Today is Monday and this means that we are ready to present you this week’s cyber attack digest.
Payment system leaks millions of records
by SC Media – 18 September 2018
The U.S. GovPayNow.com payment system has over 14 million customer records stolen. Currently, the system is used by thousands of federal and state government agencies and recently acquired by Securus Technologies. The leak was discovered by Brian Krebs; the stolen data included digits of payment cards, names, phone numbers, and addresses.
In a statement sent to the security expert, the company commented that there was no “indication that any improperly accessed information was used to harm any customer, and receipts do not contain information that can be used to initiate a financial transaction.” Company’s representatives also added that noting of the exposed information “is a matter of public record that may be accessed through other means.” Earlier, Nick Bilogorskiy, cybersecurity strategist at Juniper Networks, noted, “Online payment providers, especially those doing business with the government, should take special care to protect their customers’ receipts by using HTTPS and checking that the user is logged in and has permissions to view them.”
Oklahoma City Public Schools under a DoS attack
by Newsok – 23 September 2018
As a result of a cyber incident, the parental access to Oklahoma City Public Schools’ student information system was limited for nearly a week. Fortunately, there is no evidence that any student data has been stolen, commented a district spokeswoman.
The officials described the case as the “denial of service” attack on Infinite Campus, which houses the district’s parent portal.
“To be clear, this is NOT a data breach and Infinite Campus HAS NOT been hacked; attacks like these simply limit their customers’ ability to reach their web-hosted applications. No student data has been stolen/breached, ” commented spokeswoman Beth Harrison. She also explained that Infinite Campus is one of the largest student information systems in the U.S. and their data centers frequently experience security incidents, including DoS attacks. “The attack this week is different in that its volume is 50 times greater and the duration is already 100 times longer than anything they have experienced before,” Harrison added.
Port of Barcelona is attacked
by Bleeping Computer – 21 September 2018
Thursday morning, several servers and systems of the Port of Barcelona were affected by a cyber attack. The organization was forced to launch the contingency plan, which was previously designed specifically for such situations. The officials did not give many details on the incident and little is known besides the information released by the company in the official statement. Ironically, Port of Barcelona tweeted just two days before the incident that one day, anyone can fall a victim of hackers: “No one is safe from a cyberattack that puts at risk their activity and safety and that of their stakeholders. Nor even the ports.” Well, maybe we can also add that anyone can evoke evil by making evil prophecies.
Training is essential
by TODAYonline – 21 September 2018
While some of attacks disappear from the headlines quite quickly, details of other incidents appear in media again and again. So happened with the SingHealth cyber incident. According to the latest information, not all the employees of the victim organization were aware of what to do in case of an attack. If it is often a human error that plays a crucial role in tough situations, and in case of this attack, the experts say that there the workers had not received proper instructions and insufficient training on what to do.
This resulted in the situation when employees were simply unclear about what action should be taken when the data breach affected SingHealth. These factors were discussed during the latest public hearing into the cyber attack on SingHealth’s IT system held on Friday, Sept. 21.
Education, health and finances – this trio of organizations fall prey of attackers most frequently. So if your company relates to one of these spheres, we suggest that you pay extra attention to your security. Also, follow us on Twitter, Facebook, and LinkedIn.
The post Week 38 Cyberattack Digest 2018 – GovPayNow.com, Port of Barcelona, SingHealth and others appeared first on ERPScan.
*** This is a Security Bloggers Network syndicated blog from Blog – ERPScan authored by ERPScan PR team. Read the original post at: https://erpscan.com/press-center/blog/week-38-cyberattack-digest-2018-govpaynow-com-port-of-barcelona-singhealth-and-others/