the staff of the Ridgewood blog
Ridgewood NJ, Wells Fargo has notified two of its customers about a data breach, revealing that the compromised personal information includes clients’ names and mortgage account numbers.
the staff of the Ridgewood blog
Ridgewood NJ, Wells Fargo has notified two of its customers about a data breach, revealing that the compromised personal information includes clients’ names and mortgage account numbers.
the staff of the Ridgewood blog
Ridgewood NJ, according to GoDaddy the internet hosting and domain name company on or about September 6, 2021, an unauthorized third party gained access to certain authentication information for administrative services, specifically, the customer number and email address creating a major security incident impacting the GoDaddy Managed WordPress hosting service.
the staff of the Ridgewood blog
Ridgewood NJ, Microsoft was made aware of initial attacks exploiting 4 previously unknown vulnerabilities in Exchange Server in early January, two months before issuing patches, according to a new report Monday by security journalist Brian Krebs.
the staff of the Ridgewood blog
Washington DC, according to NJ Office of Homeland Security and Preparedness (NJOHSP) a top cybersecurity firm in the United States detailed on December 8 that it fell victim to a recent cyber attack likely linked to a foreign government. FireEye said it was hacked by “a highly sophisticated threat actor, one whose discipline, operational security, and techniques lead us to believe it was a state-sponsored attack.” The firm concluded the attackers were from a nation with “top-tier offensive capabilities” and tailored the hack using a variety of new techniques specifically to target FireEye. The company confirmed tools used to test the cybersecurity of its clients—called “Red Team” tools—were stolen in the hack; however, there is no evidence of their use, and FireEye continues to monitor the situation while developing 300 countermeasures for its customers. FireEye noted there was particular interest from the hackers in certain government customers. The FBI is investigating the incident and said the level of sophistication in the attack is consistent with a nation-state.
Dear Barnes & Noble Customer,
It is with the greatest regret we inform you that we were made aware on October 10, 2020 that Barnes & Noble had been the victim of a cybersecurity attack, which resulted in unauthorized and unlawful access to certain Barnes & Noble corporate systems.
By Eric Auchard and Dustin Volz | FRANKFURT/WASHINGTON
A computer virus wreaked havoc on firms around the globe on Wednesday as it spread to more than 60 countries, disrupting ports from Mumbai to Los Angeles and halting work at a chocolate factory in Australia.
Risk-modeling firm Cyence said economic losses from this week’s attack and one last month from a virus dubbed WannaCry would likely total $8 billion. That estimate highlights the steep tolls businesses around the globe face from growth in cyber attacks that knock critical computer networks offline.
https://www.reuters.com/article/us-cyber-attack-idUSKBN19I1TD?il=0
By Paul Milo | NJ Advance Media for NJ.com
on November 22, 2016 at 7:28 PM, updated November 22, 2016 at 7:38 PM
NEW YORK — The Madison Square Garden Company said Tuesday that data from credit cards used at its properties over much of the past year may have been compromised.
The breach was discovered late last month when banks notified the company of a suspicious pattern of credit card activity. An investigation revealed that the breach began Nov. 9, 2015, and lasted until Oct. 24. The breach has since been addressed, the company said.
Cards used in person at the company’s venues — Madison Square Garden, Radio City Music Hall, The Theater at Madison Square Garden, The Chicago Theater and Beacon Theater — may have been affected when used for purchases of food, drinks and merchandise. Not all cards used were affected, nor were any cards used at MSG websites, the venues’ box offices or at Ticketmaster.
The data is encoded in the cards’ magnetic strips and includes card numbers, cardholder names, verification codes and expiration dates, the company said.
https://www.nj.com/news/index.ssf/2016/11/credit_card_breach_reported_at_madison_square_gard.html
Report: 191M voter records exposed online
By Katie Bo Williams – 12/28/15 09:50 AM EST
Security bloggers and researchers claim to have uncovered a publicly available database exposing the personal information of 191 million voters on the Internet.
The information contains voters’ names, home addresses, voter IDs, phone numbers and date of birth, as well as political affiliations and a detailed voting history since 2000.
While in most states, voter registration lists are a matter of public record, many have regulations restricting access and use.
For example, South Dakota requires those requesting access to voter data to confirm that the information “may not be used or sold for any commercial purpose and may not be placed for unrestricted access on the internet.”
Security researcher Chris Vickery discovered the breach and reported it to DataBreaches.net, which has since reached out to law enforcement, as well as the California attorney general’s office.
“When one of their attorneys asked, ‘Well how much data are we talking about?’ and I read her the list of data fields and told her that we had access to voter records of over 17 million California voters, her response was ‘Wow,’ and she promptly forwarded the matter to the head of their e-crime division,” writes DataBreaches.net’s anonymous admin.
Steve Ragan, a security blogger for the security and risk management website CSO, has alsoinvestigated the breach, noting that none of the political database firms he identified and reached out to in connection with the database claimed ownership of the IP address where the files are posted.
https://thehill.com/policy/cybersecurity/264297-report-191m-voter-records-exposed-publicly-online
Greg Farrell
Patricia Hurtado
The U.S. described a vast, multi-year criminal enterprise centering on hacks of at least nine big financial and publishing firms and the theft of information on 100 million of their customers that fueled a web of stock manipulation, credit-card fraud and illegal online casinos.
Two indictments, unsealed Tuesday, tied three of four suspects to previously reported hacks of JPMorgan Chase & Co., E*Trade Financial Corp., Scottrade Financial Services Inc. and Dow Jones & Co., a unit of News Corp.
Hackers and conspirators in more than a dozen countries generated hundreds of millions of dollars in illicit proceeds om pump-and-dump stock schemes and particularly lucrative online gambling, prosecutors said.
From 2012 to mid-2015, the suspects and their co-conspirators successfully manipulated dozens of publicly traded stocks, sent misleading pitches to clients of banks and brokerages whose e-mail addresses they’d stolen, and profited by using trading accounts set up under fake names, prosecutors said.
Along the way, members of the ring tried to extract nonpublic information from financial corporations, processed payment information for fake pharmaceuticals and fake anti-virus software, falsified passports and took control of a New Jersey credit union, said prosecutors. They used 75 companies and bank and brokerage accounts around the world to launder money, prosecutors wrote. Other alleged offenses include hacking, securities fraud, wire fraud and identity theft.
Patreon: Some user names, e-mail and mailing addresses stolen
At least passwords were encrypted with 2048-bit RSA, hashed via bcrypt, and salted.
by Cyrus Farivar – Oct 1, 2015 3:30pm EDT
Patreon, the website that allows people to maintain regular donations to a website, an artist, or project, announced late Wednesday that it had sustained a security breach.
The site said some registered names, e-mail addresses, and mailing addresses were accessed after someone managed to access a “debug version of our website” that at the time was accessible to the public.
Jack Conte, the co-founder and CEO, wrote in a statement:
We do not store full credit card numbers on our servers and no credit card numbers were compromised. Although accessed, all passwords, social security numbers and tax form information remain safely encrypted with a 2048-bit RSA key.
Conte specified that user passwords are hashed with bcrypt and salted as well, but he encouraged patrons to change their password anyway as a precaution.
By Julian Hattem – 09/24/15 04:06 PM EDT
The head of the National Security Agency told a Senate Committee on Thursday that Hillary Clinton’s former email setup would be an “opportunity” for the U.S. if it had been used by a top foreign diplomat.
“From a foreign intelligence perspective, that would represent opportunity,” Adm. Michael Rogers testified before the Senate Intelligence Committee.
The server would be a “top priority for foreign intelligence services,” Rogers agreed in response to a question from Sen. Tom Cotton (R-Ark.).
The comments are only likely to deepen the political trouble for Clinton, the former secretary of State whose “home-brew” email setup has threatened to engulf her campaign for the White House.
Critics have long feared that Clinton’s decision to go outside of the State Department’s normal email protocol posed a security risk to the nation by making it easier for foreign spies to crack into her messages and steal potentially crucial diplomatic secrets. Those concerns have only been compounded by revelations that some of the information contained in her emails is now classified.
Rogers said he had “no knowledge” of whether or not NSA officials’ emails were contained among the tens of thousands of work-related messages on Clinton’s personal server, or if any NSA officials were aware of her personal server.
The intelligence chief repeatedly attempted to dodge questions about the email setup on Thursday, clearly aiming to stay above the political fray.
https://thehill.com/policy/national-security/254841-nsa-head-clinton-server-represents-opportunity
Everett Rosenfeld
The Office of Personnel Management announced Wednesday that 5.6 million people are now estimated to have had their fingerprint information stolen.
That number was originally thought to be about 1.1 million, OPM said in a statement. About 21.5 million individuals had their Social Security Numbers and other sensitive information affected by the hack.
According to OPM, “federal experts believe that, as of now, the ability to misuse fingerprint data is limited.” The office acknowledged, however, that future technologies could take advantage of this information.
July 8, 2015 10:06 PM
(CBS) — It’s been a high-tech nightmare in the financial, and airline industries today because of separate glitches.
Trading was halted at the New York Stock Exchange for 3 1/2 hours after what has been described as an “internal problem.” Trading later resumed, with sizeable losses.
This was followed by temporary trouble accessing the Wall Street Journal’s website, and a flood of conspiracy theories on social media about a coordinated hack attack.
But before all this happened, United Airlines grounded flights across the country for nearly two hours, because of what they call a “router issue.”
CBS 2’s Mike Parker reports in every one of these incidents, it was computer technology breakdowns, not a hostile set of attacks. But one local expert says more of those are sure to come and we should be ready.
With the outages at the NYSE and United Airlines, some people wonder if this brave but vulnerable new world of computers could be open to a much bigger failure: a major enemy hack attack.
Anonymous issued cryptic tweet on eve of NYSE suspension
New York trading was suspended around 11:30 a.m. Wednesday due to a “technical issue,” the exchange said in a statement posted to Twitter.
The Department of Homeland Security said there was no indication the NYSE had been hacked, according to Bloomberg and CNN. The exchange said the glitch could not be attribute to “a cyber breach.”
“The issue we are experiencing is an internal technical issue and is not the result of a cyber breach,” it said in another statement. “We chose to suspend trading on NYSE to avoid problems arising from our technical issue. NYSE-listed securities continue to trade unaffected on other market centers.”
The White House said President Obama had been briefed on the issue. Earlier in the day, United Airlines briefly grounded all of its flights due to a systemwide failure.
Anonymous has previously targeted Wall Street and made headlines in 2011 when it threatened to “destroy” the New York Stock Exchange.
The message could also be seen as an allusion to economic unrest in China and Greece, which has contributed to global market turmoil in recent days. U.S. stocks saw modest losses in the early hours of trading Wednesday.
https://thehill.com/policy/finance/247225-anonymous-issued-cryptic-tweet-on-eve-of-nyse-suspension
By Eric Katz
June 11, 2015
In response to what was one of the largest data breaches in American history, the Office of Personnel Management has offered 4 million current and former federal employees free credit monitoring and identity theft insurance.
That approach may completely miss the mark, experts say.
Media reports and now lawmakers have said that state actors — likely from China – appear to be behind the attack, rather than individuals looking to exploit employees’ financial information. Credit monitoring, therefore, is a nice offer but one that is unlikely to protect federal employees from their adversaries’ true intentions.
“Credit reporting is lip service,” said Richard Blech, CEO of Secure Channels Inc., a cybersecurity firm that provides encryption technology and authentication services. “It means nothing.”
Ken Ammon, chief strategy officer for Xceedium, a network security company that contracts with the government and commercial enterprises, said credit monitoring is fine as a “first step,” though it serves more to protect the infiltrated organization legally than it does the individual from bad actors.
Experts refer to the hack as “cyber espionage,” rather than “cyber crime.” Individuals that illegally obtain data such as Social Security numbers and addresses can use that information for identity theft as it relates to credit card information, for example, but state actors do not hold those same interests.