http://www.esecurityplanet.com/network-security/state-of-california-acknowledges-massive-security-lapse.html
http://www.esecurityplanet.com/network-security/u.s.-banks-hit-by-new-round-of-cyber-attacks.html
State of California Acknowledges Massive Security Lapse
Nearly 14,000 names and Social Security numbers were mistakenly published online.
The State of California's Department of Health Care Services (DHCS) recently acknowledged that it had mistakenly published thousands of Social Security numbers online for nine days.
"In an exclusive interview with KCRA 3, state officials from the Department of Health Care Services admitted to posting nearly 14,000 Social Security numbers belonging to Medi-Cal providers working for In-Home Supportive Services. ... The confidential information was available on the state's Medi-Cal website for anyone to see for a period of nine days, before the mistake was discovered and the numbers removed," writes KCRA 3's Mike Luery.
"Those affected by the breach began receiving letters from the DHCS this week claiming their name and Social Security number were posted on a 'public website for business purposes,'" writes Threatpost's Christopher Brook. "Along with names and Social Security numbers, users’ provider names, addresses and provider types are also at risk of being exposed in the breach."
"Norman Williams -- deputy director for public affairs at DHCS -- said that the most recent breach was 'inadvertent, and we sincerely regret this has happened,'" California Healthline reports. "He said that the agency is conducting an internal investigation on the matter."
http://www.esecurityplanet.com/network-security/u.s.-banks-hit-by-new-round-of-cyber-attacks.html
U.S. Banks Hit by New Round of Cyber Attacks
The Izz ad-Din al-Qassam Cyber Fighters are back.
Earlier this week, the Izz ad-Din al-Qassam Cyber Fighters threatened to attack Chase, Bank of America, US Bank, PNC Financial Services and SunTrust Bank -- and it appears that the attacks have already begun.
"In new phase, the wideness and the number of attacks will increase explicitly; and offenders and subsequently their governmental supporters will not be able to imagine and forecast the widespread and greatness of these attacks," the hackers warned in a Pastebin post on Monday.
"On Tuesday night, Sitedown.co, which records website outages, had logged roughly 668 reports of people claiming to be unable to log in to their accounts at Bank of America (BCA) within the preceding 24 hours compared with 995 reports in the past seven days," writes American Banker's Brian Browdie. "'We're aware of the reports of possible cyberattacks and we're monitoring our systems, which are fully operational,' Bank of America spokesman Mark Pipitone said in an email. 'We've reached out individually to a small number of customers who reported issues to us yesterday.'"
"The online-monitoring site websitedown.com reported that about noon ET on Dec. 11, SunTrust Banks website suffered intermittent outages," writes BankInfoSecurity's Tracy Kitten. "But SunTrust executives declined to comment on the nature of the outages."
"Some customers of PNC Bank were having trouble logging into their online and mobile banking accounts this afternoon following a threatened digital attack on a handful of big U.S. banks, according to a posting on the Pittsburgh-based bank's Facebook page," writes The Pittsburgh Post-Gazette's Patricia Sabatini. "'We know access to your accounts is important and we continue to address the issue,' PNC said in the post, adding that customers' financial data was secure."
and....
http://www.esecurityplanet.com/network-security/european-power-grid-hit-by-cyber-attack.html
European Power Grid Hit by Cyber Attack
While e-mail services and Internet connectivity were disabled, 50Hertz says electricity services weren't affected.
German power grid operator 50Hertz recently acknowledged that its Internet communications systems were taken offline by a cyber attack two weeks ago.
"'It was a DOS ('Denial Of Service') attack with a botnet behind it,' Boris Schucht, the CEO of 50Hertz told EurActiv on the fringes of a Brussels renewables conference. 'It blocked our internet domains so that in the first hours, all email and connectivity via the internet was blocked,'" writes EurActiv's Arthur Neslen.
"The source of the attack appears to be Russia and Ukraine, but that doesn’t necessarily mean that actors from these states are actually behind the cybercriminal campaign," writes Softpedia's Eduard Kovacs.
"Talking to heise online, 50Hertz said that Akamai's Site Defender software was 'successfully used' to combat all three attacks," writes The H Security's Falk Luke. "Although no infrastructure that is relevant for power transmission is thought to have been affected by the attack, EurActiv reports that the incident was discussed at an assembly meeting of the European Network of Transmission Systems Operators for Electricity association."
and....
http://www.esecurityplanet.com/hackers/team-ghostshell-hackers-hit-interpol-pentagon-others.html
Team GhostShell Hackers Hit Interpol, Pentagon, Others
The hackers published data from 1.6 million records and accounts.
Members of Team GhostShell recently published data stolen from organizations ranging from the Pentagon to NASA.
"The attacks are done for a project officially known as #ProjectWhiteFox, which stands for freedom of information," HackRead reports.
"In #ProjectWhiteFox, what the team says will be their last project for the year, the hackers appear to have targeted and stolen database records from companies and organizations including NASA, Bigelow Aerospace, Aerospace Suppliers, World Airport Transfers, the Credit Union National Association (CUNA) and a defense contractor for the Pentagon," writes ZDNet's Charlie Osborne. "The team claims that the latest campaign has resulted in the leak of 1.6 million accounts and records from different industry players."
"The divulged data appears to be a dump of names, passwords -- some hashed, some plain text -- resumes, admin logins, phone numbers and e-mail addresses, among other bits of information," writes Threatpost's Christopher Brook.
"Along with massive links to data dumps on Pastebin, the group claims to have emailed ICS-CERT Security Operations Center, Homeland Security Information Network, FBI in Washington and Seattle, NASA at Langley and others warning about 'another 150 vulnerable servers from the Pentagon, NASA, DHS, Federal Reserve, Intelligence firms, L-3 CyberSecurity, JAXA, etc. consider it an early Christmas present from us,'" writes Computerworld's Darlene Storm.
"Earlier efforts by Team Ghostshell have included the release of 50,000 user accounts stolen from a jobs board that focuses on Wall Street, and the release of 120,000 records from 100 of the world's top universities, including Harvard and Oxford," writes InformationWeek's Mathew J. Schwartz. "Last month, meanwhile, after 'declaring war on Russia's cyberspace' as part of what it dubbed Project BlackStar, the group claimed to have leaked 2.5 million records and accounts related to a number of Russian government, law enforcement, and business organizations."
No comments:
Post a Comment