Smith & Wesson targeted in cyberattack, report says. A cyberattack started during the peak of Black Friday
        shopping last week with the injection of malicious computer code into Smith & Wesson's online store, as
        reported by BleepingComputer. In a typical case, the code, or JavaScript, tries to steal customer payment data
        by sending it to a remote site under the attacker's control, according to the cybersecurity news site. These
        types of attacks typically gain entry by either breaking into a server or by targeting the business’ third-party
        vendors, who in turn unwittingly pass on the infection, according to TechRepublic.
                Source: https://www.foxnews.com/tech/smith-wesson-targeted-in-cyber-attack-report-says



        British American Tobacco Suffers Data Breach and Ransomware Attack. A Romanian web platform owned by
        the international tobacco company British American Tobacco (BAT) has suffered a data breach and
        ransomware attack. The data breach was discovered on an unsecured Elasticsearch server located in Ireland,
        which involves close to 352 GB of data. In addition, they found that hackers had already gotten to the data and
        that the server also contained a readme file with a ransom request, in which a hacker or group of hackers
        threatened to delete the data from the server if their demands aren’t met. The hackers are demanding a
        Bitcoin payment in exchange for the data.

                Source:  https://www.securitymagazine.com/articles/91356-british-american-tobacco-suffers-data-
                breach-and-ransomware-attack




        Data Leak Week: Billions of Sensitive Files Exposed Online. Earlier this week, separate data exposure
        incidents left a total of 2.7 billion email addresses, 1 billion passwords, and nearly 800,000 applications for
        copies of birth certificates were found on unsecured cloud buckets by security researcher Bob Diachenko.
        Organizations continue to fail to lock down their cloud servers, and researchers keep discovering sensitive
        information in unsecured cloud buckets as a result. This means it is relatively easy for cybercriminals and
        nation-state threat actors to retrieve this sensitive data as well. Research from Digital Shadows shows that
        misconfigured online storage has led to a 50% increase in exposed files this year.

                Source: https://www.oodaloop.com/briefs/2019/12/11/data-leak-week-billions-of-sensitive-files-
                exposed-online/



        Waco water bill attack just the latest in a wave of Click2Gov breaches. The City of Waco has warned residents
        that their online payments for water services may have been intercepted by hackers who stole credit card
        details. The heart of the problem lies in the third-party online payment software that Waco and several other
        cities and municipalities use to let residents pay their bills, pay parking fines, as well as make other financial
        transactions. According to a spokesman for the City of Waco, the Click2Gov portal for water bill payments was
        breached by malicious hackers who were able to plant malicious code that siphoned off sensitive data
        between August 30th and October 14th. “Unfortunately, this is something that happens in the credit card
        world,” said Larry Holze. Well, it certainly does happen in the case of Click2Gov if recent history is any judge.

                Source: https://www.tripwire.com/state-of-security/security-data-protection/waco-water-bill-attack-
                click2gov-breaches/#new_tab













                                                    www.accumepartners.com
                                                                                                                    19