Friday, January 18, 2019
  • 10 Internet security tips to make 2019 your most cyber secure year ever
  • Emsisoft’s free ransomware removal tools save users more than $500 million
  • The Joy of Tech®: ‘The Cost Of Netflix!’
  • With ⅓ of Enterprises Suffering from Weak or Exposed Passwords, Is Hollywood Part of the Problem?
  • Improvements to SiteCheck Website Scanner

Security Boulevard

The home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chats
    • CISO Conversations
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
Data Security Malware SBN News Security Bloggers Network 

Home » Cybersecurity » Data Security » HR Software Provider Says Malware Infection Might Have Exposed User Data

HR Software Provider Says Malware Infection Might Have Exposed User Data

by David Bisson on June 6, 2018

A provider of HR software said that a malware infection might have exposed user data including personal and account information.

According to a statement posted on its website, PageUp observed unusual activity on its IT infrastructure and subsequently launched an investigation on 23 May. Five days later, the HR software provider with 2 million active users spread across 190 countries learned through its investigation that the suspicious activity might have involved the exposure of client data. This information might have included personal details including names and addresses along with account data such as usernames and passwords that were hashed and salted.

Karen Cariss, CEO and co-founder of the company, explained in the statement that PageUp is working with third-party forensic specialists, law enforcement and government bodies including the United Kingdom Information Commissioner’s Office (ICO) and the Australian Cyber Security Centre (ACSC) to figure out exactly what happened. She said this ongoing investigation prevents her from discussing certain known facts about the incident. But she did divulge once crucial bit of information:

… [W]e can share that the source of the incident was a malware infection. The malware has been eradicated from our systems and we have confirmed that our anti-malware signatures can now detect the malware. We see no further signs of malicious or unauthorised activity and are confident in this assessment.

Cariss went on to reveal that the threat is no longer active, which means clients can continue to use the jobs website. But the Australian Red Cross, Telstra, Wesfarmers and Coles revealed to ABC News that they had decided to temporarily suspend their use of PageUp’s systems until they learn more about the incident.

Pending the release of this information, Cariss recommended that users change their passwords. They can do so by following this expert advice.

The incident (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/file-integrity-monitoring/hr-software-provider-says-malware-infection-might-have-exposed-user-data/

June 6, 2018June 6, 2018 David Bisson data, File Integrity Monitoring, FIM, Latest Security News, Malware
  • ← Remove MySearches.co Browser Hijacker
  • Maximum Privileged Account Protection with Multi-Factor Authentication →

Predict 2019 Virtual Summit

Featured Blog

Fortinet All Blogs

A Layered Approach to Cybersecurity: People, Processes, and Technology

Fortinet All Blogs

The Security Implications for 5G and IoT

Fortinet All Blogs

Fighting the Evolution of Malware

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Can Smart Home Leaks Lead to Major Cyberattacks?
Is NTA Just Another Kind of IDS?
Government Shutdown’s Negative Impact on Federal Cybersecurity
Security Boulevard Chat: The Evolution of Network Security with FireMon’s Tim Woods
Ryuk Ransomware That Hit U.S. Newspapers Not State-Sponsored
Del Rio City Hall Disables Internet Connection for All Departments after Ransomware Attack
Q&A: Here’s why robust ‘privileged access management’ has never been more vital
Security Boulevard Chat: The Evolution of Network Security with FireMon’s Tim Woods
3 Reasons Why the Integration of Cybersecurity Tools is a Growing Imperative
The DDoS attacker rescued by a Disney cruise ship is sentenced to over 10 years in prison

Upcoming Webinars

Mon 28

Next-Generation Cybersecurity

January 28 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

Securing the Code: DevOps Security and AppSec

CISO/Security Vendor Relationship Series

CISO/Security Vendor Relationship Podcast

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Client Applications: A Hacker’s Easiest Target?
Cybersecurity DevOps Industry Spotlight Security Boulevard (Original) 

Client Applications: A Hacker’s Easiest Target?

January 18, 2019 Bill Horne | Yesterday 0
PKI Deployment: The Top 10 Definitive Answers
Cybersecurity Data Security Industry Spotlight Network Security Security Boulevard (Original) 

PKI Deployment: The Top 10 Definitive Answers

January 17, 2019 Mark B. Cooper | 1 day ago 0
Shopping for Secure IoT Devices
Cybersecurity Industry Spotlight IoT & ICS Security Security Boulevard (Original) 

Shopping for Secure IoT Devices

January 16, 2019 Yeshwant Chauhan | 2 days ago 0

Top Stories

Government, E-commerce Sites Hacked Through Database Tool
Data Security DevOps Featured News Security Boulevard (Original) Spotlight Vulnerabilities 

Government, E-commerce Sites Hacked Through Database Tool

January 18, 2019 Lucian Constantin | Yesterday 0
Fortnite Attack Allowed Taking Over Player Accounts
Application Security Data Security DevOps Featured Identity & Access News Security Boulevard (Original) Spotlight Vulnerabilities 

Fortnite Attack Allowed Taking Over Player Accounts

January 17, 2019 Lucian Constantin | 1 day ago 0
Barracuda Networks Embeds Incident Management in Email Security Suite
Cybersecurity Featured Incident Response News Security Boulevard (Original) Social Engineering Spotlight 

Barracuda Networks Embeds Incident Management in Email Security Suite

January 17, 2019 Michael Vizard | 1 day ago 0

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2019 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.