Internet Security | SC Media

Internet Security

Brazil (3)

Exposed S3 bucket compromises 120 million Brazilian citizens

By

More than 120 million unique identification numbers issued by the Brazilian Federal Reserve to Brazilian citizens and tied to tax-paying resident aliens, spent months earlier this year publicly exposed on the internet. The data breach was noticed in March by the InfoArmor Advanced Threat Intelligence team when it found what is called Cadastro de Pessoas…

Marijuana plant

Florida marijuana dispensary website leaked customer data

By

A Florida medical marijuana dispensary took down its website after being notified that customer information was viewable through the site’s search function. The medical marijuana dispensary website AltMed, which also operates under the name MüV, said Sunday on its Facebook page a customer had noticed that on www.altmedflorida.com it was possible to view customer information…

Flowers

Bloom is off the rose: Canadian 1-800-FLOWERS operation discloses four-year breach

By

The Canadian retail operations of 1-800-FLOWERS has disclosed a four-year data breach affecting customers who purchased goods on its website, warning that payment card data was exposed. The company 1873349 Ontario, Inc., which owns www.1800Flowers.ca, acknowledged the incident in a breach notification to impacted consumers, which was filed with the California attorney general’s office on Nov. 30.…

Arrest

FBI swats down massive, botnet-fueled ad fraud operation

By

With a heavy assist from private-sector cybersecurity and tech organizations, the FBI has dismantled a highly complex fraud network responsible for generating billions upon billions of fake online ad placements. In conjunction with the takedown, the U.S. Department of Justice yesterday announced a 13-count indictment filed against eight individuals, each a resident of either Russia,…

Proposed law would outlaw ‘Grinch bots’ that snatch up toys for resale

By

Far beyond Whoville, in the U.S., our nation,The House and the Senate introduced legislation.The bill makes illegal the use of “Grinch bots”To buy up all the toys, disappointing young tots. Okay, enough with the Suessing… On Nov. 16, House Rep. Paul Tonko D, N.Y., submitted H. R. 7160, aka the “Stopping Grinch Bots Act of 2018.”…

Amazon Logo

Amazon website glitch exposes customer data

By

Amazon customer service reportedly sent an unknown number of customers an email today, warning that a technical error on its website had exposed their data. Details on incident are scant, as Amazon’s disclosure was rather vague in details, according to several outlets that covered the development. “Hello, We’re contacting you to let you know that…

Make-A-Wish website compromised for cryptomining campaign

By

Not even the Make-A-Wish Foundation is off limits for some unscrupulous cybercriminals, as evidenced by a cryptojacking operation that compromised the charitable organization’s international website. Simon Kenin, security researcher at Trustwave, reported in a company blog post today that malicious actors injected a CoinImp browser-based cryptomining script that would harness the processing power of any…

The many faces of Magecart: Report profiles groups behind card-skimming threat

By

Magecart, the e-commerce payment card-skimming threat that has recently victimized Ticketmaster, British Airways, Newegg and other notable companies, is primarily comprised of six major active cybercriminal groups, according to a new joint research report. All of these groups use a version the same skimmer toolset, but they rely on different strategies and in some cases have…

Microsoft’s Patch Tuesday addresses Zero Day vulnerabilities

By

Microsoft’s Patch Tuesday rollout covered 62 items, 12 rated critical, including patches for a pair of Zero Day vulnerabilities. Among the most worrisome issues addressed with this round of updates is CVE-2018-8589, a Won32k elevation of privilege flaw, that has been spotted in the wild affecting Windows 7, Server 2008 and Server 2008 R2. “This…

Google hit with IP hijack taking down several services

By

Google G Suite yesterday had much of its traffic re-routed through Russia and dropped at China Telecom, according to the network intelligence company Thousand Eyes. Thousand Eyes at this time reported Google was victimized by a Border Gateway Protocol (BGP) hijacking attack. Google confirmed there was an issue, but does not believe it was done intentionally.…

Next post in Network Security