Friday Five: 7/01 Edition
It’s Friday! Catch up on the top infosec headlines with our weekly news roundup.
Known as “thedarkoverlord”, a hacker is selling a batch of data that includes 9.2 million health insurance records from US patients for $480,000 on the dark web. These records include names, addresses, emails, phone numbers, DOB, and SSN’s. The hacker did not have any points to his name on the dark web, which shows that he is new to the site. Motherboard contacted some of the users, who confirmed that their information in the database is accurate. This large data breach is joining the long list of hacks into healthcare records. To read more on “thedarkoverlord” and how he acquired the health records, read the full article on ZDNet.
World-Check, an anti-terrorist database run by Thompson Reuters, has been leaked online. This breach has exposed more than two million records pertaining to organizations and individuals accused of criminal offenses. Notable security researcher, Chris Vickery discovered the breach and claimed that the two-year-old data was being held by an unprotected third party. This database contains law enforcement records, social media posts, and other sources that link these suspects to terrorism and crimes. Digital Guardians’ Luke Brown argues that even if the contents of a database are bad, whoever stores it has a responsibility to look after it and secure it. To learn more about this hack, read more on Infosecurity Magazine.
This week, both Noodles & Company and Hard Rock Hotel and Casino Las Vegas have announced that their credit card payment systems have been breached and that customer credit information has been stolen. The breach at Noodles & Company was caused by a malware that had rooted in the card processing system in over four hundred locations between January 31, 2016 and June 2, 2016. After hearing about unusual credit card activities, the company started working with third-party investigators to secure its systems and customer information. At Hard Rock Hotel and Casino Las Vegas, card scraping malware pulled payment information from cards being read. The millions of customers who visited the hotel or restaurant between October 27, 2015 and March 21, 2016 are at risk. This breach follows the trend in PoS attacks in hotels and restaurants, including Wendy's. Learn more about the breach in the full article.
A new malware called Hummer is estimated to be one of the largest families of Trojans ever. Based in China, it targets users in population-dense areas around the world. Like its predecessors, the Hummer malware will root itself in the phone and install apps and malware with surprising ferocity that cannot be stopped even by a factory reset. Experts believe that the malware has at least eighteen different rooting methods. To learn more about Hummer and how to remove it, read the complete article.
For the past few years, the IRS has allowed online tax software companies to provide customers with a PIN in order to make the tax return process more efficient. Hackers have continually targeted these PINs because they would unlock a trove of confidential information that could be sold for money on the dark web. As of last week, the IRS has revoked its PIN system due to the increased number of automated attacks on its systems and the successful breaching of 101,000 PINs. This means that taxpayers must use copies of their previous tax returns to manually fill in any prior year information that the IRS requests. Visit the full article for more information.