what's going on out there?

latest Info. Sec. News

Hippogriff provides proven techniques that ensure results when instructing IT-centric personnel within enterprise divisions which are handling sensitive medical information for patients and the financial expenditures associated with insurance cost. There is no more valuable information than personal finance and healthcare data. There can be no room for error when consumers entrust their lives to market and government service providers; this means that a highly skilled team in Hippogriff is needed to keep up with inevitable and serious infractions throughout the technologically-dependent economy of the world's nations. Hippogriff can help recover compromised data and monitor your financial industry technology needs. There is ZERO excuse for lapses in elementary level IT security protocols. Hippogriff Cyber Security Awareness Training and Risk and Vulnerability Assessment/Mitigation capabilities should be part of your core business strategy for shielding against virtual and tangible infiltration of sensitive company property.

incidents that you need to know about

Every week Hippogriff shares some of the most alarming data breach/privacy infringing, occurrences throughout the world. Keep stopping by to see the most recent entries.

Companies Still Struggling with Some Parts of GDPR - Businesses are still struggling with implementing GDPR several months after the legislation was passed. A survey from Talend has found that a majority of firms are still not compliant with some part of GDPR, despite repeated warnings that they could be hit with significant punishments.

Data of Almost 3,000 Patients Experiencing Emergency Symptoms Exposed Online by MedCall Advisors - UpGuard kindly provided DataBreaches.net with evidence of some of what they found exposed. Keep in mind that anyone could have clicked on the approximately 700 audio files and heard the conversations between patients and doctors who were advising them. In addition to audio files, there were also some video files as well as traditional reports and files.

32 Percent of Data Breaches Lead to Executive Job Loss - As data breaches become headline news, the question arises of who will take the blame for the breach. All employees get put on the chopping block for costly breaches, but North American firms primarily remove C-level leaders in the aftermath, according to new security research from Kaspersky Lab.

Banks Turn to the Courts for Data Breach Claims - As data breaches have continued to become more pervasive, some financial institutions are now suing merchants to recover additional data breach costs which may fall outside of those covered in contracts with payment brands. A recent Seventh Circuit decision provides a glimpse into how courts analyze liability for data breaches when there are established contracts governing data security.

Microsoft Office Docs Deliver 45% of All Malware - Microsoft Office documents packed with malicious macros are the most common malware loader of the past month, accounting for 45% of all delivery mechanisms analyzed, according to a report from Cofense. Office Macros were followed in popularity by CVE-2017-11882, malicious batch scripts, malicious PowerShell scripts, and WSC downloaders, the report found.

Fetal Diagnostic Institute of the Pacific Notifies 40,800 Patients After Ransomware Attack - It appears that the attack was discovered on June 30. The incident was reported to HHS as impacting 40,800 patients. While the notification below meets all the regulatory requirements, I wish entities would routinely just disclose how malware was injected and what kind of malware it was. But good for FDIP for having a backup that was available and usable to restore data.

Vulnerability Disclosure Not a Priority for 93% of Forbes Global 2000 - Financial services and insurance companies are among the most tight-fisted industries when it comes to paying out bounties for software vulnerability disclosures, typically paying just one third of the global average.

Two Billion Devices Still Vulnerable to Blueborne Flaws a Year After Discovery - Blueborne, a set of nine exploitable Bluetooth vulnerabilities, was thought to affect close to every laptop and mobile device which used the communication protocol when the bugs were found last year. In the case of Blueborne, it appears the only way to stay protected is to make sure OS versions are as up-to-date as possible, and should an older, legacy device not receive such an update, a move towards a newer device may be the final solution.

Files with 42 Million Emails and Passwords Found on Free Hosting Service - A huge database with email addresses, passwords in clear text, and partial credit card data has been uploaded to a free, public hosting service. The operator of the sharing service sent the set to Troy Hunt, Australian security researcher and creator of the Have I Been Pwned data breach index site, to compare it and check whether it was the result of an unknown data breach.

Dramatic Increase of DDoS Attack Sizes Attributed to IoT Devices - A new NexusGuard report shows that the average size of attacks in Q2 2017 was 4.10 Gbps and the maximum was 63.70 Gbps. For Q2 2018, this average size has increased over 500% to 26 Gbps and the maximum size has increased to 359 Gbps.

Feedify Hacked with Magecart Information Stealing Script - A script used by the customer engagement service Feedify has been hacked to include the malicious MageCart script. MageCart is malicious code used by attackers to steal credit card details and other information from e-commerce sites when a user submits a form.

Mobile Attack Rates Up 24% Globally, 44% in U.S. - The proportion of mobile-vs.-desktop transactions has nearly tripled in the last three years, and instances of mobile fraud and cyberattacks have grown as attackers go where their victims are. More than half (58%) of digital transactions now originate from mobile devices, ThreatMetrix researchers discovered in their Q2 Cybercrime Report 2018.

Nearly Two-Thirds of India Inc. Fears Their Management of Cyber Risks Is Inadequate - Companies fear their management of cyber security risks is inadequate, a survey by consulting firm Deloitte has revealed. The companies found themselves to be less prepared to face these risks due to lack of trained professionals or budgetary constraints, according to the survey. Cyber security was rated amongst the top three risks by the corporates surveyed. Regulatory risk and technology disruption were the two other risks identified by the survey's respondents.

Canadian Town Coughing Up Bitcoin After Ransomware Attack - Midland, which has a population of over 16,000, had its computer systems breached and infected with ransom malware that encrypted files at the beginning of the month. The cyber attack rendered the town's computers inoperable for around 48 hours and this crippled email services, processing of payments, issuance of permits, reloading of transit cards and processing of marriage applications.

Report Finds Government and Military Employees Use Weak Passwords - WatchGuard Technologies' Internet Security Report for Q2 2018 states that more than 50% of military and government employees use weak passwords after analyzing the data leaked from LinkedIn in 2012. According to their research, after analyzing passwords associated with 355,023 government (.gov) and military (.mil) accounts from a 117 million encoded database of passwords stolen from LinkedIn, over 50% of them were crackable in less than two days.

Freshmenu Fails to Inform Users of Data Breach - Cloud kitchen platform Freshmenu has come under severe attack over allegations that it chose to keep under wraps a data breach two years ago that exposed the personal information of over 110,000 users. The incident from July 2016 was brought to light this week by data breach-tracker HaveIBeenPwned.com

Illegal Aliens Cited in Theft of 39 Million Social Security Numbers - Nearly 40 million Social Security numbers have been stolen and used by illegal immigrants and others to get work, according to agency records obtained by an immigration reform group. The Social Security numbers of young children are especially sought by illegal aliens, as this theft is likely to go undetected for years.

Higher Education Is One of the Worst Industries at Handling Cyber Attacks - Higher education ranks as one of the worst business sectors to handle cyber threat crises. Nearly three-quarters of participants (73%) took three or more days to create and apply a patch after notification of an attack , said EfficientIP's 2018 Global DNS Threat Report. Additionally, the cost for DNS-based threats rose by 68% to $690,000 in the education sector in 2017.

TV License Office Urges Scottish Customers to Check Bank Statements After Data Security Breach - It is emailing 40,000 people who entered bank account and sort code details telling them to check their bank accounts for suspicious transactions and to make sure direct debits haven't been amended. Information including names, addresses, and emails is also at risk because they were not encrypted when they were transmitted from customers' computers to TV Licencing.

Gang of Hackers Seizes WhatsApp Accounts of Karachi Users - WhatsApp accounts of citizens are getting hacked by an anonymous group of hackers, Geo.tv reported. According to the report, numerous complaints were registered to the Federal Investigation Authority (FIA) since the past few days regarding the victims getting their accounts hacked. The hacking was done subsequent to a fake prize scheme used as bait to trap unsuspecting citizens into hacking their accounts.

Law Firm Seeking Leak Victims to Launch £500m Suit at British Airways - The airliner last week apologized and offered to compensate customers for any direct financial loss for the attack that took place between 21 August and 5 September via its website and app. However, an group-action suit* led by SPG Law contends BA has not gone far enough and should be paying travelers for the "compensation for inconvenience, distress and annoyance associated with the data leak."

First IoT Security Bill Reaches Governor's Desk in California - The first Internet of Things (IoT) security bill in the U.S. has been approved in California at the end of August and has now reached the Governor's desk to be signed into law. The bill, SB-327, was introduced in February 2017 and was the first legislation of its kind in the U.S. It even predated by almost six months the Internet of Things Cybersecurity Improvement Act of 2017, a bill introduced in the U.S. Senate by Sen. Mark Warner.

58% of All Healthcare Breaches Are Initiated by Insiders - One of the most compelling insights from the Verizon PHIDBR study is how quickly healthcare is becoming a digitally driven business with strong growth potential. What's holding its growth back, however, is how porous healthcare digital security is.

Hacked MEGA Chrome Extension Affected 1.6 Million Users - On September 4, a researcher named SerHack was the first one to send out an alert via Twitter mentioning the hacked extension. He noticed that the tool potentially harvested user credentials from various platforms, including Microsoft, Github, Google, Amazon, MyEtherWallet, MyMonero, IDEX.market, and Live.

Philadelphia Eagles Are the NFL Team Most Often Referenced in Credentials - An analysis of 61.5 million anonymized passwords found more references to "Eagles" and other team-related keywords than any other NFL franchise, according to a just released 'NFL Password Power Rankings' report.

Karnataka's Famed Land Record Database Bhoomi Faces Another Security Breach - In a serious security breach of Karnataka's famed land record database, 19 acres of government wasteland in Devanahalli were shifted to a private individual illegally last week. In Gobbaragunte village of Devanahalli taluk, around 40 km from Bengaluru, land value is very high. The incident has caused ripples in the revenue department. Land sharks are believed to be behind the manipulation of records.

Hackers Can Steal a Tesla Model S in Seconds by Cloning Its Key Fob - Tesla has taken plenty of innovative steps to protect the driving systems of its kitted-out cars against digital attacks. It's hired top-notch security engineers, pushed over-the-internet software updates, and added code integrity checks. But one team of academic hackers has now found that Tesla left its Model S cars open to a far more straightforward form of hacking: stealthily cloning the car's key fob in seconds, opening the car door, and driving away.

Hacker Exploits EOS Betting Platform to "Win" Jackpot 24 Times in a Row - While $24,000 might seem like small change compared to other world-shaking cryptocurrency heists, the prevalence of these small-time hacks is growing. Betting dApps running on EOS, in particular, are being picked apart frequently.

60 Percent of Targeted Email Attacks Aimed at Contributors and Lower Management - Proofpoint researchers discovered that individual contributors and low-level management together accounted for 60 percent of highly targeted attacks, which consisted primarily of malware and credential phishing. By comparison, upper management and executives received 23.5 percent and 5.2 percent of targeted attacks, respectively.

Hippogriff RSS Feed '18-'17