Incident Of The Week: Multiple Yahoo Data Breaches Across 4 Years Result in a $117.5 Million Settlement

Between 2012 and 2016, data security intrusions occurred in which yahoo.com users accounts and information were compromised. According to the article, the attackers didn’t behave in the same fashion each time they attacked. During one intrusion, they simply hacked into Yahoo’s online infrastructure without taking anything. During another attack, they maliciously took records which totaled to about 3 million accounts. Yahoo claims they are working with law enforcement officials in working out a solution to the data breach. This just goes to show, no matter how big the company, vulnerability still exists. 

Jesse Kilthau 

https://www.cshub.com/attacks/articles/incident-of-the-week-multiple-yahoo-data-breaches-across-4-years-result-in-a-1175-million-settlement

Last edited by jkilthau2856 (10/10/2019 10:31 am)

New Phishing Attack for Amazon customers
Recently, Amazon customers have been getting phished in a new way that makes them believe that Amazon blocks their accounts and makes them think they owe something. Therefore they enter their credentials into a phishing site and takes their credentials. 
https://latesthackingnews.com/2019/10/11/new-phishing-attack-sends-fake-aws-account-suspension-emails/
 

Last edited by AlMendoza22 (10/14/2019 10:04 am)

So last week I found this article that suggested that there was a fake Apple Light cable that would charge your phone but as soon as you hooked it to computer a hacker could have control over it. Well they have mass produced them and they are. They are being produced by MG and Hack5 has helped them with production. There is so many different directions you can look at this chasing this down it could drive you crazy. Apples suggestion and mine would be only buy Apple manufactured products. Who knows Apple could be behind the whole thing to keep people buying products directly through them?
Things that make you go HMM
James Florom
https://www.vice.com/en_us/article/3kx5nk/fake-apple-lightning-cable-hacks-your-computer-omg-cable-mass-produced-sold

Google play store apparently has gaming and photo apps that install malware onto users phones. Some of the malware was using Android.Banker and also Android.HiddenAds and Android.DownLoader, all of which are virus libraries to carry out malicious activities in the coding area. Google is accepting decently strict policies, but it's good to keep in mind there is less of a check to get an app on the google store than it is the apple store, Not that I condone Apple use by no means.
https://latesthackingnews.com/2019/10/13/multiple-gaming-and-photo-apps-on-play-store-found-to-be-infected-with-android-malware/
-Devin Baughman

I found this article https://www.nytimes.com/2019/07/29/business/capital-one-data-breach-hacked.html about an Amazon Web Services server hack carried out by Paige Thompson in which she bypassed Capital Ones web application firewall to access the personal data of over 100 million Capital One customers. The data taken included Social Security numbers, Canadian social insurance numbers, which are equivalent to American SS numbers, bank account numbers, and millions of credit card applications. Thankfully, the lady doing the hacking was pretty dumb, leaving behind a trail of crumbs that easily identified her. According to the F.B.I agent who investigated the breach, Ms. Thompson was able to breach Amazon Web Services and access Capital One records through a "Misconfiguration" of the firewall on a web application, which was actually produced internally by Capital One, but is hosted on Amazon servers. By bypassing the firewall in Capital Ones web application, it allowed her to directly access the server/s where customer information was stored. Lesson of the day, make sure your firewall is properly configured.