Data Security

The latest on data breaches and cybersecurity and data security by Adam K Levin.

Domain hack
There is no overestimating the value of your company's domain name. Whether you work for a big brand or run a mom-and-pop dot-com, the goal is easy navigation to your site. A prospective client or customer types your company name and their browser does the rest. What would happen if you typed in "Amazon," the corresponding domain popped up, and you clicked, but...
Russian hackers
A Russia-based hacking group is exploiting the current Covid-19 pandemic to target and compromise U.S. companies with multiple strains of malware, according to a new report. Cybersecurity firm Symantec released a warning that the Russian hacking group “Evil Corp” has been behind a widespread hacking campaign against over thirty U.S. organizations, including eight Fortune 500 companies. The group has been...
Ransomware
We're not even halfway through 2020, and already it's been a record-breaking year for ransomware attacks. Barely a week goes by without reports of a new strain or variant of malware wreaking havoc among companies. 1-99-employee companies are a target No industry, category, size, or group is safe from this cyber scourge. We hear about the big ones. Manufacturing giant Honda had its networks brought to a...
Contact tracing malware
Phony contact-tracing apps meant to mitigate the spread of the Covid-19 pandemic are installing ransomware on mobile devices. One app billed itself, “The Covid-19 Tracer App,” claiming to be an official mobile app of the Canadian government’s coronavirus contact tracing effort. “The more Canadians who voluntarily download and use the app, the safer we’ll be, and the faster we can...
BlueLeaks
269 gigabytes of potentially sensitive data collected from more than 200 police departments across the country were leaked online last week. The data, called “BlueLeaks,” was shared online by a group called Distributed Denial of Secrets, or DDoSecrets), a Wikileaks-style organization committed to “enabling the free transmission of data in the public interest.” According to the leakers, the dump included, “Ten...
lax cybersecurity
CIA-developed hacking tools stolen in 2016 were compromised by an organizational culture of lax cybersecurity, according to an internal memo. In a 2017 memo recently acquired by the Washington Post, a CIA task force attributed the exfiltration of critical hacking tools and data to “a culture… that too often prioritized creativity and collaboration at the expense of security.”    The task force...
Dating data leak
An unsecured Amazon Web Services (AWS) database leaked the personal information of hundreds of thousands of users of several niche and special interest dating apps. Security researchers from vpnMentor discovered 845 gigabytes of user data from dating apps including 3somes, Cougary, Gay Daddy Bear, Xpal, BBW Dating, Casualx, SugarD, and Herpes Dating in late May. Included in the exposed data...
Black Lives Matter malware
The U.S. and global protests of the killing of George Floyd are being used to spread malware according to the cybersecurity non-profit organization abuse.ch.  The Zurich-based group identified a phishing campaign that capitalizes on the Black Lives Matter movement to distribute malware. Emails with the subject line “Vote anonymous about ‘Black Lives Matter’” have been sending a variant of TrickBot,...
Honda ransomware
Japanese automotive manufacturer Honda is investigating a possible ransomware attack that has caused company-wide network outages. Several news outlets have reported that the company’s servers have been infected with the EKANS ransomware which led to network connectivity issues in Europe and Japan over the weekend. "On Sunday, June 7, Honda experienced a disruption in its computer network that has caused a...
Joomla data leak
Administrators of the open source Joomla content management system announced a data incident that potentially compromised the information of 2,700 developers. A database containing the personal data of users of Joomla Resources Directory website was discovered on an unprotected Amazon Web Services bucket following an internal audit. Leaked information included names, addresses, email addresses, phone numbers, encrypted passwords, and IP...