Friday, July 20, 2018
  • Data of 1.5 Million People Breached in Singapore’s ‘Worst’ Digital Attack
  • Rome Wasn’t Built in a Day, but This Botnet Was, Using CVE-2017-17215
  • Scarab-Turkish Virus (Scarab Ransomware) – Remove and Restore .[email] Files
  • As Cloud, Cybersecurity Grow More Complex Enterprises Lean On AI
  • Key Traits Employers Seek from Information Security Professionals

Security Boulevard

The home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
  • Community
    • Security Bloggers Network
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chats
  • CISO Conversations
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
Data Security Malware SBN News Security Bloggers Network 

Home » Cybersecurity » Data Security » HR Software Provider Says Malware Infection Might Have Exposed User Data

HR Software Provider Says Malware Infection Might Have Exposed User Data

by David Bisson on June 6, 2018

A provider of HR software said that a malware infection might have exposed user data including personal and account information.

According to a statement posted on its website, PageUp observed unusual activity on its IT infrastructure and subsequently launched an investigation on 23 May. Five days later, the HR software provider with 2 million active users spread across 190 countries learned through its investigation that the suspicious activity might have involved the exposure of client data. This information might have included personal details including names and addresses along with account data such as usernames and passwords that were hashed and salted.

Karen Cariss, CEO and co-founder of the company, explained in the statement that PageUp is working with third-party forensic specialists, law enforcement and government bodies including the United Kingdom Information Commissioner’s Office (ICO) and the Australian Cyber Security Centre (ACSC) to figure out exactly what happened. She said this ongoing investigation prevents her from discussing certain known facts about the incident. But she did divulge once crucial bit of information:

… [W]e can share that the source of the incident was a malware infection. The malware has been eradicated from our systems and we have confirmed that our anti-malware signatures can now detect the malware. We see no further signs of malicious or unauthorised activity and are confident in this assessment.

Cariss went on to reveal that the threat is no longer active, which means clients can continue to use the jobs website. But the Australian Red Cross, Telstra, Wesfarmers and Coles revealed to ABC News that they had decided to temporarily suspend their use of PageUp’s systems until they learn more about the incident.

Pending the release of this information, Cariss recommended that users change their passwords. They can do so by following this expert advice.

The incident (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/file-integrity-monitoring/hr-software-provider-says-malware-infection-might-have-exposed-user-data/

June 6, 2018June 6, 2018 David Bisson data, File Integrity Monitoring, FIM, Latest Security News, Malware
  • ← Remove MySearches.co Browser Hijacker
  • Maximum Privileged Account Protection with Multi-Factor Authentication →

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

VPNFilter Attack Hits Chlorine Plant in Ukraine
Cybersecurity Job Seekers: Go West (or South)
We Have the Silver Bullet for BS Detection – CISO/Security Vendor Relationship Podcast
Cyberespionage Campaign in Ukraine Uses Free and Custom RATs
It’s Time to Rethink Privileged Account Management
Pentester Academy Command Injection ISO: SugarCRM 6.3.1 Exploitation
A primer: How to stay safe on Amazon’s Prime Day Sale
Monday, July 16: Dtex, Insider Threat News: Privileged User Dents Apple Self-Driving Car Program; DOJ Says Russia Hacked Clinton Campaign, Issues Indictments Against Spies
Survey Finds Breach Discovery Takes an Average 197 Days
5 ways to find and fix open source vulnerabilities

Upcoming Webinars

Tue 24

DevOps Security: Build-Time Identification of Security Issues — A case study with Jenkins, Docker, and AWS

July 24 @ 11:00 am - 12:00 pm
Thu 26

Draft and Develop: A Solution to the Cyber Security Skills Shortage

July 26 @ 11:00 am - 12:00 pm
Tue 31

Mastering Machine Learning for Security Professionals: A Discussion

July 31 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

The Four Current Threats Enterprises Can’t Ignore

CISO Conversations

CISO/Security Vendor Relationship Podcast

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Key Traits Employers Seek from Information Security Professionals
Careers Cybersecurity Industry Spotlight Security Boulevard (Original) 

Key Traits Employers Seek from Information Security Professionals

July 20, 2018 Jane Thomson | 6 hours ago 0
It’s Time to Rethink Privileged Account Management
Cybersecurity Identity & Access Industry Spotlight Security Boulevard (Original) 

It’s Time to Rethink Privileged Account Management

July 18, 2018 Mark Klinchin | 2 days ago 0
Control, Defend and Extend Container Security
Cybersecurity DevOps Industry Spotlight Security Boulevard (Original) 

Control, Defend and Extend Container Security

July 10, 2018 Kirsten Newcomer | Jul 10 0

Top Stories

McAfee to Advance Cybersecurity AI via the Cloud
Analytics & Intelligence Cybersecurity Featured News Security Boulevard (Original) Spotlight 

McAfee to Advance Cybersecurity AI via the Cloud

July 19, 2018 Michael Vizard | Yesterday 0
Cyberespionage Campaign in Ukraine Uses Free and Custom RATs
Endpoint Featured Malware News Security Boulevard (Original) Spotlight Threats & Breaches 

Cyberespionage Campaign in Ukraine Uses Free and Custom RATs

July 18, 2018 Lucian Constantin | 1 day ago 0
VPNFilter Attack Hits Chlorine Plant in Ukraine
Featured IoT & ICS Security Malware News Security Boulevard (Original) Spotlight Threats & Breaches 

VPNFilter Attack Hits Chlorine Plant in Ukraine

July 16, 2018 Lucian Constantin | 3 days ago 0

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2018 Mediaops Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.