External Threat Summary for September 2018
Data Leak | Data Breach
Education Company Chegg Acknowledges Data Breach, Puts 40 Million Users on Notice.
An unauthorized party gained access to a Company database that hosts user data for chegg.com and certain of the Company’s family of brands such as EasyBib.
United Nations inadvertently exposes passwords and sensitive information.
The UN accidentally published passwords, internal documents, and technical details about websites when it misconfigured popular project management service Trello, issue tracking app Jira, and office suite Google Docs.
Twitter alerts users that private tweets may have been shared with Twitter developers.
In an alert on Twitter, the social network is alerting users that for over a year, their direct messages and private tweets may have been sent to Twitter developers by mistake.
Data Leak | Dark Web
Personal data of Bengaluru citizens leaked on the Dark Web.
Hidden away in a folder – on one of the thousands of anonymous websites that constitute the Dark net – are the names, phone numbers, addresses, passport numbers and dates of birth of over 350 Bengaluru citizens.
Data Breach | Dark Web
Access to 3,000 breached websites sold on MagBo underground forum.
Access to approximately 3,000 breached websites has been discovered for sale on a Russian-speaking underground marketplace called MagBo.
Rouge Mobile Application
Several fake finance apps discovered on Google Play.
Cyber Social Media Threat
CBD oil spam campaign found on Twitter.
A low level spam campaign is working its way through Twitter, with just under 2,000 posts visible on public search.
Hackers selling stolen air miles from Emirates Skywards, British Airways, SkyMiles on the Dark Web.
There’s a black market for your frequent flyer miles. Stolen frequent flyer accounts and rewards points are a hot commodity on the Dark Net.
42 million emails and passwords posted on public hosting service Kayo.moe
A huge database with email addresses, passwords in clear text, and partial credit card data has been uploaded to a free, public hosting service.
Fraud and Scams | Reputation Risk
Microsoft TechNet portal pages flooded with tech support scams.
3,000 TechNet pages flooded with tech support scams pushing shady phone numbers for cryptocurrency exchanges and social media platforms.
Social Media Account Takeover
Bollywood actor’s social media accounts hacked by Turkish cyber group.
Eleven minutes after publishing a controversial post, actor’s Instagram and Twitter accounts were hacked.
Physical Social Media Threat
Teenager who caused 400 evacuations pleads guilty to email bomb hoax campaign.
Hertfordshire teenager has admitted emailing bomb threats to thousands of schools and disrupting a flight to San Francisco over the past few months.
Misconfigured websites with .git directory expose source code directories.
If you use git to deploy your site, you shouldn’t leave the .git folder in a publicly accessible part of the site.
Rouge Mobile Application
130 fraudulent applications detected on Google Play.
Dozens of malicious applications on Google Play designed to generate illegal revenue.
Don’t be the next news story. Contact us now to start protecting your organization from external threats.