Linkedin is ripe with information about people. In a targeted attack, facebook and linkedin would probably be the two places to start gathering information. Many people lock down facebook, but Linkedin doesn’t have the same privacy controls and in fact, often times the information on linkedin is meant to be public. What linkedin provides is a free, centralized source for that information.
This is related to our initial post about the PHP.net attack and whether or not the source code was compromised. According to this article, “One of five distinct malware types served to visitors of php.net from October 22 to October 24, DGA.Changer employs a novel way of evading detection and takedown attempts.”
- Backspacing, the select all/delete, hitting cancel or whatever it takes to avoid telling the world whatever it was that you typed may have been logged.
- Self-Censorship on Facebook (PDF), that describes a study conducted by two Facebook researchers said they used code they had embedded in the web pages to determine if anything had been typed into the forms in which we compose status updates or comment on people’s posts.
- If the content wasn’t shared within 10 minutes, it was marked as self-censored.
- Acording to Facebook: “the things you explicitly choose not to share aren’t entirely private.”
- Facebook spent 17 days tracking abandoned posts in a manner that some might find discomforting and readers are reminded that the internet allows website owners to be far, far more invasive.
- The U.S. Department of Energy is describes what lead to July breach
- Failures around vulnerability management, access controls and a general lack of communication between decision makers
- Hackers were able to penetrate a Web-facing application and steal personal information on 104,179 current and former employees, dependents and contractors.
- They had access to information that could have included Names, addresses, Social Security numbers, dates of birth and bank account information, unencrypted
- DOE failed to live up to industry standards and government mandates around not only encryption of sensitive data but also to install software updates, purchased in March, that would have prevented the breach and instead sat for five months in a testing environment, cost significantly less than the expected $3.7 million price tag for credit monitoring and other recovery costs.
- Someone broke into the offices of Horizon Blue Cross Blue Shield of New Jersey and stole two laptops that contained the sensitive information of more than 800,000 members
- The medical insurance provider claims that the machines were locked to an employee workstation inside Horizon’s Newark headquarters
- The laptops are password protected but also admitted that they had failed to encrypt them
- Stolen machines may have contained member names, addresses, dates of birth, Horizon Blue Cross Blue Shield of New Jersey identification numbers, Social Security numbers, and clinical information
- Horizon Blue Cross Blue Shield of New Jersey claims that they have no reason to believe that the thieves targeted the stolen laptops because of the information stored within them.
- “Due to the way the stolen laptops were configured, we are not certain that all of the member information contained on the laptops is accessible,”
Everyone will be attacked, and many will be breached. Have you taken steps to protect your organization or made plans for how to react in the event of a data breach? Securit360 offers services to fortify your security programs, train your employees, and measure your vulnerabilities.
[av_button label=’Contact Us’ link=’page,35′ link_target=’_blank’ color=’theme-color’ custom_bg=’#444444′ custom_font=’#ffffff’ size=’small’ position=’right’ icon_select=’no’ icon=’ue800′ font=’entypo-fontello’]
Do you have policies in place to protect your client’s data? Do you verify that your employees are following those policies? It was reported that nearly 19000 users were compromised because someone lost a thumb drive that was not encrypted, even though there was a policy in place saying it should have been. Read More
Do you need help creating or reviewing your policies? Do your policies meet regulations?
[av_button label=’We can help’ link=’page,35′ link_target=’_blank’ color=’theme-color’ custom_bg=’#444444′ custom_font=’#ffffff’ size=’small’ position=’right’ icon_select=’no’ icon=’ue800′ font=’entypo-fontello’]
Today Microsoft released eleven security bulletins addressing 24 CVE’s. Five bulletins have a maximum severity rating of Critical while the other six have a maximum severity rating of Important.