Data Security Blog Articles
Keeping You Up-To-Date With The Latest Security & Compliance News
Data Security
October 30th
9:30AM
Data Breach Report: September 29th 2019
Welcome to our weekly breach report. This newsletter we will report on recent cybersecurity breaches where user data was stole, compromised or extorted. This newsletter is designed to keep you informed so that you can protect yourself when navigating cybersecurity threats in our digital world.
Data Breach Report: September 29th 2019
Welcome to our weekly breach report. This newsletter we will report on recent cybersecurity breaches where user data was stole, compromised or extorted. This newsletter is designed to keep you informed so that you can protect yourself when navigating cybersecurity threats in our digital world.
Baltimore Ransomware
The city of Baltimore was encountered with a ransomware attack in early May. Balitmore’s systems vulnerable to Eternalblue, which exploits a vulnerability in SMBv1 servers, commonly found in Windows XP and Vista systems. The attackers went after their online services and records and demanded 13 bitcoins to unlock the data. The city rejected the ransom and has spent more than $18.2 million to recover. Baltimore’s information technology department stated that outdated proper backup method was the primary reason for the loss of data.
Root Cause
Robinhood ransomware utilizes the Eternalblue exploit to stop key windows system functions that control repair tools and security controls. The ransomware then proceeds to encrypt system files and finishes by deleting log files. Outdated proper backups did not allow for the easiest method of dealing with ransomware: simply restoring systems from backups.
Security Impact
The city government’s assets were rendered unusable and due to lack of backups, incurred massive expenses to restore everything as the city government refused to pay the ransom.
Solution
Organizations must ensure that proper onsite and offsite backups are made regularly to avoid complete data loss.
Door Dash
The food delivery company DoorDash revealed that 4.9 million customers, delivery workers, and merchants have had their information stolen this past May. The company noticed unusual activity in the beginning of September and realized what had happened. An unauthorized third party accessed consumer data such as password hashes, names, email addresses, customer addresses, order history, and phone numbers. DoorDash has since added further security measures to improve its ability to recognize these threats. The company also suggested users to reset their passwords as well as being cautious with sharing your personal information online.
Root Cause
A 3rd party solution provider that worked with DoorDash was compromised.
Security Impact
A 3rd party solution provider that worked with DoorDash was compromised.
Solution
Certifications or regular audits conducted to ensure that organizations remain compliant must be conducted and enforced regularly.
A flaw was discovered in the Android version of WhatsApp that allows for privilege escalation and remote code execution on vulnerable devices using malicious GIFs. For the attack to work, the victim need only download the GIF and open the WhatsApp Gallery. The attack utilizes a double-free bug, which involves calling to the same memory location twice, which can open a vulnerability. Avoid the use of GIFS in WhatsApp, update WhatsApp to the latest version as soon as possible, or avoid use altogether.
Root Cause
There are two attack vectors that were used: Local privilege escalation and remote code execution. Local privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access. Remote code execution is an attacker's ability to execute arbitrary commands or code on a target machine or in a target process.
Security Impact
Millions of devices are vulnerable to potential root control due to the security flaws in WhatsApp.
Solution
Certifications or regular audits conducted to ensure that organizations remain compliant must be conducted and enforced regularly
Word With Friends
More than 218 million Words with Friends accounts were hacked in the month of September. The Pakistani hacker, known as Gnosticplayers, had previously stolen data from 45 online services earlier in 2019. He has now claimed to have hacked Zynga Inc. Zynga is one of the world’s most popular gaming companies and has over a billion people playing their games. The breach affected any iOS and Android users who downloaded the game before September 2nd this year. The company revealed the hacker got access to emails, login names, and passwords. Since then, Zynga has taken precautions to protect consumer accounts and requested people to update their passwords. Same passwords used across other sites and accounts should also be changed.
Root Cause
Proper security controls to ensure that data was not compromised were not in place and were not properly audited.
Security Impact
A 3rd party solution provider that worked with DoorDash was compromised.
Solution
Change all account passwords that share a password to a Zynga account immediately.
What Our Customers Say
☆☆☆☆☆ 5/5
For 2018 there was no question who we would engage to help us get through the process. They were excellent and the process was easier the second time around.
Travel Related Technology and Payment SolutionsCEO
For the past four years, we have partnered with MegaplanIT for our annual PCI-DSS Level 1 audit. In addition to that annual work, we have also found them to be a great source of advice and best-practice recommendations; their expertise has helped us conceptualize and plan the robust, secure systems that our customers count on each day. Their team is a pleasure to work with, and we highly recommend their people and services.
Payments and Software CompanyChief Technology Officer
Our Security Consultant was extremely well organized, knowledgeable , personable and responsive. Our IT Director was extremely satisfied. I shopped for year one and MegaplanIT was the most reasonable and all-encompassing and you felt they were in it for a long term relationship. Do not hesitate to hire MegaplanIT they are very approachable and responsive. I heartily recommend them
Travel Related Technology and Payment SolutionsCEO
From sales to the final report (and everything in between), working with MegaplanIT has been a pleasure. Their vast PCI knowledge, along with their fast response times far exceeded my expectations. They truly understand PCI, and how that applies to our virtual environment. They are a great partner, and always try to make themselves available when we need them. A truly professional and dedicated team!
Payment Technology Merchant AcquirerCEO
I feel like their people truly "dig in" and try to find any issues that need patching or remediation. They do it in a non-condemning way, and always look to help us get through the remediation in the safest, fastest and secure way possible.
Payment Processing & E-Commerce SolutionsPresident & CEO
We selected MegaplanIT two years ago to help with our initial PCI DSS certification. As anyone who embarks on this task it is not easy and you need expert guidance and help. MegaplanIT was a great partner to get us through it.
Travel Related Technology and Payment SolutionsCEO
Our experience with MegaPlanIT has been excellent. They did such an excellent job in all phases of our PCI projects that they closed the door for our considering another PCI assessor in the foreseeable future.
Health & Fitness CompanyCEO
We’ve used Megaplan IT for PCI-DSS and HIPAA certification over the past 5 years. They’ve always been professional leaders of information security and of PCI and HIPAA practices. Our auditors never hesitate to take the time to educate on the “why behind the what” when needed, which is definitely a value-add to the services MegaplanIT performs for us.
Technology Payment Solutions / Financial ServicesChief Information Officer
Previous
Next
Make Our Team, Your Team!
Our innovative IT security and compliance solutions are designed to deliver customized, cost-effective service on time—because your priorities are our priorities. With a highly qualified team of PCI-DSS QSAs, Penetration Testers, and Information Security Consultants here at MegaplanIT, we will assess your unique company and business environment and design a path to security that will fit all of your needs.