Wipro’s hack lived for years in its infrastructure

Brief

Dive Brief:

The hack on Indian outsourcing and consulting company Wipro involved actors linked to other attacks dating back to 2017 and potentially 2015, and “the re-use of infrastructure from those older attacks,” according to research done by Flashpoint.
The intruders used ScreenConnect, a remote access software application for desktops, on Wipro’s machines and domains that were hosting powerkatz and powersploit scripts, according to Flashpoint. Powerkatz is used for searching memory for credentials or other authentication keys whereas powersploit is used “during penetration-testing engagements to launch exploits at a target.”
Last month security journalist Brian […] Read more

Following Equifax hack attack, more federal power to punish needed

A view of a sign for the company Equifax on the floor of the New York Stock Exchange in September 2017. The company was hit by a cybersecurity data breach in 2017 that affected at least 145 million million consumers in the United States. Equifax is one of the three main organizations in that calculates credit scores and has access to personal information including names, Social Security numbers, birth dates, addresses, some driver’s license, and credit card numbers. EPA-EFE/JUSTIN LANE (Justin Lane/EPA-EFE)

Joe Davidson

Columnist focusing on federal government issues

Read more

Marriott CEO shares post-mortem on last year’s hack

Marriott International CEO Arne Sorenson testified in front of a US Senate subcommittee yesterday, revealing new details about a security breach the hotel chain disclosed last year.

Speaking in front of the Senate Committee on Homeland Security & Governmental Affairs Permanent Subcommittee on Investigations, Sorenson apologized to the company’s customers but also shot down rumors that China was behind the hack.

According to a prepared statement for his testimony, Sorenson said that the first time when Marriott learned that something might be wrong was on September 8, last year, when they were contacted by Accenture, the IT company that was managing the […] Read more

Marriott CEO Not Clear If China Is Behind Hack

Share

Tweet

Share

Share

Share

Print

Email

Marriott International Chief Executive Arne Sorenson appeared before a Senate subcommittee Thursday (March 7) to discuss the data breach of the Starwood Hotels reservation system, saying he doesn’t know if China was behind it.

According to a report in Reuters covering the hearing, Sorenson apologized for the hack that compromised the data on 383 million guests in the Starwood hotels reservation system, saying the company has taken steps to protect against any future hacks. As for China, the executive said the company doesn’t know who or which country was behind the hack, but is cooperating with the FBI to figure it […] Read more

Marriott Exec To Testify About Hack Attack

Share

Tweet

Share

Share

Share

Print

Email

Marriott International Chief Executive Arne Sorenson is set to testify before a U.S. Senate panel about a hacking incident that exposed the records of up to 383 million customers.

The breach, which may be among the largest in history, was revealed in November 2018. The company said that an alert was raised in September from an “internal security tool” that access to guests’ information had been attempted. An investigation then revealed that the unauthorized access had been happening since 2014. During that time, unauthorized parties had been able to copy and encrypt information that resided in the Starwood database, including around 25.55 million […] Read more

The Equifax hack — this time it’s personal. — bobsullivan.net

Click to listen to the trailer.

Why was Equifax hacked? Who was behind it? Who deserves the blame? And what should you do now? We’re asking all those questions, and providing most of the answers, in the second season of the Breach cast, dropping March 4.

Six months in the making, it’s *almost* here.  Together with co-host Alia Tavakolian, producer Janielle Kastner and the (ever-growing) team at Spoke Media, we investigated the Equifax hack from every angle. We talked to a small army of insiders, including the man that CEO Richard Smith described as the “human error” responsible for the hack. We […] Read more

Speedier bank mergers; a new take on the Equifax hack

Receiving Wide Coverage …

Silver liningMortgage originations may be slowing, but the market for “humdrum” mortgage servicing rights sure isn’t, with volume up 14% last year from the year before. “The increase in servicing transfers is the latest ripple effect from a slowdown in the housing market, which has forced lenders to slim down, consolidate or close up shop,” the Wall Street Journal reports. “Many of the sellers are independent mortgage lenders that don’t have deposits to fund themselves or other lines of business that can help them withstand a downturn. Stronger players — both banks and nonbanks — have been […] Read more

Firms Use Software That Enabled Equifax Hack

Share

Tweet

Share

Share

Share

Print

Email

Equifax’s data breach of nearly two years ago hasn’t taught a majority of Fortune 100 companies a lesson, with reports stating that most are using the same vulnerable version of software that enabled hackers to infiltrate Equifax.

According to a report citing data provided by open source automation company Sonatype, in the second half of 2018, two thirds of Fortune 100 companies downloaded versions of Apache Struts with the same vulnerabilities that Equifax had when it was breached. And that comes even with nearly two years’ worth of patched Apache Struts available in the marketplace.

The report noted that Sonatype won’t name names, but […] Read more

Marriott hack could wind up being worse than the Equifax breach

The Marriott hotel hack is the latest in an alarming series of data breaches, exposing the personal data of 500 million customers. Given the size of the breach, the quality of the data revealed and the number of years it went undetected, the repercussions are bound to impact the fraud landscape in 2019 and beyond.

In the aftermath of the Marriott breach, there will likely be an increase in fraud attack rates. Bad actors will leverage the leaked information to take advantage of e-commerce retailers and consumers by exploiting the available data via account takeovers, or ATO. ATO occurs when criminals […] Read more