Tomorrowland festival
Hackers accessed the data of 64,000 Tomorrowland music-festival
attendees who attended the event in 2014. The information accessed
included names, addresses, age, postcodes and genders. To read
more: https://www.scmagazine.com/home/security-news/data-breach-compromises-64000-tomorrowland-festival-attendees/
Radisson Hotel Group
The Radisson Hotel Group fell victim to a data breach impacting
members of the company’s loyalty and rewards program. The
compromised information included names, physical addresses,
countries of residence, email addresses and more. To read more:
https://www.zdnet.com/article/radisson-hotel-group-chain-suffers-data-breach/
Cisco
A zero-day vulnerability has hit products running Cisco’s Adaptive
Security Appliance and Firepower Threat Defense software. The
vulnerability has been exploited in the wild and no patches are yet
available. To read more: https://www.zdnet.com/article/cisco-zero-day-exploited-in-the-wild-to-crash-and-reload-devices/
Arik Air
An exposed Amazon S3 bucket caused a leak of customer data
belonging to Nigerian airline Arik Air. The bucket was discovered
on September 6th, and the files contained more than 80,000 rows of
data. To read more: https://www.zdnet.com/article/nigerian-airline-arik-air-may-have-leaked-customer-data/
Girl Scouts of the USA
The Orange County, CA branch of the Girl Scouts was hacked, and
personal information of thousands of members potentially exposed.
To read more: https://threatpost.com/girl-scouts-issues-data-breach-warning-to-2800-members/138640/
Intel CPUs
Intel processors have been impacted by a new vulnerability that
enables attackers to leak encrypted data from the CPU’s internal
processes. The side-channel attack is known as PortSmash. To read
more: https://www.zdnet.com/article/intel-cpus-impacted-by-new-portsmash-side-channel-vulnerability/
Facebook
Hackers have apparently compromised at least 81,000 Facebook users’
private messages. Facebook, by contrast, said its security had not
been compromised. To read more: https://www.bbc.com/news/technology-46065796
Government malware
A US government network was infected with malware because of one
employee’s “extensive history” of watching porn on his work
computer. Investigators found that his Android cell phone was also
infected with malware. To read more: https://techcrunch.com/2018/10/29/porn-sites-blamed-after-government-network-infected-malware/
Austal
This Australian shipbuilder and defense contractor revealed a data
breach and extortion attempt, but insisted it had no intention of
acceding to the demands. Some staff email addresses and phone
numbers were exposed during the breach. To read more: https://www.zdnet.com/article/australian-shipbuilder-defense-contractor-reveals-data-breach-extortion-demands/
Eurostar
This European train-service operator is advising customers to reset
their passwords after it detected a systems hack. The company sent
an email to customers warning that it had identified an
“unauthorized automated attempt to access Eurostar accounts using
your email address and passwords.” To read more: https://www.theinquirer.net/inquirer/news/3065550/eurostar-warns-customers-to-change-passwords-after-suffering-data-breach
Bleedingbit
A new set of zero-day vulnerabilities called Bleedingbit could
expose enterprises to remote code-execution attacks worldwide. The
targeted Bluetooth Low Energy (BLE) chips are used in millions of
Cisco, Meraki and Aruba wireless access points. To read more:
https://www.zdnet.com/article/new-bleedingbit-zero-day-vulnerabilities-impact-majority-of-enterprises-at-the-chip-level/
Telecrane
A connected construction crane from Asia’s Telecrane has a
vulnerability that would enable an attacker to intercept its
communications and take over the equipment. To read more: https://threatpost.com/iot-flaw-allows-hijacking-of-connected-construction-cranes/138648/
Kitronik
Kitronik, a British maker of electronic-project kits, says a recent
data breach impacting its online shoppers is the work of Magecart.
This payment-card-skimming malware was operating on Kitronik’s
website from August to September this year. To read more: https://www.zdnet.com/article/magecart-claims-fresh-victim-in-kitronik/
Sign up below and receive these reports and more directly in your inbox.