Author Archives: Zaid Shoorbajee

British Airways has some good news and bad news about its payment breach

Posted on by

British Airways has made significant revisions to its account of how many payments may have been compromised in a card-skimming breach the airline reported last month. Additional incidents have been discovered, but the original reported exposure was smaller than announced, the company said. The company said on Thursday that it identified an additional window of time when payments were exposed by hackers, and is freshly notifying about 185,000 affected accounts. Of the new number, the airline says that 77,000 card holders had basic billing information as well as card number, expiration date and CVV (the security code usually on the back of the card) exposed. The other 108,000 did not have the CVV exposed. The airline says the newly identified incidents involve rewards bookings between April 21 and July 28. Those dates are separate from British Airways’ initial disclosure last month. British Airways said at the initial disclosure in September that it notified 380,000 customers of the […]

The post British Airways has some good news and bad news about its payment breach appeared first on Cyberscoop.

Continue reading British Airways has some good news and bad news about its payment breach

Facebook gets fined £500,000 by U.K. for Cambridge Analytica ordeal

Posted on by

Facebook is getting hit with the maximum penalty allowable under United Kingdom law for a scandal in which the social media website failed to keep user data out of the hands of the political research firm Cambridge Analytica. The U.K. Information Commissioner’s Office (ICO) announced on Thursday that it is fining Facebook £500,000 ($664,000) for “serious breaches of data protection law.” The ICO initially announced its intent to levy the fine in July. “Facebook failed to sufficiently protect the privacy of its users before, during and after the unlawful processing of this data. A company of its size and expertise should have known better and it should have done better,” said Elizabeth Denham, the U.K.’s information commissioner said, in a statement. The ICO fine is the maximum that U.K. law allowed at the time the Cambridge Analytica ordeal went down, the office said. That’s based on the Data Protection Act […]

The post Facebook gets fined £500,000 by U.K. for Cambridge Analytica ordeal appeared first on Cyberscoop.

Continue reading Facebook gets fined £500,000 by U.K. for Cambridge Analytica ordeal

Arctic Wolf Networks raises $45 million for cloud SOC platform

Posted on by

Arctic Wolf Networks, a company that sells a “SOC-as-a-service” platform, announced on Thursday that it raised $45 million Series C funding. The company provides a cloud-based security operations center (SOC), which gives customers access to Arctic Wolf’s AI-dirven threat detection platform as well as its “Concierge Security Engineers.” The offering is meant to give customers threat detection capabilities without having to built their own on-premise SOC. Arctic Wolf argues that this approach is more economical given the shortage of cybersecurity skills and “cost-prohibitive nature” for building a SOC from scratch. CEO and co-founder Brian NeSmith said in a press release that the new funding will go toward further developing Arctic Wolf’s vulnerability assessment and endpoint detection and response (EDR) capabilities. “Our growing team of security engineers is redefining the economics of security to protect companies of all sizes,” NeSmith said in a press release. “In addition to supporting continued company […]

The post Arctic Wolf Networks raises $45 million for cloud SOC platform appeared first on Cyberscoop.

Continue reading Arctic Wolf Networks raises $45 million for cloud SOC platform

Researcher finds trove of political fundraising, old voter data on open internet

Posted on by

A consulting firm that works with Democratic campaigns unknowingly left sensitive fundraiser information and credentials to old voter record databases open on the internet, according to a report published on Wednesday. Cybersecurity company Hacken says it discovered an unprotected Network Attached Storage (NAS) device managed by Rice Consulting, a Maryland firm that provides fundraising and mass communication to Democratic clients. Authentication was reportedly disabled on the NAS, and Hacken says that it was indexed by Shodan, an Internet-of-Things search engine. With its contents publicly accessible, the NAS revealed details about Rice Consulting’s clients as well as details about “thousands of fundraisers,” Hacken says. Those details include names, phone numbers, emails, addresses and companies. There were apparently also contracts, meeting notes, desktop backups and employee details. Rice Consulting did not respond to an email request for comment on the Hacken report. When CyberScoop called the firm, the person who answered said […]

The post Researcher finds trove of political fundraising, old voter data on open internet appeared first on Cyberscoop.

Continue reading Researcher finds trove of political fundraising, old voter data on open internet

Experts advocate for ‘ATT&CK’ as go-to framework to share threat intel

Posted on by

Different cybersecurity companies have their own unique ways of talking about the threats they track. That can be frustrating when they need to share critical information about APT28, Fancy Bear, Sofacy or STRONTIUM — all of which are names used by different companies for one prominent Russian hacking group. Experts say that the “ATT&CK” framework — a model for organizing detailed information about how a threat group behaves — has been gaining in popularity and helping organizations share threat intelligence. MITRE Corp., a federally funded nonprofit organization that manages public-private technology partnerships, started developing ATT&CK in 2013. The group says the framework has ballooned into a popular way for people performing different roles in cybersecurity to speak the same language. MITRE held its first ever ATT&CKcon on Tuesday in McLean, Virginia, where various vendors convened to discuss how the framework has streamlined their practice of threat intelligence sharing. ATT&CK provides defenders with spreadsheet-style matrices that […]

The post Experts advocate for ‘ATT&CK’ as go-to framework to share threat intel appeared first on Cyberscoop.

Continue reading Experts advocate for ‘ATT&CK’ as go-to framework to share threat intel

CMS portal breach exposes 75,000 individuals’ records

Posted on by

An online portal run by the Centers for Medicare & Medicaid Services experienced a breach last week, giving hackers access to 75,000 people’s files, the agency announced on Friday. The breached portal is one used by health insurance agents and brokers assisting people with direct enrollment in the government’s Federally Facilitated Exchanges (FFE). CMS did not say what kind of information the exposed records contain or whether they belong to agents and brokers or insurance-seekers. “While this is a small fraction of consumer records present on the FFE, any breach of our system is unacceptable,” the agency said. CMS said it began investigating “anomalous system activity” on Saturday, Oct. 13 and declared a breach the following Tuesday. The agency did not say why it waited until Friday to publicly disclose the breach. CMS, an agency within the Department of Health and Human Services, did not respond to a request for […]

The post CMS portal breach exposes 75,000 individuals’ records appeared first on Cyberscoop.

Continue reading CMS portal breach exposes 75,000 individuals’ records

The key to protecting the midterms is resilience for election systems, experts say

Posted on by

With less than three weeks until the midterm elections, a lot of work has gone into preparing for the threat of election interference. But experts speaking at the CyberTalks conference on Thursday acknowledged that disaster could still strike, and that the officials who run U.S. elections have to be armed with proper resources and resilient systems. “We’re not seeing activity right now relating to direct election hacking. We’re not seeing anything right now along the lines of 2016, and that frankly makes me a little nervous,” said Homeland Security Undersecretary Chris Krebs. “So we’re working aggressively with our partners, the state and local [officials] to work through what an adversary could do with a two-and-a-half-week lead-up to the midterm elections.” U.S. intelligence officials have stressed over the past two years that Russia attempted to interfere in the 2016 election. Krebs said the hope is now to avoid a “failure of […]

The post The key to protecting the midterms is resilience for election systems, experts say appeared first on Cyberscoop.

Continue reading The key to protecting the midterms is resilience for election systems, experts say

GitHub rolls out new token scanning, security alert features

Posted on by

GitHub on Tuesday announced several new security features that aim to help developers stay on top of vulnerabilities and keep sensitive data, like access tokens, out of publicly available code. “The security challenges that underpin software today are community problems—not just the burdens of individual CISOs, IT admins, and open source maintainers,” GitHub said in a blog post. “With the breadth of data and connections GitHub maintains as the leading software development platform, we have a responsibility to protect the community from cybersecurity threats and enhance security for all.” The company announced the launch of the public beta of a token scanning feature. Security tokens are digital keys that allow individual users of a service to stay logged in. GitHub says it will scan people’s public repositories for token formats and notify the provider if it finds any. The scans will look out for tokens provided by Amazon Web Services, […]

The post GitHub rolls out new token scanning, security alert features appeared first on Cyberscoop.

Continue reading GitHub rolls out new token scanning, security alert features

WhiteSource raises $35 million for open source flaw detection platform

Posted on by

WhiteSource, a company that provides cybersecurity services to users of open source software, announced Wednesday that it raised $35 million in Series C funding. The company’s platform draws from a database of open source repositories and alerts customers if they are using components that have unpatched bugs. “We are now at a stage where the question is not whether or not to use open source components, but how to put in place the solutions and policies to manage them well,” said WhiteSource CEO and co-founder Rami Sass, in a press release. Sass pointed to Equifax’s massive data breach last year as evidence for the need for automated open source bug monitoring services like WhiteSource’s. Equifax’s breach of about 148 million people’s personal data was reportedly caused by an unpatched version of Apache Struts, an open source web application framework. “[A]s the open source community grows, and the number of reported vulnerabilities […]

The post WhiteSource raises $35 million for open source flaw detection platform appeared first on Cyberscoop.

Continue reading WhiteSource raises $35 million for open source flaw detection platform

Report: hackers are crowdfunding to buy voter data on the dark web

Posted on by

Voter records from 19 states are for sale on underground hacker forums, according to research from Anomali and Intel 471 published Monday. The discovery highlights hackers’ ongoing interest in exploiting voter data and certainly marks unauthorized use of the data, but likely can’t be called a breach, depending on how the data was obtained. While the records are being illicitly sold, they’re not necessarily illicitly obtained. In many states, basic voter information, like name, address and party affiliation are public records. However, there are varying restrictions around who is allowed to obtain them, sometimes being limited to journalists, researchers or political campaigns. The researchers estimate the vendors are offering more than 35 million records from the following states: Georgia, Idaho, Iowa, Kansas, Kentucky, Louisiana, Minnesota, Mississippi, Montana, New Mexico, Oregon, South Carolina, South Dakota, Tennessee, Texas, Utah, West Virginia, Wisconsin and Wyoming. The report says the price for a state […]

The post Report: hackers are crowdfunding to buy voter data on the dark web appeared first on Cyberscoop.

Continue reading Report: hackers are crowdfunding to buy voter data on the dark web