what's going on out there?

latest Info. Sec. News

Hippogriff provides proven techniques that ensure results when instructing IT-centric personnel within enterprise divisions which are handling sensitive medical information for patients and the financial expenditures associated with insurance cost. There is no more valuable information than personal finance and healthcare data. There can be no room for error when consumers entrust their lives to market and government service providers; this means that a highly skilled team in Hippogriff is needed to keep up with inevitable and serious infractions throughout the technologically-dependent economy of the world's nations. Hippogriff can help recover compromised data and monitor your financial industry technology needs. There is ZERO excuse for lapses in elementary level IT security protocols. Hippogriff Cyber Security Awareness Training and Risk and Vulnerability Assessment/Mitigation capabilities should be part of your core business strategy for shielding against virtual and tangible infiltration of sensitive company property.

incidents that you need to know about

Every week Hippogriff shares some of the most alarming data breach/privacy infringing, occurrences throughout the world. Keep stopping by to see the most recent entries.

Your Phone Company's Horrible Security Is All That's Standing Between You and Total Digital Destruction - A scam called "porting out" or "SIM hijacking" or "SIM swapping" allows crooks to steal your phone number by impersonating you to your phone company to report a lost SIM card and asking them to assign your number to a new one. Criminals use information from public sources and breaches to answer security questions, then they have your number assigned to a phone in their control.

Venmo Refuses to Say Why Transactions Are Public by Default - Hang Do Thi Duc, a Berlin-based privacy researcher found that every time someone sent or received money using the PayPal-owned mobile app (which had over seven million users in 2017), the transaction was "public" by default and was broadcast on Venmo's API. In other words, everyone can see your transactions — even without the app.

Golden Heart Administrative Professionals Ransomware Attack Impacts 44,600 Patients - Golden Heart Administrative Professionals, a Fairbanks, AK-based billing company and business associate of several healthcare providers in Alaska, is notifying 44,600 individuals that some of their protected health information has potentially been accessed by unauthorized individuals as a result of a recent ransomware attack.

Automakers' Trade Secrets Exposed in Data Leak - Automakers like Tesla, Toyota and Volkswagen go to great lengths to keep their technical information confidential. Details about assembly line machinery and proprietary robotics are among the industry's most closely guarded trade secrets.

British Airways Shows Everyone How Not to GDPR - Given the company's social media staff have been caught encouraging customers to post personal data such as their address and passport number into a public forum — and here’s the anti-privacy cherry! — claiming it’s necessary for GDPR compliance!

$1 Million Heist on Russian Bank Started with Hack of Branch Router - A prolific hacking group has struck again, this time stealing close to $1 million from Russia's PIR Bank. The July 3 heist came about five weeks after the sophisticated hackers first gained access to the bank's network by compromising a router used by a regional branch.

Human Resources Firm ComplyRight Breached - Cloud-based human resources company ComplyRight said this week that a security breach of its Web site may have jeopardized sensitive consumer information — including names, addresses, phone numbers, email addresses and Social Security numbers — from tax forms submitted by the company's thousands of clients on behalf of employees.

City of Alamogordo Victim of $250,000 Email Scam - State Auditor Wayne Johnson is cautioning all New Mexico government entities about an unknown email scam after the city of Alamogordo paid more than a quarter of a million dollars to a scam artist. Johnson said the recovery of that public money will be difficult if not impossible to recover.

Credential Stuffing Costs Businesses Over $5 Billion a Year - When usernames and passwords are exposed through a data breach or attack on users, criminals harvest these credentials and test them on a wide range of websites and mobile applications, a practice known as "credential stuffing."

Ransomware Attack, Now on a Vashi Hospital - MGM Hospital, Vashi, has come under a ransomware attack. A hacker locked data in the hospital’s computer system and sent a web link demanding ransom in bitcoins to unlock it.

Thousands of U.S. Voters' Data Exposed by Robocall Firm - A Virginia-based political campaign and robocalling company, which claims it can "reach thousands of voters instantly," left a huge batch of files containing hundreds of thousands of voter records on a public and exposed Amazon S3 bucket that anyone could access without a password.

Hackers Account for 90% of Login Attempts at Online Retailers - Online retailers are hit the most by these attacks, according to a report by cyber security firm Shape Security. Hackers use programs to apply stolen data in a flood of login attempts, called "credential stuffing." These days, more than 90% of e-commerce sites' global login traffic comes from these attacks. The airline and consumer banking industries are also under siege, with about 60% of login attempts coming from criminals.

Half of Retailers Experience Security Breaches in the Past Year - According to a new report, 52 percent of U.S. retailers have suffered a data breach in the past year and 75 percent have had one at some time in the past. The latest Thales Data Threat Report, Retail Edition, also shows that U.S. retail data breaches more than doubled from 19 percent in the 2017 survey to 50 percent, making retail the second most breached industry vertical this year.

LabCorp Cyber Attack Forces Shutdown of Systems - LabCorp, one of the largest clinical laboratories in the United States, has experienced a cyberattack that has potentially resulted in hackers gaining access to patients' sensitive information; however, data theft appears unlikely as the cyberattack has now been confirmed as being a ransomware attack involving a new variant of ransomware.

800K Patient Records at Issue in ProCare Health SNAFU - IT companies allege that one of New Zealand's largest networks of doctors and nurses has been storing hundreds of thousands of sensitive patient records, without express consent.

Cyber Security Incidents Are Up 32% from Last Year - Hackers  have an increased interest in personal data such as account credentials. Data theft also makes up for a large share of the total cybersecurity threatscape — 13% more than the 2017 average.

Telefonica Calls Authorities After Massive Breach - The Netherlands-based Telecompaper reported that Telefonica, a top-10 telecom vendor based in Spain that delivers telecom services across more than 20 countries, was hit by a major security breach. Personal customer data of millions of its clients was possibly exposed in the breach. The company reportedly said the flaw was fixed and that the breach was reported to the authorities.

Thousands of Patient Records Held for Ransom in Ontario Home Care Data Breach, Attackers Claim - The detailed medical histories and contact information of possibly tens of thousands of home-care patients in Ontario are allegedly being held for ransom by thieves who recently raided the computer systems of a health-care provider.

Less Than Half of Cyber Attacks Detected via Antivirus - The SANS 2018 Survey on Endpoint Protection and Response polled 277 IT professionals on endpoint security concerns and practices. In this year's survey, 42% of respondents reported endpoint exploits, down from 53% in 2017. However, the number of those who didn't know they had been breached jumped from 10% in 2017 to 20% in 2018.

Timehop Reveals Additional Data Compromised by Hacker - Timehop, the social media app that resurfaces older social media posts for entertainment, says its ongoing data breach investigation has revealed that attackers may have compromised more personal information than it previously suspected.

Thousands of Mega Logins Dumped Online, Exposing User Files - Thousands of credentials for accounts associated with New Zealand-based file storage service Mega have been published online, ZDNet has learned. The text file contains over 15,500 usernames, passwords, and files names, indicating that each account had been improperly accessed and file names scraped.

Researchers Stealthily Manipulate Road Navigation Systems - A team of researchers from Virginia Tech, the University of Electronic Science and Technology of China, and Microsoft Research has discovered a new and stealthy GPS spoofing method that has been proven to be highly effective against road navigation systems.

IoT Search Engine ZoomEye Cached Passwords for Tens of Thousands of Dahua DVRs - IoT search engine ZoomEye helped achieve a "new low" in the ease of hacking IoT devices. Login credentials are cached, so update vulnerable Dahua DVR firmware before someone hacks the device.

Vermont Schools Lag on Cyber Security While Risks Hit Home with $50K Fraud from Pownal - A cyber thief infiltrated a Vermont supervisory union's computer network and made a $50,000 transfer out of a school bank account, but safe guards on the account alerted staff members to take action.

Hippogriff RSS Feed '18-'17