or sensitive end user information, including phone numbers, was exposed by this incident.

“We do not collect customers’ social security numbers and we do not store or have access to customer credit card numbers. This incident also had no impact on our ability to provide services to our customers. We also notified law enforcement and are cooperating fully with their investigation into this matter,” the company added.

The company said that as per its investigation, the attacker bypassed multiple layers of authentication and gained unauthorized access to an administrative panel provided by one of our infrastructure providers. With this access, they were able to log into a replica of one of PagerDuty’s databases. The evidence indicates that the attacker gained access to users’ names, email addresses, hashed passwords and public calendar feed URLs.

The company has recommend that its customers to reset calendar feed URLs and revoke and re-add access to any mobile devices linked to their PagerDuty account.

“PagerDuty will never ask for your password or other sensitive information via email,” the company said.

Moonpig hacked, Emial IDs, passwords compromised

The online personalized card company, Moonpig, has blocked an unspecified number of accounts of customers after users’ details were published online.

According to the company’s website, customers’ email addresses, passwords and account balance had been made public. However, they stress that the source of passwords was not their site, but from other online sites where users use similar passwords.

“As a precautionary measure, we promptly closed our Moonpig site and apps to help us investigate and contain this issue. Following these investigations, we now have strong evidence that the customer email addresses and passwords we identified were taken previously from other third party websites, and not directly from Moonpig.com."

"This data was then used to access the account balances of some of our Moonpig.com customers. As a reminder, we do not store full credit card information ourselves so this data was not accessible in any event.”

Moonpig  has contacted affected customers, and advised  them to  reset their passwords and ensure that they are not reusing the same passwords anywhere else on the net

Do Organizations Fail to Care about your Medical data? UCLA Hacked

Hospital network of the University of California, Los Angeles was broke out by a team of hackers resulting in access of sensitive records of 4.5 million people.

According to the university, the data stolen includes names, Medical information, Medicare numbers, health plan IDs, Social Security numbers, birthdays and physical addresses.

This breach could have affected  people’s who has visited, or worked at the university's medical network, UCLA Health, that includes its four hospitals and 150 offices across Southern California.

The first attempt to hack the network was done in September 2014.  UCLA Health  announced on Friday - two months after it discovered the data breach. The university network alarm "detected suspicious activity," and UCLA Health called in the FBI for help.

"At that time, it did not appear that the attackers had gained access to the parts of the network that contain personal and medical information," UCLA Health said in a statement.

The hospital group is now notifying staff and patients, and offering them one year of identity theft recovery services.

Dr. James Atkinson, UCLA Hospital System's president, apologized to the public in a statement. And noted that hospital group is under constant attack from all over the world.

Organizations handling such kind of sensitive information should not only have physical security but also have a proper Cyber security protection. Organizations should understand importance of Cyber security before they fall victim to cyber attacks.

Credit card data breach at Online Photo service, customers of CVS, Walmart Canada and others affected

Consumer Value Stores (CVS), which is the second largest pharmacy chain after Walgreens in the United States with more than 7,600 stores, has temporarily taken down its online photo center CVSphoto.com after a hacking attack.

 “We have been made aware that customer credit card information collected by the independent vendor who manages and hosts CVSPhoto.com may have been compromised,” the company posted in its website’s homepage content.

Brain Krbes pointed out in his blog that other companies already reporting similar data breach and took down their webpages related to the online photo service.

Those online photo services have been maintained by a company called PNI Digital Media.

Companies including Costco, Walmart Canada, Rite Aid displayed a message in their photo site informing about the security breach.

In a noticed displayed on the Rite Ad's photo site, it is said that information including name, address, phone number, email IDs, photo account password and Credit Card data affected

However, Rite Ad said "PNI does not process credit card information on Rite Aid’s behalf and PNI has limited access to this information."

The Consumer Value Stores said Financial transactions done on their main website CVS.com and in-store are not affected.

Hershey to provide card monitoring service, after a data breach

Hershey, which operates The Hotel Hershey, Hersheypark Entertainment complex and other facilities, is providing a year of card monitoring service to those guests whose financial information may have exposed to its Pennsylvania hotels, amusement park and other venues.  

According to a news report published on Action News, the company is working with a security firm to resolve the issue.

The company said that those cards used at its properties within Feb. 14 to June 2 may have been compromised. It did not find evidence that information was removed from its system.

However, some of its guests have reported unauthorized charges on cards used at its properties.

The company said that a malicious program was installed in its payment system that extracted payment card data, including a cardholder's name, card number and expiration date.

Detroit Zoo victim of a data breach

Service Systems Associates,  third-party operator of the  Detroit Zoo was recently the victim of a data security breach.

The credit and debit card information’s were used for purchases at the zoo’s gift shops over a three-month period.

Patricia Janeway, zoo spokeswoman said that “In addition to credit and debit card numbers, the cyber hackers reportedly gained access to card holders’ names, card expiration dates and three-digit CVV security codes.”

After SSA learned of the data breach, they  installed a separate credit card processing system at its retail outlets.

In preliminary forensic  investigation it was revealed that there was a malicious software,  in SSA’s software.

“We are obviously concerned that the vendor’s system was compromised,” said Gerry VanAcker, chief operating officer of the zoo. “Transactions made since June 26 are not affected by the previous break and it is safe to use a credit or debit card at SSA’s retail locations.”

“The zoo’s IT systems -- including those used for ticket and membership sales -- were not affected by the data breach and are secure,” Janeway said.

Up-to-date information has been provided by the vendor at www.detroitzoo.org/Plan/shopping-in-the-zoo.

For additional information visit www.kmssa.com/creditcardbreach/

Harvard network systems breached last month

Network systems at Harvard's Faculty of Arts and Sciences and Central Administration were breached last month, according to a security report on the Harvard website.

Harvard is working with an external security investigator to figure out who breached their network, and why?

In the meantime, they have said that as of now, no data is at risk, but still recommend that users take a few precautions.

Harvard has asked members of Faculty of Arts and Sciences, Harvard Divinity School, Radcliffe Institute for Advanced Study and Central Administration t change the password of their Harvard accounts.

They have also asked members of Graduate School of Design, Harvard Graduate School of Education, Harvard John A. Paulson School of Engineering and Applied Sciences, or Harvard T.H. Chan School of Public Health to change their email passwords.

Donald Trump’s Hotels face credit card breach: Report

The Trump Hotel Collection, a chain of luxury hotel properties tied to business magnate and now Republican presidential candidate Donald Trump, may have been the latest victim of a credit card breach, according to KrebsonSecurity.

According to a report posted on Wednesday, as per the data shared by several U.S.-based bank, the hotel collected appears to the latest victim of credit card breach.

At first when they had contacted the company regarding reports from sources at several banks who traced a pattern of fraudulent debit and credit card charges to accounts that had all been used at Trump hotels, it refused to comment.

However, the company later issued a brief statement from Eric Trump, executive vice president of development and acquisitions.

“Like virtually every other company these days, we have been alerted to potential suspicious credit card activity and are in the midst of a thorough investigation to determine whether it involves any of our properties,” the statement reads. “We are committed to safeguarding all guests’ personal information and will continue to do so vigilantly.”

However, it is confirmed from various sources in the financial industry, the company has little doubt that Trump properties in several U.S. locations including Chicago, Honolulu, Las Vegas, Los Angeles, Miami, and New York are dealing with a card breach that appears to extend back to at least February 2015.

According to the report, the incident would be the latest in a long string of credit card breaches involving hotel brands, restaurants and retail establishments.

“Magnetic-stripe based cards are the primary target for hackers who have been breaking into retailers like Target and Home Depot and installing malicious software on the cash registers: The data is quite valuable to crooks because it can be sold to thieves who encode the information onto new plastic and go shopping at big box stores for stuff they can easily resell for cash,” the report reads.

It is said that merchants that have not yet installed card readers In October 2015 and accept more secure chip-based cards will assume responsibility for the cost of fraud from counterfeit cards.

While experts believe it may be years after that deadline before most merchants have switched entirely to chip-based card readers.

Penn State University Becomes Victim To Yet Another Cyberattack

Penn State announced that it has detected another cyber attack.  The recent attack has been confirmed by the university on its’s College of Liberal Arts server. 
Penn State has stated that several systems have been compromised by cyberattacks; which have been accounted as two in number by anonymous threats.

FireEye cyber forensic unit, Mandiant has taken over the case and has been trying to investigate and analyse the attacks, that took place on the 4th of May; Seven weeks since then, the university now states that no harm has occurred in regards to the personally identifiable information(PII) or any other research data, since the it had introduced advances cybersecurity measures after the attacks on the College of Engineering servers.

Mandiant’s spokesperson, Nick Pelletier revealed that the attacks took place for the first time in 2014 within a 24-hour time period, while the latter breach was taken into action during March to May in 2015. Mandiant is not sure if the attackers are the same chinese group that attacked engineering.

Nick Jones, vice-president of Penn State in an official statement said that advanced monitoring systems have been introduced into the entire university network with constant support of Mandiant and the the attackers will be soon tracked down.

The attacks in the state university systems have created a threat for federal systems. Where any PII or research data was not compromised, some college-issued usernames and passwords were stolen and accessed. As a result, all the compromised accounts are being renewed and more information can be gathered from http://securepennstate.psu.edu.

St.Mary's Bank reissue debit cards after merchant data breach

St. Mary’s Bank has initiated the process for issuing new debit cards and ATM PINs to over 5000 customers in a response to a merchant-related breach.

The bank had noticed peculiar activities in certain accounts, which were small transactions viz. $99. 

This was taken as small purchases at locations near New Hampshire and hence was not taken seriously. When the matter was taken into consideration, the officials were able to shut the compromised cards and later the matter was further investigated.

The cards were being hacked at a national retailer, from where the numbers were being sold online. After which, the accounts were tracked and phony numbers were tied to the real accounts, causing illegal access to all the accounts. 

Elizabeth Stodolski, vice president of marketing, said the bank has taken a precaution by cancelling a total of 5,029 debit cards to prevent further fraudulent transactions to take place. The old cards have been deactivated and all the customers have been personally notified about the current situation and the protocols in action.

All the customers have been asked to go to their nearest branch and get reimbursed for their losses, for which St. Mary’s Bank has taken full responsibility. 

The reports did not specify what merchants were affected and how they got compromised.  Often, Cyber criminals use POS malware or skimming device to get the card details.   

But, the question is what if suppose cyber criminals again compromise the card information. Are banks going to provide new cards again?

Pharmacy chain Fred's Inc. probes security breach

Fred’s Inc., a US-based discount retailer and pharmacy chain, has probed a possible security breach.

With multiple breaches being identified by KrebsOnSecurity on various stores across the country, it was detected by them that Fred’s Inc., had a credit card violation from the malware installed directly on the company's point-of-sale systems.

 Cybersecurity journalist Brian Krebs confirmed that Fred’s is the latest victim of the breach and issued the following statement:

“ Fred’s Inc. recently became aware of a potential data security incident and immediately launched an internal investigation to determine the scope of the issue. We retained Mandiant, a leading independent forensics firm, to examine our data security systems.

We want to assure our customers that protecting their information is one of our top priorities and we are taking this potential incident very seriously. Until this investigation is completed, it will be difficult to determine with certainty the scope or nature of any potential incident, but we will continue to work vigilantly to address any potential issues that may affect our customers.”

This is the only information available and Fred’s have hired investigators to look into the matter. But Kreb’s sources have said that “the pattern of fraudulent charges traced back to Fred’s stores across the company’s footprint in the Midwest and south, including Alabama, Arkansas, Georgia, Indiana, Kentucky, Louisiana, Mississippi, Tennessee and Texas.”

Fred’s Inc., has around 650 stores in more than a dozen states in the United States.

Algonquin College server hacked but no information stolen

The information of more than a thousand former students was put at risk when somebody hacked the servers of Algonquin College in Ottawa.

According to college authorities, 1,225 students in the Bachelor of Information Technology and Bachelor of Science in Nursing programs are affected by the data breach.

The college immediately shut down the servers as soon as it became aware about the hack and claims that no data was transferred or taken from the servers.

A cyber team is determining how the attack could have happened and has said that it has found many more intruders in the system.

The college is covering the expenses for credit monitoring services for all those whose information was put at risk due to the hack.

China blamed for Security breach at OPM, affects current and former federal employees

The computer system of the Unites State’s Office of Personal Management was hacked by the  Chinese hackers. They  will send notifications to approximately 4 million individuals whose personal data including personally identifiable information (PII) may have been compromised.

OPM detected a cyber-intrusion affecting its information technology (IT) systems and data in April 2015. The  hackers used the tougher security controls to intrude.

The U.S. Department of Homeland Security’s Computer Emergency Readiness Team (US-CERT) and the Federal Bureau of Investigation (FBI)  are investigating the full impact to Federal personnel.

After the intrusion additional network security precautions has been added  by the OPM. These includes: restricting remote access for network administrators and restricting network administration functions remotely; a review of all connections to ensure that only legitimate business connections have access to the internet; and deploying anti-malware software across the environment to protect and prevent the deployment or execution of tools that could compromise the network.

Credit monitoring and identify theft insurance, and recovery services are offered by OPM to  potentially affected individuals through CSID®, a company that specializes in these services.

“Protecting our Federal employee data from malicious cyber incidents is of the highest priority at OPM,” said OPM Director Katherine Archuleta. “We take very seriously our responsibility to secure the information stored in our systems, and in coordination with our agency partners, our experienced team is constantly identifying opportunities to further protect the data with which we are entrusted.”

This hack was second major intrusion by China in less than a year, and largest breach of federal employee data in recent years.

“China is everywhere,” said Austin Berglas, head of cyber investigations at K2 Intelligence and a former top cyber official at the FBI’s New York field office. “They’re looking to gain social and economic and political advantage over the United States in any way they can. The easiest way to do that is through theft of intellectual property and theft of sensitive information.”