Page 15 - Threat Intelligence 10-18-2019
P. 15

Data Breach













        The Connected Cybercrime Ecosystem & the Impact of the Capital One Breach. It's been about two months
        since one of the biggest data breaches in history was announced: A hacker gained access to more than 100
        million Capital One customers' accounts and credit card applications. The announcement made global
        headlines and left consumers and businesses reeling, but it did not come as a surprise to us. With the recent
        increase in attack volumes within the Arkose Labs network, we knew something of this magnitude had
        occurred. It was clear that fraudsters had gotten access to new, powerful information to weaponize.
                Source:   https://www.darkreading.com/attacks-breaches/the-connected-cybercrime-ecosystem-and-
                the-impact-of-the-capital-one-breach/a/d-id/1336006



        Security flaws exposed personal data from home loan applications in South Africa. Security vulnerabilities in
        systems used by several South African banks exposed the personal data of people who applied for home loans.
        Information about the flaw came from a source who spoke to MyBroadband on condition that they remain
        anonymous. The existence of the flaws were confirmed by E4 Strategic, the company which develops and
        maintains the systems. The company also stated that the vulnerabilities were discovered and fixed, and that
        there is no evidence of any data being leaked. However, according to the source, vulnerabilities still exist in the
        systems.

                Source:      https://mybroadband.co.za/news/security/323098-security-flaws-exposed-personal-data-
                from-home-loan-applications-in-south-africa.html




        Stolen Cloud API Key to Blame for Imperva Breach. A security breach which led to the compromise of
        customer data at Imperva was caused by a stolen API key for one of its Amazon Web Services (AWS) accounts,
        the firm has revealed. The firm was notified of the incident, which affected a subset of its Cloud WAF
        customers, by a third party at the end August.

                Source: https://www.infosecurity-magazine.com/news/stolen-cloud-api-key-to-blame-for/



        Click2Mail Suffers Data Breach. Email service Click2Mail today said it is alerting customers of a data breach
        that may have exposed their personal data. The company initially discovered the breach after some customer
        user names and email addresses were found being abused in spam messages. Names, organization names,
        account mailing addresses, email addresses, and phone numbers "may have been compromised" in the
        cyberattack, the company said in its notification to customers.
                Source:           https://www.darkreading.com/attacks-breaches/click2mail-suffers-data-breach/d/d-
                id/1336072










                                                    www.accumepartners.com
                                                                                                                    15
   10   11   12   13   14   15   16   17   18   19   20