what's going on out there?

latest Info. Sec. News

Hippogriff provides proven techniques that ensure results when instructing IT-centric personnel within enterprise divisions which are handling sensitive medical information for patients and the financial expenditures associated with insurance cost. There is no more valuable information than personal finance and healthcare data. There can be no room for error when consumers entrust their lives to market and government service providers; this means that a highly skilled team in Hippogriff is needed to keep up with inevitable and serious infractions throughout the technologically-dependent economy of the world's nations. Hippogriff can help recover compromised data and monitor your financial industry technology needs. There is ZERO excuse for lapses in elementary level IT security protocols. Hippogriff Cyber Security Awareness Training and Risk and Vulnerability Assessment/Mitigation capabilities should be part of your core business strategy for shielding against virtual and tangible infiltration of sensitive company property.

incidents that you need to know about

Every week Hippogriff shares some of the most alarming data breach/privacy infringing, occurrences throughout the world. Keep stopping by to see the most recent entries.

New Verizon Leak Exposed Confidential Data on Internal Systems - Confidential and sensitive documents, including server logs and several instances of credentials for internal systems, were found on an unprotected Amazon S3 storage server controlled by a Verizon Wireless customer, discovered by security researchers at the Kromtech Security Research Center.

Don't Rely on an Unlock Pattern to Secure Your Android Phone - Security researchers at the U.S. Naval Academy and the University of Maryland Baltimore County this week published a study that shows that a casual observer can visually pick up and then reproduce an Android unlock pattern with relative ease. In their tests, they found that six-point Android unlock patterns can be recreated by about two out of three observers who see it performed from five or six feet away after a single viewing. Spotting a six-digit PIN of the kind used in most iPhones, on the other hand, proved surprisingly difficult: Only about one in ten observers in the study could reproduce it after one look.

Three-Quarters of Security Incidents Originate Inside the Extended Enterprise - "Businesses may fall victim to the frenzy around high profile attacks and organizations may be quick to look at threats outside the business but, in reality, the danger exists closer to home," said Dr Guy Bunker, SVP products at Clearswift. "The blurring lines between personal and work-based technologies has led to an unabated rise in the insider threat."

Massive Wave of Ransom DDoS Threats Sweeps Globe - A widespread wave of spam targeting companies throughout the U.S., Europe and Asia was spotted by security researcher Derrick Farmer on September 19, with the messages demanding a payment of around $750 (i.e., 0.2 Bitcoin). The extortionists promise to launch attacks on September 30 unless the demands are met.

Passwords to Over a Half Million Car Tracking Devices Leaked Online - The Kromtech Security Center recently found over half a million records belonging to SVR Tracking, a company that specializes in "vehicle recovery," publicly accessible online. SVR provides its customers with around-the-clock surveillance of cars and trucks, just in case those vehicles are towed or stolen. To achieve "continuous" and "live" updates of a vehicle's location, a tracking device is attached in a discreet location, somewhere an unauthorized driver isn't likely to notice it.

SMBs Paid $301M to Ransomware Hackers Last Year - Small- and medium-sized businesses (SMBs) paid ransomware hackers $301 million in 2016 to decrypt critical files — and 99% predict that these attacks will continue to rise in the next two years, according to Datto's State of the Channel Ransomware Report, released Thursday.

ISPs May Be Helping Hackers to Infect you with FinFisher Spyware - Are you sure the version of WhatsApp, or Skype, or VLC Player installed on your device is legitimate? Security researchers have discovered that legitimate downloads of several popular applications including WhatsApp, Skype, VLC Player and WinRAR have reportedly been compromised at the ISP level to distribute the infamous FinFisher spyware also known as FinSpy.

This Hacker Gained Access to Hundreds of Companies Through Their Helpdesk - Let's imagine you're the CEO of a major corporation. On a scale from one-to-ten, tell me how disastrous you think it would be if an adversary – like a hacker, or a rival company – was able to eavesdrop on every conversation taking place in your headquarters. Ten, right?

More Than One Million New Phishing Sites Created Each Month - Phishing attacks continue to increase in volume and sophistication, according to researchers at security firm Webroot. Phishing attacks are highly targeted, sophisticated, hard to detect and difficult for users to avoid, with 1.39 million new phishing sites created each month, say security researchers.

Federal Pay System Privacy Breaches Included Salary Information - The federal privacy watchdog says inadequate testing, coding errors and poor monitoring of the beleaguered Phoenix federal pay system resulted in exposure of the personal information of public servants.

Ransomware Hack Targeting 2 Million an Hour - A ransomware attack sweeping the globe right now is launching about 8,000 different versions of the virus script at Barracuda's customers, Eugene Weiss, lead platform architect at Barracuda, told Axios, and it's hitting at a steady rate of about 2 million attacks per hour.

Office Workers Fall Victim to Phishing Attacks Despite Training - The study by cloud business applications company Intermedia shows that while 70 percent of office workers say that their organization regularly communicates with employees about cyber threats as a means of prevention, there are significant gaps between confidence and effectiveness.

'Dark Overlord' Hackers Shut Down Montana School District with Cyber Threats - An entire school district in Flathead Valley, Montana, shut down for three days after hackers, going by the name of 'TheDarkOverlord Solutions' targeted several schools with cyberthreats. Local investigators believe the hackers infiltrated the Columbia Falls school district's server and obtained sensitive information of current and past students, parents and staff members including their names, addresses and medical records.

Manchester Police STILL Relies on Windows XP - England's second biggest police force has revealed that more than one in five of its computers were still running Windows XP as of July. Greater Manchester Police told the BBC that 1,518 of its PCs ran the ageing operating system, representing 20.3% of all the office computers it used.

IT Admin Sentenced After Blackmailing Business, Redirecting Website to Porn - An IT administrator has been sentenced to four years of federal probation after being found guilty of holding a company to ransom and sabotaging their website to redirect visitors to a pornographic website.

Facial Recognition Rated Far More Ineffective Than Touch ID by Hackers - Facial recognition was rated as the worst tool for authentication by a fifth of respondents in a recent survey of the hacking community—six times more often than fingerprint authentication.

E.U. to Launch Cyber Security "Safety Labels" - The proposals by the European Commission, the executive arm of the 28-nation bloc, come amid growing concerns over election hacking by foreign states, ransomware attacks and other cybercrime like identity theft and bank fraud.

FedEx: NotPetya Cost $300m, Wrecked Q1 Earnings - FedEx, the worldwide package delivery giant, said in a regulatory filing on Tuesday that the NotPetya ransomware outbreak in late June has cost it an estimated $300 million dollars and forced the company to miss its fiscal first quarter earnings.

Report: Average Enterprise Data Breach Cost Rises to $1.3 Million - The cost of a data breach for enterprises in North America increased this year, according to a new report from Kaspersky Lab and B2B International, released Tuesday. The total impact of a data breach now amounts to $1.3 million for large companies — up from $1.2 million in 2016, the report found. Breaches cost an average of $117,000 per incident for small- and medium-sized businesses (SMBs), the report also noted.

74% of IT Leaders say Security Concerns Restrict the Move to Public Cloud - Though industries are increasingly adopting public cloud, security concerns are preventing wider adoption, according to a new report from Barracuda Networks. In a survey of 300 IT decision makers from organizations of all sizes across the U.S. that are currently using public cloud Infrastructure as a Service (IaaS), respondents said they currently run 44% of their infrastructure in the public cloud, but expect this percentage to nearly double in the next five years.

Attackers Use Undocumented MS Office Feature to Leak System Profile Data - An undocumented Microsoft Office feature allows attackers to gather sensitive configuration details on targeted systems simply by tricking recipients to open a specially crafted Word document — no VBA macros, embedded Flash objects or PE files needed.

NY Attorney General Presses TransUnion, Experian for Details - New York Attorney General Eric Schneiderman is pressing two credit monitoring companies to explain what cybersecurity they have in place to protect sensitive consumer information following a recent breach at Equifax that exposed the data of 143 million Americans.

INTO Warns Online Portal May Be Compromised by Hacking - The Irish National Teachers Organisation has warned users of its online learning portal that their personal data may have been compromised following the hacking of the website. The breach, which happened last week, left names, email addresses, city, country, gender and information related to course actions potentially accessible by the hackers.

The Justice Department Has Reportedly Opened an Insider-Trading Investigation at Equifax - Equifax officials are reportedly being investigated by the U.S. Justice Department after selling stock before the company revealed a data breach that exposed the personal information of millions of Americans.

Retailers Experience Two Cyber Attacks Every Week - Retailers are responding to cyber attacks on average twice a week — this is according to the latest research from Zynstra, an enterprise-grade IT software provider. 16% of retailers said they experienced an attack or attempted attack every day, 11% said they responded 2-3 times per week, and 64% said once a month.

Internet-Connected Toys: Cute, Cuddly and Inherently Insecure - After the FBI issued a warning on internet-connected toys in July, researchers began digging into these devices to assess their functions as they relate to cybersecurity. But before describing what one of these toys can do, it might be helpful to explain how they work at a very high level.

3,000 Orgs Open to Equifax-Type Breaches - Analyzing data from the Maven Central repository, the largest distribution point for Java open-source components, Sonatype found a startling lack of hygiene related to enterprise consumption of vulnerable Struts2 components, which were exploited in the massive breach at Equifax.

CCleaner Hacked to Distribute Malware; Over 2.3 Million Users Infected - If you have downloaded or updated CCleaner application on your computer between August 15 and September 12 of this year from its official website, then pay attention — your computer has been compromised.

Dutch Bitcoin Broker Litebit Suffers Second Data Breach in Six Weeks - It is never good to see Bitcoin exchanges or brokers suffer a hack. Although not all of these incidents involve stolen money, it is still a worrisome development from a security vantage point. Litebit.eu, a Dutch cryptocurrency broker, has suffered two separate incidents over the past few months. It remains to be seen how this will affect the company's reputation moving forward.

Hippogriff RSS Feed '17