Wade Mackey
HUMBLE BOOK BUNDLE: CYBERSECURITY 2019 BY PACKT
20 Cyber Security Books for $15 through humble bundle. Only 6 days left.
https://www.humblebundle.com/books/cybersecurity-2019-packt-books?hmb_source=humble_home&hmb_medium=product_tile&hmb_campaign=mosaic_section_2_layout_index_3_layout_type_threes_tile_index_1_c_cybersecurity2019packt_bookbundle
Here’s the next jumbo data leak, complete with Facebook, Twitter, and LinkedIn profiles.
“While the collection is impressive for its sheer volume, the data doesn’t include sensitive information like passwords, credit card numbers, or Social Security numbers. It does, though, contain profiles of hundreds of millions of people that include home and cell phone numbers, associated social media profiles like Facebook, Twitter, LinkedIn, and Github, work histories seemingly scraped from LinkedIn, almost 50 million unique phone numbers, and 622 million unique email addresses.”
https://www.wired.com/story/billion-records-exposed-online/
It affected many public-facing websites and services.
“The IT team noticed the irregular pattern, saw that it was the Ryuk virus, which encrypts files, and didn’t read the ransom note, said Jacques Berry, spokesman for the Division of Administration. Instead, the team found where virus was attached to the programs and shutdown computers to avoid infecting other systems, Berry said.”
Capital One has replaced its cybersecurity chief four months after the company disclosed a massive data breach involving the theft of sensitive data on more than 100 million customers. Capital One continues to assess the aftermath from its July data breach, which saw a hacker take PII from millions of customers applying for credit cards. The data leaked also included names, addresses, postal addresses, phone numbers, email addresses, dates of birth and self-reported income, as well as credit scores and credit limits.
In March 2018 one of NoedVPN’s data centers in Finland was “accessed with no authorization,” said NordVPN spokesperson Laura Tyrell. The attacker gained access to the server, which had been active for about a month. They exploited an insecure remote management system left by the data center provider; NordVPN said it was unaware that such a system existed. This is such a breakdown of physical security and poor patch management. IT is also disturbing that they are reporting in October 2019 for an incident in march.
Unsecured Database does it again. Perfect article for a week that we are doing reconnaissance. This is one of the biggest car sales referrers on the market. It is amazing the amount of money that was spent on infrastructure, marketing, and analytics. So much commerce so little care. “The unsecured database held 198 million records, including names, email addresses, phone numbers, street addresses and “other sensitive or identifiable information exposed to the public internet in plain text,” noted Fowler, who added that data, such as IP addresses, ports, pathways and storage info, could be used to further navigate the network.”