Equifax claims administrator says victims must provide more info to claim cash
If you're one of the millions of Americans who received an email this weekend from the Equifax breach settlement administrator, you're not alone. Nor are you alone if you were surprised or confused by the message, as more than a half-dozen Ars readers who forwarded theirs were. The message, however, is entirely legitimate, and the information it seeks is part of the claims process. Equifax and the Federal Trade Commission in July reached a settlement relating to the company's completely massive data breach of more than 140 million Americans. As part of that agreement, anyone whose data was part of the breach could file a claim to receive either cash compensation or several years of free credit monitoring.
Secret Service Investigates Breach at U.S. Govt IT Contractor
The U.S. Secret Service is investigating a breach at a Virginia-based government technology contractor that saw access to several of its systems put up for sale in the cybercrime underground, KrebsOnSecurity has learned. The contractor claims the access being auctioned off was to old test systems that do not have direct connections to its government partner networks. In mid-August, a member of a popular Russian-language cybercrime forum offered to sell access to the internal network of a U.S. government IT contractor that does business with more than 20 federal agencies, including several branches of the military. The seller bragged that he had access to email correspondence and credentials needed to view databases of the client agencies, and set the opening price at six bitcoins (~USD $60,000).
Hackers Steal $4.2m from State Troopers' Pension Fund
Cyber-thieves targeting a pension fund for law enforcement officers employed by the state of Oklahoma have made off with $4.2 million. The money was stolen from a fund of more than $1 billion set aside to pay pensions and benefits to around 1,500 retired highway troopers, park rangers, state agents, and other law enforcement officers. The theft occurred on August 26, 2019, when the perpetrators managed to hack into the email account of an investment manager working on behalf of the Oklahoma Law Enforcement Retirement System (OLERS) agency.
Wikipedia and World of Warcraft Classic targeted by DDoS attacks
Imagine a world without Wikipedia. Do you even remember what it was like when you had to use your memory to recall the order of James Bond films, guess how old Tina Turner is, or try to say with any certainty with what country France has its longest land border? Now many of us don’t feel it’s so essential to amass general knowledge, as Wikipedia is always at our fingertips to tell us what year Queen released Bohemian Rhapsody. So you can imagine the pain that was caused to pub quiz cheats and students writing essays this weekend when crowd-sourced internet encyclopedia Wikipedia, one of the world’s most popular websites, was hit by a distributed denial-of-service attack.
Cyberattack Disrupted Firewalls at U.S. Power Utility
A quarterly report published last spring by the National Energy Technology Laboratory revealed that a cyber event caused “interruptions of electrical system operations” at an unnamed utility in the western part of the United States. The incident, which occurred on March 5, impacted California, Utah and Wyoming, but it did not result in any power outages. E&E News, which provides news for energy and environment professionals, learned at the time that the disruption involved a DoS attack that exploited a known vulnerability, but no other details were made available.
More Than 99% of Threats Target Corporate Staff
Over 99% of cyber-threats require human interaction to work, highlighting the importance of user awareness programs and layered defenses, according to Proofpoint. The security vendor’s 2019 Human Factor report is based on an 18-month analysis of data the firm collected across its global customer base. It adds some concrete findings to the general trend observed by many in the industry over the past few years that attackers are increasingly targeting the “weak link” in the cybersecurity chain: corporate employees.
70% of educational orgs don’t have an appropriate cloud security budget
Even though cloud technologies are becoming more popular in the education sector, management is still reluctant to invest in cloud data security initiatives, a Netwrix study finds. 53% of educational organizations are ready to start deploying a cloud-first strategy for all new services and technologies, up from 40% last year. However, every third organization in this sector experienced a cloud breach in the previous year. One critical factor is that IT teams at 70% of educational organizations don’t receive a sufficient budget for cloud security.
Exploit Kits Target Windows Users with Ransomware and Trojans
Over the weekend and into today, four different malvertising campaigns have been redirecting users to exploit kits that install password stealing Trojans, ransomware, and clipboard hijackers. All four of these campaigns were discovered by exploit kit expert nao_sec and are being distributed through malvertising that redirect visitors to the exploit kits landing pages. These landing pages are typically hosted on hacked sites. Once a user visits the site, the kit's scripts will attempt to exploit vulnerabilities in the visitor's browser to automatically download and install malware without the user's knowledge.
