Tuesday, September 25, 2018
  • GrrCon Augusta 2018, Rachel Giacobozzi’s ‘The Hybrid Analyst: How Phishing Created A New Type Of Intel Analyst’
  • SSL vs. Website Security
  • 130 Million Hotel Customers Breached Due to Exposed Database
  • ExtraHop to Bring Enterprise Network Traffic Analysis to the Cloud through Microsoft Azure
  • Threat Stack Announces General Availability of Its Docker Containerized Agent

Security Boulevard

The home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chats
    • CISO Conversations
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
Data Security Malware SBN News Security Bloggers Network 

Home » Cybersecurity » Data Security » HR Software Provider Says Malware Infection Might Have Exposed User Data

HR Software Provider Says Malware Infection Might Have Exposed User Data

by David Bisson on June 6, 2018

A provider of HR software said that a malware infection might have exposed user data including personal and account information.

According to a statement posted on its website, PageUp observed unusual activity on its IT infrastructure and subsequently launched an investigation on 23 May. Five days later, the HR software provider with 2 million active users spread across 190 countries learned through its investigation that the suspicious activity might have involved the exposure of client data. This information might have included personal details including names and addresses along with account data such as usernames and passwords that were hashed and salted.

Karen Cariss, CEO and co-founder of the company, explained in the statement that PageUp is working with third-party forensic specialists, law enforcement and government bodies including the United Kingdom Information Commissioner’s Office (ICO) and the Australian Cyber Security Centre (ACSC) to figure out exactly what happened. She said this ongoing investigation prevents her from discussing certain known facts about the incident. But she did divulge once crucial bit of information:

… [W]e can share that the source of the incident was a malware infection. The malware has been eradicated from our systems and we have confirmed that our anti-malware signatures can now detect the malware. We see no further signs of malicious or unauthorised activity and are confident in this assessment.

Cariss went on to reveal that the threat is no longer active, which means clients can continue to use the jobs website. But the Australian Red Cross, Telstra, Wesfarmers and Coles revealed to ABC News that they had decided to temporarily suspend their use of PageUp’s systems until they learn more about the incident.

Pending the release of this information, Cariss recommended that users change their passwords. They can do so by following this expert advice.

The incident (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/file-integrity-monitoring/hr-software-provider-says-malware-infection-might-have-exposed-user-data/

June 6, 2018June 6, 2018 David Bisson data, File Integrity Monitoring, FIM, Latest Security News, Malware
  • ← Remove MySearches.co Browser Hijacker
  • Maximum Privileged Account Protection with Multi-Factor Authentication →
Featured Blog

3 weeks ago

A Brighter Future For DevSecOps? It’s Closer Than You Think

1 month ago

Secure Code Dojo: How to Defeat SQL Injection

2 months ago

Why gamification is the key to leveling up your software security

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

A Chinese Affair: Theft of GlaxoSmithKline R&D
3 Biggest Threats to Data Security in Health Care
French Government Open Sources Secure Operating System
White Hat Security Partners with Bugcrowd to Advance DevSecOps
Why Phishing Works: It Exploits Human Gullibility
Let’s Go Threat Hunting Insight into Potential Cyber Threats and Risks
22 Most Under-Used AWS Security Metrics
Custom Sustes Malware Infects Linux and IoT Servers Worldwide
Controlling User Access for HIPAA
Poor ‘p@ssword’ hygiene and unpatched systems led to Singapore’s biggest ever cybersecurity breach

Upcoming Webinars

Thu 27

The Trick to Passing Your Next Compliance Audit

September 27 @ 11:00 am - 12:00 pm
Oct 04

Securing the Code: DevOps Security and AppSec

October 4 @ 1:00 pm - 2:00 pm
Oct 10

Take a Bite Out of the Remediation Backlog

October 10 @ 11:00 am - 12:00 pm
Oct 18

Building Blocks of Secure Development: How to Make Open Source Work for You

October 18 @ 11:00 am - 12:00 pm
Oct 24

Operationalizing Data For Fraud Investigations

October 24 @ 1:00 pm - 2:00 pm
Oct 29

Seeing Red: Understanding Red Team Security

October 29 @ 1:00 pm - 2:00 pm
Nov 29

Cloud Security: What You Need to Know

November 29 @ 1:00 pm - 2:00 pm
Dec 13

Year-End Review/Predictions

December 13 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

One Year Later - Lessons Learnt From The Equifax Breach

CISO/Security Vendor Relationship Series

CISO/Security Vendor Relationship Podcast

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Security at Speed: A New Paradigm for a Secure DevOps Process
Cybersecurity DevOps Industry Spotlight Security Boulevard (Original) 

Security at Speed: A New Paradigm for a Secure DevOps Process

September 25, 2018 Thomas MacIsaac | 14 hours ago 0
Why Phishing Works: It Exploits Human Gullibility
Cybersecurity Industry Spotlight Security Boulevard (Original) Social Engineering 

Why Phishing Works: It Exploits Human Gullibility

September 24, 2018 Aravind Gyanbote | Yesterday 0
Do You Have Security Champions in Your Company?
Cybersecurity Industry Spotlight Security Awareness Security Boulevard (Original) 

Do You Have Security Champions in Your Company?

September 18, 2018 Shubham Vashist | Sep 18 0

Top Stories

Microsoft Makes Latest Cybersecurity Case
Cybersecurity Featured Network Security News Security Boulevard (Original) Spotlight 

Microsoft Makes Latest Cybersecurity Case

September 25, 2018 Michael Vizard | 6 hours ago 0
Zero-Day RCE Flaw Found in Microsoft JET Database Engine
Endpoint Featured News Security Boulevard (Original) Spotlight Vulnerabilities 

Zero-Day RCE Flaw Found in Microsoft JET Database Engine

September 24, 2018 Lucian Constantin | Yesterday 0
French Government Open Sources Secure Operating System
Data Security DevOps Featured News Security Boulevard (Original) Spotlight Vulnerabilities 

French Government Open Sources Secure Operating System

September 21, 2018 Lucian Constantin | 4 days ago 0

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2018 Mediaops Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.