What the Hack? Podcast
What the Hack? Podcast
What the Hack? Podcast
What the Hack? Podcast

Data Security

The latest on data breaches and cybersecurity and data security by Adam K Levin.

credential stuffing
Dailymotion is a Paris-based video-sharing rival of YouTube. The site gets about 300 million unique visitors a month who watch an estimated 3.5 billion videos. While that's a fraction of YouTube's nearly 2 billion uniques, it makes a perfectly good target for a hacker. Dailymotion announced "a large-scale computer attack aimed at compromising the data of its users," on January 25. "The attack, which was discovered by...
Credit union phishing attempt
A phishing campaign targeting credit unions and other financial institutions recently found its way into the email inboxes of anti-money laundering officers. Credit unions and banks are both required by the Bank Secrecy Act (BSA) to report potential money laundering operations and to dedicate at least two staff members to ensure compliance. The phishing emails seemed to specifically target the...
APT10
The Chinese government-linked hacking group APT10 is continuing its campaign against US and European businesses with increasingly sophisticated tactics and strategies, warn officials from the Department of Homeland Security. The group is thought to be responsible for recent cyber-espionage campaigns against a U.S. law firm, an international apparel company, and Visma, a major Norwegian software firm according to a...
Data Breach
A recent leak compromised the personal data of all 4,557 active students at the California State Polytechnic University Science School. This was not a case of hackers gaining access through illicit means or an accidental exposure of an unsecured database. The data was inadvertently sent in a spreadsheet as an email attachment by a university employee. It included names,...
Shodan
The recent data leak of the Oklahoma Security Commission that compromised 17 years’ worth of FBI investigations, the NGO leak of 4 million internship applications, and the exposure of 114 million businesses and individuals’ data online and many others have one common thread: each of them was found on Shodan, the self-proclaimed “world’s first search engine for Internet-connected devices.” While...
Sidewalk Labs, a subsidiary of Google’s parent company Alphabet, is the go-to story for Data Privacy Day with its new “user-friendly” tool called Replica, which allows city planners see “how, when, and where people travel in urban areas.” The Intercept’s explainer details a troubling use of consumer data. “Thanks for all you do,” could be Replica initiative’s tagline, since...
Trojan Ho
Trojan horse-based malware attacks and spyware rose sharply in 2018 as ransomware-based attacks declined, according to a new report published by Malwarebytes. One of the larger threats outlined in the report was the Emotet Trojan, a sophisticated malware program capable of data theft, network monitoring, and propagating itself onto other vulnerable systems, and the Trickbot Trojan that steals passwords...
shodan
The personal data of 4 million applicants for internships at a non-profit organization was exposed in a breach. The data included the applicants’ names, email addresses, gender, and personal essays and was exposed via a misconfigured database called Elasticsearch on the website of AIESEC, a “youth-run” non-governmental organization with over 100,000- members worldwide. The data leak was initially found...
Phishing quiz
A Google offshoot is trying to teach people to be more circumspect about phishing attempts. Jigsaw, an incubator owned by Google parent company Alphabet, has released an online quiz that displays examples of phishing emails side by side with legitimate ones and asks users to guess which is which. The quiz uses real-world phishing campaigns, including the Russian hack...
According to a study published in December by SplashData of the more than 5 million passwords compromised by hacks last year, way too many were laughably inadequate. If you are having that same-old, same-old sense of déjà vu, you're not alone. Another year has come and gone, and consumers are still using the same old bad passwords to protect their...