Avantia Threat Update
Google Plus ... g-g-g.... gonsky!
Updated: Oct 26, 2018
Canadian ISP Altima experiences a breach and loses customer payment information while China is caught purportedly sneaking microchips into servers and Google shuts down Google + after major breach. CISCO publishes Online Child Safety report.
Dark Web Data Trends* :
Total Credentials Compromises: 24,968
Top Source Hits: ID Theft Forum
Top PIIs compromised: Domains (PII: Personally Identifiable Information like DOB, Address, Medicare Number etc)
Clear Text Passwords Found: 24,884
Top Company Size: 11-50
Top Industry: Construction and Engineering
In Other News
Google + Bows Out*. Google said on Monday that it would shut down Google Plus, the company’s long-struggling answer to Facebook’s giant social network, after it discovered a security vulnerability that exposed the private data of up to 500,000 users. Google did not tell its users about the security issue when it was found in March because it didn’t appear that anyone had gained access to user information, and the company’s “Privacy & Data Protection Office” decided it was not legally required to report it, the search giant said in a blog post. The decision to stay quiet, which raised eyebrows in the cybersecurity community, comes against the backdrop of relatively new rules in California and Europe that govern when a company must disclose a security episode.
Up to 438 applications made by other companies may have had access to the vulnerability through coding links called application programming interfaces. Those outside developers could have seen user names, email addresses, occupation, gender and age. They did not have access to phone numbers, messages, Google Plus posts or data from other Google accounts, the company said. The disclosure made on Monday could receive additional scrutiny because of a memo to senior executives reportedly prepared by Google’s policy and legal teams that warned of embarrassment for the company — similar to what happened to Facebook this year — if it went public with the vulnerability. The memo, according to The Wall Street Journal warned that disclosing the problem would invite regulatory scrutiny and that Sundar Pichai, Google’s chief executive, would most likely be called to testify in front of Congress. A Google spokesman, Rob Shilkin, declined to comment on the memo. He said the company had planned to announce the disclosures later this week but moved up the announcement when it learned of The Journal’s article.
Early this year, Facebook acknowledged that Cambridge Analytica, a British research organization that performed work for the Trump campaign, had improperly gained access to the personal information of up to 87 million Facebook users. Mark Zuckerberg, Facebook’s chief executive, spent two days testifying in congressional hearings about that and other issues.
The Chinese Chip Club* China was able to infiltrate US companies and governmental agencies with a simple but effective supply chain attack. The attack was discovered after Amazon had a third party examine the hardware of the servers they purchased from another American company that manufactures their servers in China. The company discovered a microchip on the servers that allow for attackers to make stealth doorways on their network. Hardware attacks are rarer and more difficult to execute than software attacks, but with China making 90% of the world’s PCs, they are in a good position to continue using hardware to infiltrate organizations across the world.
CISCO Online Child Safety Report - What every Parent needs to know*.
Everyone talks about protecting children online. The media loves cases of Internet sexual predators and high profile risks. But what about protecting yourself and the rest of your family? The rules and tips that keep your children safer online keep the whole family safer online too. It’s easier than you think.
Threat Focus: Altima Telecom - Canada*
Exploit: SQL injection attack. Altima Telecom: Serving Montreal and Toronto, Altima Telecom is one of the largest independent Canadian internet service providers. Risk to Small Business: 1.555 = Severe: As the risk score shows, this is a severe breach that could deal major damage to any organization. Payment info exposure is a particularly significant deterrent for customers looking to do business. Individual Risk: 2.142 = Severe: Those affected by this breach are at an increased risk for identity theft and spam. How it could affect SME’s: Not only was all the organization’s customer data exposed by this breach, but the affected data was highly sensitive. This would sever trust between the customer and the organization, which could take a significant time to rebuild. Risk Levels: 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach. Customers Impacted: All of Altima Telecom’s customers.
Threat Focus: Apollo - USA Apollo: New York-based sales engagement startup. Risk to Small Business: 2 = Severe: This could deal a significant blow to an organization’s ability to retain customers. Individual Risk: 2.428 = Severe: The customers affected by this breach will be at a higher risk for spam due to the nature of the data accessed. Customers Impacted: 200 million.
How Could it affect SME’s: A breach that exposes such a large number of customers will garner media attention and erode customer trust significantly.
Risk Levels: 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Customers Impacted: 200 million.
Planning your next vacation may have just gotten weird…
Where should I go? This is a normal question one thinks about when planning a trip. Should I go to white sandy beaches or breathtaking mountains? When should I go? Do I visit family during the holidays, or do I plan a summer getaway? Who should I be? This question is asked much less, but maybe more than you think. A recent study has uncovered startling secrets surrounding the illegal passport market on the Dark Web!
The average cost of a passport scan on the Dark Web is US $14.71.
Australian passport scans are the most common, but the average cost is the most expensive at US $61.27.
The average price of a counterfeit physical passport is just under $1,500 ($1,478).
Consider this: When you think about Cyber Security think about the ones you care the most about – your family. If you have children or young adults using Smartphones, Tablets or Laptops consider their vulnerability. Do you want to put their digital selves in the hands of pedophiles, scammers and cyber criminals. The purchase of children’s digital credentials (username/password) is big business on the Dark Web. Check out our inexpensive Individual or Family monitoring service – it’s a ‘no brainer’ for your peace of mind. CLICK HERE FOR PRICING
* Disclaimer: Avantia Corporate Services Pty Ltd provides the content in this publication to the reader for general information only and has compiled the content from a number of sources in the USA and up to 56 other countries who provide cyber breach information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.