Monday, November 12, 2018
  • Moving Critical Applications to the Cloud
  • New Docker-based Dev Pipeline: Microservice Projects Just Got A ‘Speed-Boost’
  • Thought Leader
  • Vulnerabilities in SSD Encryption: Using osquery to Identify Vulnerable Windows Machines
  • Mike Rothman’s Quick and Dirty DevSecOps: The Talk

Security Boulevard

The home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chats
    • CISO Conversations
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
Data Security Malware SBN News Security Bloggers Network 

Home » Cybersecurity » Data Security » HR Software Provider Says Malware Infection Might Have Exposed User Data

HR Software Provider Says Malware Infection Might Have Exposed User Data

by David Bisson on June 6, 2018

A provider of HR software said that a malware infection might have exposed user data including personal and account information.

According to a statement posted on its website, PageUp observed unusual activity on its IT infrastructure and subsequently launched an investigation on 23 May. Five days later, the HR software provider with 2 million active users spread across 190 countries learned through its investigation that the suspicious activity might have involved the exposure of client data. This information might have included personal details including names and addresses along with account data such as usernames and passwords that were hashed and salted.

Karen Cariss, CEO and co-founder of the company, explained in the statement that PageUp is working with third-party forensic specialists, law enforcement and government bodies including the United Kingdom Information Commissioner’s Office (ICO) and the Australian Cyber Security Centre (ACSC) to figure out exactly what happened. She said this ongoing investigation prevents her from discussing certain known facts about the incident. But she did divulge once crucial bit of information:

… [W]e can share that the source of the incident was a malware infection. The malware has been eradicated from our systems and we have confirmed that our anti-malware signatures can now detect the malware. We see no further signs of malicious or unauthorised activity and are confident in this assessment.

Cariss went on to reveal that the threat is no longer active, which means clients can continue to use the jobs website. But the Australian Red Cross, Telstra, Wesfarmers and Coles revealed to ABC News that they had decided to temporarily suspend their use of PageUp’s systems until they learn more about the incident.

Pending the release of this information, Cariss recommended that users change their passwords. They can do so by following this expert advice.

The incident (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/file-integrity-monitoring/hr-software-provider-says-malware-infection-might-have-exposed-user-data/

June 6, 2018June 6, 2018 David Bisson data, File Integrity Monitoring, FIM, Latest Security News, Malware
  • ← Remove MySearches.co Browser Hijacker
  • Maximum Privileged Account Protection with Multi-Factor Authentication →
Featured Blog

Fortinet All Blogs

Veterans Can Help Your Cyber Skills Gap

Fortinet All Blogs

Enabling Education and Security at the 2018 CETPA Annual Conference

Fortinet All Blogs

FortiGate NGFW Consistently Delivers in NSS Lab’s 2018 DCSG Group Tests

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Zero-Day Exploit Published for VM Escape Flaw in VirtualBox
Compliance Headaches and How to Avoid Them
Legacy Government Systems Vulnerable to Ransomware
Adequacy Agreements, Legislation and Compliance in a GDPR World
Data Security Spotlight: Protecting Electoral (and Everyday) Data
Ease Me Into Cryptography Part 2: Symmetric Ciphers
3 DevOps Security Challenges & How to Overcome Them
Attack uses malicious InPage document and outdated VLC media player to give attackers backdoor access to targets
DDoS attack on Cambodia’s top ISPs reached 150Gbps
Luke Kingma and Lou Patrick-Mackay’s Futurism ‘Political Machine’

Upcoming Webinars

Tue 13

The State of Open Source Vulnerabilities Management

November 13 @ 1:00 pm - 2:00 pm
Tue 27

2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyber Defenses

November 27 @ 11:00 am - 12:00 pm
Thu 29

Cloud Security: What You Need to Know

November 29 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

Automating Open Source Security: A SANS Product Review of WhiteSource

CISO/Security Vendor Relationship Series

CISO/Security Vendor Relationship Podcast

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

The Changing Face of Web Application Security
Application Security Cybersecurity Industry Spotlight Security Boulevard (Original) 

The Changing Face of Web Application Security

November 12, 2018 Tiffany Olson Kleemann | 12 hours ago 0
Data Security Spotlight: Protecting Electoral (and Everyday) Data
Cybersecurity Data Security Industry Spotlight Security Boulevard (Original) 

Data Security Spotlight: Protecting Electoral (and Everyday) Data

November 9, 2018 Steve Marsh | 3 days ago 0
Legacy Government Systems Vulnerable to Ransomware
Cybersecurity Industry Spotlight Security Boulevard (Original) Threats & Breaches 

Legacy Government Systems Vulnerable to Ransomware

November 9, 2018 Maha Amircani | 3 days ago 0

Top Stories

Hackers Exploit Recently Patched ColdFusion Vulnerability
DevOps Network Security News Security Boulevard (Original) Vulnerabilities 

Hackers Exploit Recently Patched ColdFusion Vulnerability

November 12, 2018 Lucian Constantin | 5 hours ago 0
Zero-Day Exploit Published for VM Escape Flaw in VirtualBox
DevOps Endpoint Featured News Security Boulevard (Original) Spotlight Vulnerabilities 

Zero-Day Exploit Published for VM Escape Flaw in VirtualBox

November 8, 2018 Lucian Constantin | 4 days ago 0
Flaws in Self-Encrypting SSDs Compromise Data Encryption
Data Security Featured News Security Boulevard (Original) Spotlight Vulnerabilities 

Flaws in Self-Encrypting SSDs Compromise Data Encryption

November 7, 2018 Lucian Constantin | Nov 07 0

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2018 Mediaops Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.