what's going on out there?

latest Info. Sec. News

Hippogriff provides proven techniques that ensure results when instructing IT-centric personnel within enterprise divisions which are handling sensitive medical information for patients and the financial expenditures associated with insurance cost. There is no more valuable information than personal finance and healthcare data. There can be no room for error when consumers entrust their lives to market and government service providers; this means that a highly skilled team in Hippogriff is needed to keep up with inevitable and serious infractions throughout the technologically-dependent economy of the world's nations. Hippogriff can help recover compromised data and monitor your financial industry technology needs. There is ZERO excuse for lapses in elementary level IT security protocols. Hippogriff Cyber Security Awareness Training and Risk and Vulnerability Assessment/Mitigation capabilities should be part of your core business strategy for shielding against virtual and tangible infiltration of sensitive company property.

incidents that you need to know about

Every week Hippogriff shares some of the most alarming data breach/privacy infringing, occurrences throughout the world. Keep stopping by to see the most recent entries.

The Inconvenient Reality of Law Firm Security Challenges - When it comes to IT security-related risks, law firms are a prime target. Unfortunately, law firm security is not where it needs to be. Not only do law firm network environments serve as an entry point to all this sensitive information, but many organizations are behind the times in terms of allocating reasonable funds to bolster security and minimize risks.

Intel says 32 Lawsuits Filed Against Company Over Security Flaws - Intel Corp said on Friday 32 class action lawsuits had been filed against the company in connection with the recently disclosed security flaws in its chips.

Another Major Triple-S Advantage Data Breach Has Occurred - The Puerto Rico Health Plan Triple-S Advantage has experienced a privacy breach that has impacted 36,000 plan members. The breach was the result of a mailing error which saw sensitive information of plan members disclosed to incorrect individuals.

IoT Botnet Bypasses Firewalls to get to ZyXEL Modems - NewSky Security's honeypots have detected a new IoT botnet in the making. The botnet was named DoubleDoor, as it leverages two distinct backdoors to get to the target: ZyXEL PK5001Z modems.

2017 Breaks Record for New Vulnerabilities - More than 20,000 new vulnerabilities were cataloged in 2017 according to breach analysis specialist Risk Based Security. Web-related issues account for over half of all vulnerabilities disclosed last year, 31.5 percent had public exploits, and 24.1 percent had no solution at the time of the report.

South African Businesses Are at a Higher Risk of Data Breaches - Despite their investments in security technology, 9 out of 10 South African IT security professionals surveyed have experienced a phishing-related incident and almost all still worry about email-related threats, according to a phishing response trends report by PhishMe.

Unsecured Server Exposed Thousands of FedEx Customer Records - FedEx has exposed private information belonging to thousands of its customers after a legacy server was left open without a password. The server belonged to Bongo International, a company specializing in helping U.S. retailers sell products online to consumers around the world by calculating shipping and duty calculations and currency conversions, among other things.

IoT Devices Most Vulnerable to Wi-Fi Attacks - IoT devices are the most vulnerable to Wi-Fi attacks, according to IT professionals polled in a new Spiceworks survey. The research found that 52% of respondents believe workplace IoT devices such as smart lights and thermostats are "extremely vulnerable" to Wi-Fi-based attacks, with IP-enabled appliances (49%), video equipment (42%) and electronic peripherals (40%) just as exposed.

U.S. Gov't Staffers Use Personal Gear on Work Networks, Handle Biz Docs on the Reg - According to a survey of 200 IT and security admins at U.S. federal agencies, 67.5 per cent of admins have caught employees using personal devices to handle work email and 46 per cent say employees are using personal email accounts to handle work documents.

'BuckHacker' Search Engine Lets You Easily Dig Through Exposed Amazon Servers - Contractors, governments, and telecom giants have all previously left data on exposed Amazon Web Services (AWS) servers, meaning anyone can access them without a username or password. Now, a search engine makes combing through leaky AWS datasets that much easier. Think of it as a barebones Google, but for info that the owners may have mistakenly published to the world.

IT Security Leaders Worried About Increasing Digital Threats - Around nine in ten of information security leaders are concerned about the sharp hike in digital threats posed across web, social and mobile channels. The top three digital threats posed are phishing, malware attacks on employees and customers; brand impersonation, abuse and reputational damage as well as information breach.

U.S. Firms Are Still Unprepared for Looming E.U. Data Privacy Rules - U.S. financial services firms trying to manage regulations and guidance on data protection and cyber security from multiple jurisdictions, are about to face one of their biggest challenges yet when strict new European Union rules governing the use of personal information take effect.

While Western Union Wired Customers' Money, Hackers Transferred Their Personal Deets - Western Union has confirmed one of its IT suppliers was hacked, and that customer information was exposed to miscreants. It seems as though a cloud-based or off-site backup storage provider was hacked.

Data Breach at Mass. Tax Agency Allowed Companies to Peek in on Competitors' Data - A data mix-up on a state tax portal inadvertently made private data from about 16,500 business taxpayers viewable to other companies, potentially even competitors.

Millions of Android Phones Hacked to Mine Monero Coins - Drive-by mining can be understood as an automated process of exploiting CPU's power. It occurs silently and secretively without requiring the consent of the user and displays a CAPTCHA code "w3FaSO5R" to the user through a message.

Agencies Still Lag on Email Security One Month Past Deadline - Just about 62 percent of federal email domains had installed the tool called DMARC as of last week, compared with about 55 percent when a deadline to adopt the tool passed in January, according to data from the company ValiMail.

Consumers Want More IoT Regulation - A demand for more regulation may seem counterintuitive in today's world and yet that's exactly what consumers who understand IoT technologies want, according to a new study from Market Strategies International.

Microsoft Won't Plug a Huge Zero-Day in Skype Because It'd Be too Much Work - The bug in the automatic updater (turd polisher) for the Windows desktop app has a ruddy great hole in it that will let dodgy DLLs through. The result, if exploited would mean that an ordinary user account would get all the privileges of a SYSTEM user.

Ten Cryptocurrency Traders Have Filed a Lawsuit Against Coincheck Following $530m Theft - Ten cryptocurrency traders have filed a lawsuit against Japanese bitcoin wallet and exchange service Coincheck following last month's theft of $530 million (£382 million) in digital money.

Russia says Hackers Stole More than $17 million from Its Banks in 2017 - Hackers stole more than 1 billion roubles ($17 million) from Russian banks using the Cobalt Strike security-testing tool in 2017, a central bank official said on Tuesday.

BEC Attacks Jumped 17% Last Year - The Business Email Compromise (BEC) epidemic shows no signs of abating, after Proofpoint revealed a 17% increase in attacks last year. The security vendor analyzed over 160 billion emails sent to more than 2400 companies spanning 150 countries to compile its 2017 Email Fraud Threat Report.

Hackers Exploit 'Telegram Messenger' Zero-Day Flaw to Spread Malware - A zero-day vulnerability has been discovered in the desktop version for end-to-end encrypted Telegram messaging app that was being exploited in the wild in order to spread malware that mines cryptocurrencies such as Monero and ZCash.

Thousands More Personal Records Exposed via Misconfigurations - The Maryland Joint Insurance Association (MDJIA, with offices in Ellicott City, MD) left internet access to a data repository of customer files containing information such as customer names, addresses, phone numbers, birth dates, and full Social Security numbers; together with financial data such as check images, full bank account numbers, and insurance policy numbers.

49% of Crypto Mining Scripts Are Deployed on Pornographic Related Websites - The experts from Qihoo 360's Netlab analyzed crypto mining scripts online by analyzing DNS traffic with its DNSMon system. The experts were able to determine which sites load the scripts from domains associated with in-browser mining services.

Domain Theft Strands Thousands of Web Sites - Newtek Business Services Corp., a Web services conglomerate that operates more than 100,000 business Web sites and some 40,000 managed technology accounts, had several of its core domain names stolen over the weekend. The theft shut off email and stranded Web sites for many of Newtek's customers.

U.K. and U.S. Government Websites Among Thousands Infected by Cryptocurrency Miner - More than 4,200 websites, including many run the U.K. and U.S. governments, were infected on Feb. 11 by a Monero cryptocurrency miner delivered through Browsealoud, a hosted accessibility service that can read website content aloud for people with visual impairments.

Windows Installer Service Hacked to Onfect Victims' Systems with Malware - Cyber-criminals are using a malware spam campaign to exploit a remote code execution vulnerability in Microsoft Office to download and execute malicious scripts on victims' systems.

Hippogriff RSS Feed '18-'17