MegaplanIT

Full Spectrum

Solutions

We specialize in over 48 technically advanced cybersecurity and compliance services designed to protect cardholder and other sensitive data, secure in-scope networks, systems, and website applications.

Managed Security Solutions >

Compliance Assessments>

Security Testing >

Consulting Services >

Customer Reviews

we are grateful to receive their feedback on our service.

Who We Are

we are grateful to receive their feedback on our service.

Managed Security Solutions >

Powerful, optimized SIEM running 24/7/365.

Real-time active threat intelligence. Rapidly find and contain intrusions.

Powerful, optimized SIEM running 24/7/365.

Track & Respond To Suspicious Activity In Your Network Traffic

Empower your incident response and security operations functions with real-time active threat intelligence.

Full Spectrum

Solutions

We specialize in over 48 technically advanced cybersecurity and compliance services designed to protect cardholder and other sensitive data, secure in-scope networks, systems, and website applications.

Managed Security Solutions >

Compliance Assessments>

Security Testing >

Consulting Services >

Customer Reviews

we are grateful to receive their feedback on our service.

Who We Are

we are grateful to receive their feedback on our service.

Managed Security Solutions >

Powerful, optimized SIEM running 24/7/365.

Real-time active threat intelligence. Rapidly find and contain intrusions.

Powerful, optimized SIEM running 24/7/365.

Track & Respond To Suspicious Activity In Your Network Traffic

Empower your incident response and security operations functions with real-time active threat intelligence.

Full Spectrum

Solutions

We specialize in over 48 technically advanced cybersecurity and compliance services designed to protect cardholder and other sensitive data, secure in-scope networks, systems, and website applications.

Managed Security Solutions >

Compliance Assessments>

Security Testing >

Consulting Services >

Customer Reviews

we are grateful to receive their feedback on our service.

Who We Are

we are grateful to receive their feedback on our service.

Managed Security Solutions >

Powerful, optimized SIEM running 24/7/365.

Real-time active threat intelligence. Rapidly find and contain intrusions.

Powerful, optimized SIEM running 24/7/365.

Track & Respond To Suspicious Activity In Your Network Traffic

Empower your incident response and security operations functions with real-time active threat intelligence.

Why Choose Us?

Our expert security consultants and QSAs are fully certified across multiple disciplines and have decades of experience helping businesses stay protected against an ever-evolving cyber threat landscape. We build long-term relationships with our clients and provide holistic service offering to meet all their security and compliance needs while outlining a path to continued improvements within their internal security program(s).

Why Choose Us?

Our expert security consultants and QSAs are fully certified across multiple disciplines and have decades of experience helping businesses stay protected against an ever-evolving cyber threat landscape. We build long-term relationships with our clients and provide holistic service offering to meet all their security and compliance needs while outlining a path to continued improvements within their internal security program(s).

Data Security Blog Articles

Keeping You Up-To-Date With The Latest Security & Compliance News

Breach Report September 2019

Data Security

October 30th

9:30AM

Data Breach Report: September 29th 2019

Welcome to our weekly breach report. This newsletter we will report on recent cybersecurity breaches where user data was stole, compromised or extorted. This newsletter is designed to keep you informed so that you can protect yourself when navigating cybersecurity threats in our digital world. 

Data Breach Report: September 29th 2019

Welcome to our weekly breach report. This newsletter we will report on recent cybersecurity breaches where user data was stole, compromised or extorted. This newsletter is designed to keep you informed so that you can protect yourself when navigating cybersecurity threats in our digital world. 

Baltimore Ransomware

The city of Baltimore was encountered with a ransomware attack in early May. Balitmore’s systems vulnerable to Eternalblue, which exploits a vulnerability in SMBv1 servers, commonly found in Windows XP and Vista systems. The attackers went after their online services and records and demanded 13 bitcoins to unlock the data. The city rejected the ransom and has spent more than $18.2 million to recover. Baltimore’s information technology department stated that outdated proper backup method was the primary reason for the loss of data. 

A laptop with a cloud on it showcasing managed security.
A server with a blue breach report pin on it.

Root Cause

Robinhood ransomware utilizes the Eternalblue exploit to stop key windows system functions that control repair tools and security controls. The ransomware then proceeds to encrypt system files and finishes by deleting log files. Outdated proper backups did not allow for the easiest method of dealing with ransomware: simply restoring systems from backups. 

An icon of a printer with money on it that represents a breach report.

Security Impact

The city government’s assets were rendered unusable and due to lack of backups, incurred massive expenses to restore everything as the city government refused to pay the ransom.

A laptop with a shield on it that can generate a breach report.

Solution

Organizations must ensure that proper onsite and offsite backups are made regularly to avoid complete data loss.

Door Dash

The food delivery company DoorDash revealed that 4.9 million customers, delivery workers, and merchants have had their information stolen this past May. The company noticed unusual activity in the beginning of September and realized what had happened. An unauthorized third party accessed consumer data such as password hashes, names, email addresses, customer addresses, order history, and phone numbers. DoorDash has since added further security measures to improve its ability to recognize these threats. The company also suggested users to reset their passwords as well as being cautious with sharing your personal information online.  

A server with a blue breach report pin on it.

Root Cause

A 3rd party solution provider that worked with DoorDash was compromised.

An icon of a printer with money on it that represents a breach report.

Security Impact

A 3rd party solution provider that worked with DoorDash was compromised.

A laptop with a shield on it that can generate a breach report.

Solution

Certifications or regular audits conducted to ensure that organizations remain compliant must be conducted and enforced regularly.

WhatsApp

A flaw was discovered in the Android version of WhatsApp that allows for privilege escalation and remote code execution on vulnerable devices using malicious GIFs. For the attack to work, the victim need only download the GIF and open the WhatsApp Gallery. The attack utilizes a double-free bug, which involves calling to the same memory location twice, which can open a vulnerability. Avoid the use of GIFS in WhatsApp, update WhatsApp to the latest version as soon as possible, or avoid use altogether.

A server with a blue breach report pin on it.

Root Cause

There are two attack vectors that were used: Local privilege escalation and remote code execution. Local privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access. Remote code execution is an attacker's ability to execute arbitrary commands or code on a target machine or in a target process. 

An icon of a printer with money on it that represents a breach report.

Security Impact

Millions of devices are vulnerable to potential root control due to the security flaws in WhatsApp. 

A laptop with a shield on it that can generate a breach report.

Solution

Certifications or regular audits conducted to ensure that organizations remain compliant must be conducted and enforced regularly

Word With Friends

More than 218 million Words with Friends accounts were hacked in the month of September. The Pakistani hacker, known as Gnosticplayers, had previously stolen data from 45 online services earlier in 2019. He has now claimed to have hacked Zynga Inc. Zynga is one of the world’s most popular gaming companies and has over a billion people playing their games. The breach affected any iOS and Android users who downloaded the game before September 2nd this year. The company revealed the hacker got access to emails, login names, and passwords. Since then, Zynga has taken precautions to protect consumer accounts and requested people to update their passwords. Same passwords used across other sites and accounts should also be changed. 

A server with a blue breach report pin on it.

Root Cause

Proper security controls to ensure that data was not compromised were not in place and were not properly audited. 

An icon of a printer with money on it that represents a breach report.

Security Impact

A 3rd party solution provider that worked with DoorDash was compromised.

A laptop with a shield on it that can generate a breach report.

Solution

Change all account passwords that share a password to a Zynga account immediately.

What Our Customers Say

5/5

Make Our Team, Your Team!

Our innovative IT security and compliance solutions are designed to deliver customized, cost-effective service on time—because your priorities are our priorities. With a highly qualified team of PCI-DSS QSAs, Penetration Testers, and Information Security Consultants here at MegaplanIT, we will assess your unique company and business environment and design a path to security that will fit all of your needs.