Information Security Incidents: Weekly Overview (Nov 13–19, 2017)

By Riley ThompsonTechnology News

Weekly Overview of Information Security Incidents

Period: November 13–19, 2017

The past week did not see any major cybersecurity incidents, but there were new accusations against “Russian” hackers and several data leaks.

1. UK Accuses “Russian Hackers” of Attacks

Early last week, the UK’s National Cyber Security Centre (NCSC) reported attacks by “Russian hackers” targeting the country’s energy, telecommunications, and media companies. According to NCSC head Ciaran Martin, these attacks on British enterprises had been ongoing for a year.

2. Data Breaches at Forever 21 and ABC

Last week saw data leaks affecting customers of two major companies: retailer Forever 21 and the Australian Broadcasting Corporation (ABC).

  • Forever 21: Attackers gained access to payment card data of customers who made purchases at certain stores. The company did not disclose the number of affected customers or which locations were impacted.
  • ABC: The company accidentally leaked data stored on at least two unsecured AWS S3 servers. According to Kromtech Security Center researchers, thousands of emails, user logins and password hashes, license content requests from producers, private keys and credentials for other repositories, video content, and 1,800 daily MySQL database backups (from 2015 to present) were publicly accessible.

3. Misconfigured Amazon S3 Servers Continue to Expose Data

Almost every week brings news of misconfigured Amazon S3 servers exposing sensitive data. For example, security researcher Chris Vickery discovered three misconfigured Amazon S3 servers belonging to the US Department of Defense. These servers contained 1.8 billion posts made online by users worldwide.

4. Companies Still Neglect Security

Despite frequent reports of data leaks, many companies continue to overlook their own security. For instance:

  • US IT company DXC Technologies lost $64,000 after an employee accidentally uploaded the company’s private AWS key to a public GitHub repository.
  • Digital certificate keys for the website of Chinese drone manufacturer DJI were available on GitHub for four years.

5. Hacktivists Target Amaq News Agency

Last week, Muslim activist group Di5s3nSi0N, as part of the #silencetheswords campaign, attacked the Amaq news agency (linked to ISIS, a terrorist organization banned in Russia). They published a list containing the email addresses of nearly 2,000 subscribers in response to Amaq’s claim that its email service was nearly unhackable.

6. Security Mishap at McAfee

The week was not without its oddities: US cybersecurity company McAfee blocked access to malware that, as it turned out, was being distributed from within its own network. The malware was hosted on a third-party site but was spread via a domain associated with McAfee’s ClickProtect service, which is designed to protect email users from phishing and malicious links.

Leave a Reply