The Most Comprehensive Data Protection Solution
Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.
First and Only Solution to Converge:
- Data Loss Prevention
- Endpoint Detection and Response
- User and Entity Behavior Analytics
This week started off with the news that the widely popular Linux Mint distro had been compromised. Hackers accessed the Mint website and replaced the 17.3 Cinnamon edition of the software with an infected version containing a backdoor. In addition to the website compromise, the attackers accessed the web database used by the website’s forums, stealing user credentials in the process. Linux Mint has removed the malicious version of the software from its site and advised forum users to change their passwords. Read the article for more on the Linux Mint compromise.
One of last year’s biggest data breach stories made news again this week when it was announced that the Office of Personnel Management’s chief information officer, Donna Seymour, has resigned. Seymour is the second executive to leave OPM as a result of their 2015 data breach that exposed the personal information of millions of federal government employees, as director Katherine Archuleta resigned shortly after the incident was made public. Read the article for more on this development as well as the ongoing investigation.
The latest data leak via a misconfigured web database – once again discovered by researcher Chris Vickery via the Shodan search engine – was discovered this week. uKnowKids.com, provider of child monitoring software for parents, leaked information on 1,700 children via a publicly accessible web database. The information was exposed for at least 48 days before being discovered by Vickery and subsequently taken offline by uKnowKids.com. Leaked data includes personal messages, social media profiles, and images. Read the article for more on this recent data breach.
LinkedIn fraud is fast increasing, according to LIFARS principal Ondrej Krehel’s contribution to CSO Online this week. Krehel has noticed a pattern of attempted fraud on LinkedIn in which attackers are using fake profiles to connect with unsuspecting users to target in phishing attacks. By harvesting information such as business email addresses, job titles, and coworkers’ names, attackers can build profiles on their targets and use that data to make further phishing attempts more convincing – often posing as an executive or superior to drive urgency. Attackers can also use fake profiles to pose as business partners or recruiters to dupe victims into sharing sensitive business or employment information. Read the article for more on this new attack trend.
2015 was a record year for tax fraud, with the IRS fielding 2,748 reported incidents. However, newly released information from the IRS indicates that 2016 could be an even bigger year for tax-related cybercrime. With 7 weeks to go until the April 15th filing deadline, the IRS has already seen 1,389 reported incidents of fraud – a number that exceeds the total number of incidents in 2014 and puts 2016 on pace to be another record-setting year. Read the article by Paul Roberts for more on the latest wave of tax fraud attacks.