Category Archives: Due Diligence

Nude Celebrity Scandal, Cloud Service Security and You!


September 04, 2014

Following the slew of private celebrity photos leaked earlier this week, both end-users and organisations are understandably concerned. Invariably, user confidence in the security of online services, and the confidentiality of any data stored, has been shaken by such leaks.

This is especially worrying for organisations, as more and more enterprise services move onto remotely hosted cloud platforms, which are now home to the corporate crown jewels (emails, commercially sensitive information, intellectual property etc).

The same security issues that appear to have caused the recent iCloud breaches typically affect these cloud platforms. From a security perspective, using a cloud system is effectively outsourcing and therefore should be treated as diligently as any other outsourcing arrangement.

According to Apple, the recent celebrity photo compromise occurred due to a “very targeted attack on user names, passwords and security questions” – in other words, social engineering password resets. Continue reading

iOS devices hit by AdThief malware


September 01, 2014

Apple iPhones and iPads are being targeted by a malware called AdThief, which has so far impacted 75,000 devices, according to details provided by Fortinet in a Virus Bulletin.

AdThief was discovered in March of this year, and was found to hijack advertisement revenues and redirect them to the attacker. These advertisements commonly seen in mobile apps as an alternative way of receiving compensation for development.

Continue reading

Wireless Emporium site compromised by malware


August 19, 2014

A US retailer, Wireless Emporium, has recently suffered a massive data breach on it's website computer server, in which a substantial amount of personal and confidential information may have been compromised.

Wireless Emporium is a retailer specialising in cellphone accessories and mobile products such as chargers, cases and batteries. A malware installation on the website server may have opened access to valuable data.

Continue reading

Las Vegas brain and spine surgery centre hit with insider breach


August 16, 2014

A medical centre in the United States has recently been hit with a substantial data breach, which is now believed to have originated from within the centre itself.

The Las Vegas Western Regional Center for Brain & Spine Surgery (WRCBSS) reported the breach on July 9, stating that 12,000 individuals have been impacted. Names, addresses, Social Security numbers and billing account numbers for the organisation were included in the stolen data.

Continue reading

ABI: Cyber attacks pushing DLP market growth


August 09, 2014

Data breaches are growing in number, driving a massive loss prevention market, according to a new report from analytical firm ABI Research.

It's not just the quantity, however, as these enterprise attacks have also been growing in sophistication throughout the past decade, to the point where breach and data theft at the enterprise level are now inevitable.

Continue reading

SafeNet BLI finds 237 breaches between April and June this year


August 07, 2014

More than 375 million customer data records were compromised in the first half of this year, in a staggering 559 data beaches. The retail industry was hit the hardest, with over 145 million records stolen or lost in the second quarter alone.

These statistics came as part of a new report from SafeNet, a global provider of data protection solutions for wireless networks and other systems headquartered in the United States.

Continue reading

Backcountry Gear website hit with payment-compromising malware


August 06, 2014

The Backcountry Gear website has been compromised by a substantial malware attack, which has resulted in the likely breach of personal customer payment card information.

Backcountry Gear is a supplier of lightweight backpacking and camping equipment, based in the United States. Apparently, malware was installed on the website for around three months, beginning around 27 April of this year. In addition to payment card information, names, addresses, and purchase details were also accessed.

Continue reading

Seattle University notifies donors of security breach


August 05, 2014

Seattle University in Washington is currently notifying individuals of a security breach that left their personal information open to anyone in the university computer network.

The breach was announced on July 17, in an incident notification issued to the Attorney General. The actual breach was discovered on May 25, at which point measures were put in place to improve security measures.

Continue reading

US wellness plan affected by substantial breach


August 01, 2014

A substantial number of people have recently been impacted in a data breach at Virginia-based power and energy company Dominion Resources, by an attacker who gained access through the systems of a subcontractor.

Around 1,700 individuals are now being notified of the attack, which was carried out on March 25. Following the attack, Onsite Health Diagnostics discovered the breach in June and brought it to the attention of StayWell Health Management, the wellness vendor for employees. StayWell was then able to notify Dominion Resources on June 24.

Continue reading