Zaid Shoorbajee – Page 27 – WindowsTechs.com

Whole Foods says it has ‘resolved’ point-of-sale breach incident

Posted on October 20, 2017 by Zaid Shoorbajee

Whole Foods says it has resolved a data breach that it reported last month, in which the company detected unauthorized access to credit card information in some point-of-sale systems. The grocery chain released a statement Friday that it investigated the incident with law enforcement and “a leading cyber security forensics firm.” The company said it has stopped the unauthorized access and replaced the compromised point-of-sale systems. Whole Foods detected unauthorized software on its payment systems that serve taprooms and restaurants at some of its stores, the statement said. The company says those payment systems are separate from its main grocery store point-of-sale systems. “The software copied payment card information—which could have included payment card account number, card expiration date, internal verification code, and cardholder name—of customers who used a payment card at these venues,” the company said. Whole Foods has not said how many customers may have been impacted, but did say that the impact falls […]

The post Whole Foods says it has ‘resolved’ point-of-sale breach incident appeared first on Cyberscoop.

Continue reading Whole Foods says it has ‘resolved’ point-of-sale breach incident→

Booz Allen Hamilton seeks to boost commercial cybersecurity service with new acquisition of startup

Posted on October 20, 2017 by Zaid Shoorbajee

Management consulting firm Booz Allen Hamilton is acquiring Morphick, a small, Cincinnati-based cybersecurity firm which has developed a digital platform for threat detection, breach investigation and response. Booz Allen Hamilton announced the agreement to purchase Morphick in a press release on Friday, saying the acquisition will bolster the cybersecurity profile available to clients. Company executives explained that the acquisition will complement existing cybersecurity services already provided by Booz Allen Hamilton. “The addition of the Morphick team and technology further solidifies the firm’s ability to solve increasingly advanced cyber challenges,” said Booz Allen Hamilton President and CEO Horacio Rozanski. The consulting giant already offers threat intelligence products through another service called Cyber4Sight. Morphick, a firm of about 40 people, sells a managed detection and response service, which can provide “organizations with the ability to effectively detect and remediate cyber attacks of all types; ranging from zero-day exploits and privilege escalation to ransomware,” according to […]

The post Booz Allen Hamilton seeks to boost commercial cybersecurity service with new acquisition of startup appeared first on Cyberscoop.

Continue reading Booz Allen Hamilton seeks to boost commercial cybersecurity service with new acquisition of startup→

Google releases new email, browser security features to prevent common hacking issues

Posted on October 17, 2017 by Zaid Shoorbajee

Google has rolled out new security features for users of Gmail and Drive, as well as its Chrome web browser. For Gmail and Drive users, Google is offering an opt-in feature called the Advanced Protection Program, aimed at those who are more prone to online threats because of the nature of their work. The company announced the program in a blog post on Tuesday. “We took this unusual step because there is an overlooked minority of our users that are at particularly high risk of targeted online attacks,” the post says. “For example, these might be campaign staffers preparing for an upcoming election, journalists who need to protect the confidentiality of their sources, or people in abusive relationships seeking safety.” That could be seen as a reference to John Podesta, the Hillary Clinton campaign adviser whose who fell for a phishing scam, giving Russian hackers access to his Gmail account […]

The post Google releases new email, browser security features to prevent common hacking issues appeared first on Cyberscoop.

Continue reading Google releases new email, browser security features to prevent common hacking issues→

Germany contradicts U.S. suspicions about Russian cybersecurity firm Kaspersky

Posted on October 11, 2017 by Zaid Shoorbajee

German cybersecurity authorities said on Wednesday that they have not seen evidence that Russians used Moscow-based Kaspersky Lab products to spy on U.S. authorities. The statement, first reported by Reuters, challenges the narrative that Russia is using the company’s antivirus software to spy on U.S. government employees who run the company’s products on their own computers. Germany’s BSI, or Federal Office for Information Security, said it doesn’t warn against using Kaspersky products because it has no evidence of wrongdoing by the Russian company or weaknesses in its software. Kaspersky has been under scrutiny recently as U.S. officials have suspected that the Moscow-based company’s software is being used by the Kremlin to spy on the U.S. The New York Times reported Tuesday that Israeli intelligence officers found evidence on Kaspersky’s networks that Russian hackers used Kaspersky anti-virus software to search for information about U.S. intelligence programs. That effort successfully found sensitive documents improperly stored on an NSA […]

The post Germany contradicts U.S. suspicions about Russian cybersecurity firm Kaspersky appeared first on Cyberscoop.

Continue reading Germany contradicts U.S. suspicions about Russian cybersecurity firm Kaspersky→

U.S. voting machines are easily hackable, DEF CON report says

Posted on October 11, 2017 by Zaid Shoorbajee

A number of voting machines used in U.S. elections are easily hackable, a report from DEF CON, one of the world’s largest hacker conventions, found. The report is based on the Voting Village experiment at July’s DEF CON conference in Las Vegas. Over the course of four days, hackers were invited to explore and tinker with voting machines to expose their vulnerabilities. Hackers with physical access to the systems were able to compromise some of the machines within minutes. Over the course of the experiment, each of the two dozen machines was breached in some way, the report notes. The findings were presented by a panel of hackers and cybersecurity experts on an Atlantic Council panel on Tuesday, which included DEF CON founder Jeff Moss. “These machines were pretty easy to hack,” Moss said. “This flies in the face of the narrative that’s been spun by the manufacturers, which is […]

The post U.S. voting machines are easily hackable, DEF CON report says appeared first on Cyberscoop.

Continue reading U.S. voting machines are easily hackable, DEF CON report says→

Congress rips ex-Equifax CEO over breach: ‘I don’t think we can pass a law that … fixes stupid’

Posted on October 3, 2017 by Zaid Shoorbajee

Lawmakers shamed former Equifax CEO Richard Smith Tuesday over the company’s humongous data breach, scolding him over everything from allowing the breach to happen to the long list of issues that stemmed from the company’s public response. Smith took questioning from the House Energy and Commerce’s Subcommittee on Digital Commerce and Consumer Protection, the first of three breach-related hearings scheduled for this week. While the panel lambasted him for the company’s actions, Smith offered little details outside of his prepared testimony. In an exchange with Rep. Greg Walden, R-Ore., Smith explained that the breach occurred because IT and security personnel at Equifax failed to find and patch the software vulnerability after being notified by the Department of Homeland Security. “It appears this breach happened because the company didn’t know it was running certain software on it’s system,” Walden said. “How does this happen when so much is at stake? I don’t think […]

The post Congress rips ex-Equifax CEO over breach: ‘I don’t think we can pass a law that … fixes stupid’ appeared first on Cyberscoop.

Continue reading Congress rips ex-Equifax CEO over breach: ‘I don’t think we can pass a law that … fixes stupid’→

SEC admits 2016 breach exposed personally identifiable information

Posted on October 2, 2017 by Zaid Shoorbajee

The Securities and Exchange Commission announced Monday that the personal information of two people had been compromised in a database breach announced last month. The announcement reverses Chairman Jay Clayton’s previous statements about whether the breach exposed anyone’s personal information. “The ongoing staff investigation of the 2016 intrusion has now determined that an EDGAR test filing accessed by third parties as a result of that intrusion contained the names, dates of birth and social security numbers of two individuals,” an SEC press release published Monday notes. The SEC said that its ongoing investigation uncovered this new information after Clayton initially disclosed the breach in a Sept. 20 statement. The agency is offering the two unidentified individuals “identity theft protection and monitoring services,” according to the aforementioned press release. The commission has two separate, ongoing investigations into how the breach occurred and whether it resulted in illicit trading. The SEC said it is also […]

The post SEC admits 2016 breach exposed personally identifiable information appeared first on Cyberscoop.

Continue reading SEC admits 2016 breach exposed personally identifiable information→

Amid data breach crisis, SEC head tells Congress he doesn’t know much

Posted on September 26, 2017 by Zaid Shoorbajee

Securities and Exchange Commission chairman Jay Clayton told a panel of Senators on Tuesday that an investigation into his agency’s recently revealed data breach is ongoing and that he is looking to hire additional staff to help protect the agency’s network and data. Sitting before the Senate Banking, Housing and Urban Affairs Committee, Clayton fielded questions about the SEC breach as well as the Equifax breach, which occurred last month. In a lengthy written statement released last week, Clayton said that the SEC detected a breach into its EDGAR system in 2016. The database houses corporate disclosures that are not always immediately available to the public, meaning it could be used for insider trading. Clayton told the committee that the breach was made possible by a defect in a custom piece of software used by the independent regulator. While an exact timeline of the breach is unclear, a fix was pushed […]

The post Amid data breach crisis, SEC head tells Congress he doesn’t know much appeared first on Cyberscoop.

Continue reading Amid data breach crisis, SEC head tells Congress he doesn’t know much→

SEC reveals 2016 breach that may have led to insider trading

Posted on September 21, 2017 by Zaid Shoorbajee

The Securities and Exchange Commission revealed Wednesday that a database housing detailed financial reports was breached last year. SEC chairman Jay Clayton said in a statement that while the breach was detected last year, it wasn’t until last month that the SEC suspected the hackers used the compromised information for insider trading. The compromised database is known as EDGAR (Electronic Data Gathering, Analysis, and Retrieval) and stores sensitive corporate disclosures that are not yet available to the public. That kind of information can give traders an unfair and illegal advantage if it is used for stock trading. “Specifically, a software vulnerability in the test filing component of our EDGAR system, which was patched promptly after discovery, was exploited and resulted in access to nonpublic information,” the Clayton said. The SEC doesn’t believe that the breach disrupted its operations or gave hackers access to personal information. The revelation came in brief part of a statement […]

The post SEC reveals 2016 breach that may have led to insider trading appeared first on Cyberscoop.

Continue reading SEC reveals 2016 breach that may have led to insider trading→

FedEx attributes $300 million loss to NotPetya ransomware attack

Posted on September 20, 2017 by Zaid Shoorbajee

FedEx reported an estimated $300 million loss in its first quarter earnings report Tuesday, attributing the loss mostly to a computer virus that impacted the company’s operations across Europe in July. The package delivery company’s Dutch subsidiary, TNT Express, was infected with the NotPetya ransomware virus in late June. NotPetya hit companies in Ukraine in late June and soon spread to other countries. Much of TNT Express’s operations are based in Ukraine. The attack froze users’ computers, encrypted their files and demanded a ransom of $300 in Bitcoin to regain access. Cybersecurity researchers found, however, that regardless of whether a victim paid the ransom for NotPetya, data on infected computers may be deleted. The earnings report released Tuesday by FedEx notes that most of TNT’s services resumed after the attack and “substantially all” its critical operational systems are back up and running, but volume, revenue and profits were negatively impacted. […]

The post FedEx attributes $300 million loss to NotPetya ransomware attack appeared first on Cyberscoop.

Continue reading FedEx attributes $300 million loss to NotPetya ransomware attack→