Weekly Cyber Risk Roundup: JobLink, $100 Million BEC Scam and Other Breaches

Third-party cybersecurity issues were once again front and center this past week as America’s JobLink, a web-based system that links jobs seekers with employers, was compromised by a malicious actor, leading to a series of data breach announcements from states that use the system. “On February 20, 2017, a hacker created a job seeker account… Read More

Weekly Cyber Risk Roundup: Third-Party Breaches and Apache Struts Issues

Twitter is the week’s top trending cybercrime target after malicious actors leveraged a third-party analytics service known as Twitter Counter to hijack a number of Twitter accounts and post inflammatory messages written in Turkish along with images of Nazi swastikas. Hundreds of accounts were compromised, the Associated Press reported. Forbes magazine, the Atlanta Police Department,… Read More

Weekly Cyber Risk Roundup: Massive Leaks Expose CIA Secrets and Alleged Spam Operation

The week’s top trending cybercrime story was WikiLeaks’ release of more than 8,000 documents related to the U.S. Central Intelligence Agency. The dump, called “Vault 7,” contains information on the CIA’s hacking tools and methods and is “the largest ever publication of confidential documents on the agency,” according to WikiLeaks. “Recently, the CIA lost control… Read More

Weekly Cyber Risk Roundup: Cloudflare Aftermath and Online Stores Breached

The Cloudflare software bug that resulted in the potential leaking of sensitive data remained as the top trending cybercrime event of the past week as researchers continued to investigate and quantify the effects of the incident. In a March 1 blog post, Cloudflare CEO Matthew Prince described the “Cloudbleed” impact as “potentially massive” and said… Read More

Weekly Cyber Risk Roundup: Cloudflare Bug Discovered, Typos Lead to Theft

This week’s biggest story is the Cloudflare software bug discovered by Google researchers and disclosed Thursday that could have compromised private information such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data. “The bug was serious because the leaked memory could contain private information and because it had been cached by search… Read More

Weekly Cyber Risk Roundup: Yahoo’s Value Drops and New Regulations

Yahoo is once again back in the news for a variety of reasons, including a reported third data breach. However, it appears the reports of a “new breach” stem from additional notifications that were sent to some users on Wednesday regarding forged cookies being used to access accounts. Yahoo first disclosed that it was notifying… Read More

Weekly Cyber Risk Roundup: New PoS Breaches and Simple Attacks

The week’s top trending event was the compromise at Freedom Hosting II, which has been estimated to host as much as 20 percent of active dark web sites. As a result, thousands of dark web sites were taken offline, and the stolen data has since been widely shared. Security researcher Troy Hunt, who reviewed some… Read More

Weekly Cyber Risk Roundup: Ransomware and Insecure Databases Dominate Headlines

Ransomware and extortion continue to dominate the headlines in 2017. The past week saw several widely reported incidents involving service outages and lost data due to infections, as well as warnings that malicious actors are attempting to extort organizations via the threat of DDoS attacks. The Austrian hotel Romantik Seehotel Jägerwirt paid approximately $1600 in… Read More

Weekly Cyber Risk Roundup: DDoS Attacks Disrupt Services and SEC Probes Yahoo

A series of distributed denial-of-service (DDoS) attacks against financial institutions led to customers of Lloyds Banking Group experiencing intermittent outages over a 48-hour period and was the top trending cybercrime event over the past week. The Guardian reported that the attacks hit Lloyds, Halifax and Bank of Scotland from January 11 to January 13. IBTimes… Read More

Weekly Cyber Risk Roundup: Ransomware Disrupts Organizations and Massive Data Leaks

Extortion is once again the top trending cybercrime issue as concern continues around the theft, destruction and blackmail related to thousands of insecure MongoDB, Elasticsearch, CouchDB and Hadoop Distributed File System installations. While those stories led much of the past week’s discussion, there was also a steady stream of reports of organizations being infected with… Read More