Global Cyber News Digest

Canadian city loses big money in phishing scam

Source: AFP By: FNU LNU 16August2019

* The city of Saskatoon in Canada's western prairies has lost more than Can $1 million to a fraudster posing as a construction executive, in the latest online phishing scam to plague one of the country's cities. * The fraudster impersonated the chief financial officer of a local construction company to advise the city of a change in banking information in an email, the local government said in a statement.

Chinese Cyber-Spies Target US-Based Research University

Source: Security Week
By: Ionut Arghire
Published: August 20, 2019

* A recently analyzed Chinese cyber-espionage and financially-focused threat actor was observed targeting a web server at a U.S.-based research university, FireEye's security researchers report.
* Tracked as APT41, the threat actor has been active since at least 2012, and has been engaging in both state-sponsored espionage activities and financially-motivated operations since 2014.

Choice Hotels Data Breach Could Impact 700,000 Guests

Source: Travel Pulse
By: Don Wood
Published: August 20, 2019

* A massive data breach of information from guests who stayed at Choice Hotels and its subsidiaries could have impacted as many as 700,000 travelers. * Choice Hotels is the parent company of Clarion, EconoLodge, Comfort Inn, Quality Inn and more. While the company claims most of the data involved in the breach was "test data," the database was left unsecured online for four days before being discovered by a security team.

Stolen fingerprints could spell the end of biometric security - here's how to save it

Source: The Conversation
By: Chaminda Hewage
Published: August 20, 2019

* The biggest known biometric data breach to date was reported recently when researchers managed to access a 23-gigabyte database of more than 27.8m records including fingerprint and facial recognition data.
* This breach highlights a major problem with biometric security systems that effectively use people's biological measurements as passwords. Unlike usernames and passwords, biometric data can't be changed if it is stolen.

VLC Media Player Allows Desktop Takeover Via Malicious Video Files

Source: Threat Post
By: Tom Spring
Published: August 19, 2019

* VideoLAN has released an updated version of its VLC Player to fix over a dozen bugs.
* Two high-risk vulnerabilities in the VLC media player could allow an adversary to craft a malicious .MKV video file that could be used in an attack to gain control of the victim's PC.

$11M Email Scam at Caterpillar Pinned to Nigerian Businessman

Source: BleepingComputer
By: Ionut Ilascu
Published: August 19, 2019

* A Nigerian national that was on Forbes' list of the most promising entrepreneurs in Africa stands accused of business email compromise fraud that stole $11 million from one victim alone.
* Obinwanne Okeke is the founder of Invictus Group, involved in construction, agriculture, oil and gas, telecoms and real estate, according.
* In 2016, Forbes added him to its "Africa's 30 under 30" young business owners.
* Fast forward three years later, the United States District Court for the Eastern District of Virginia issues an arrest warrant in Okeke's name for alleged conspiracies to commit computer and wire fraud.

Extent of Damage for State Farm Credential Stuffing Attack Still in Question

Source: CPO Magazine
By: Scott Ikeda
Published: August 19, 2019

* United States-based insurance giant State Farm recently mailed out a data breach notice to some of its customers. The description of the incident indicates that the company was hit with a credential stuffing attack, with an unknown amount of customer accounts compromised.
* State Farm serves about 83 million households in the United States. The breach notification did not indicate how many of the company's customers were compromised.

First-Time Fine Imposed for GDPR Violations Involving Employee Data Breach

Source: JD Supra
By: FNU LNU
Published: August 19, 2019

* The Hellenic Data Protection Authority (HDPA) recently imposed a EUR 150,000 fine on the international consulting firm PwC for its violations of the new European data protection regulations (the General Data Protection Regulations, or GDPR).
* One year after the entry into force of the GDPR, it was evident that the enforcement activity of privacy protection agencies around the world had been focused on companies' business doings. As a result, companies rarely invest resources in complying with the requirements of privacy protection laws in terms of their employees' data processing.

Rebuilding Your Brand's Reputation After A Cyber Attack

Source: The Hack Post
By: Munawar Gul
Published: August 18, 2019

* It is estimated that one cyber attack occurs every 39 seconds, with millions of records being stolen daily. * Negative feedback travels quickly online, so one thing you cannot afford to do if you receive a complaint, is to sit on your laurels. * See a security breach as the same as any other customer service, only far more serious.

1 · Ransomware attack in Texas targets local government agencies

Source: Engadget
By: Jon Fingas
Published: August 18, 2019

* Ransomware attacks against local governments are still a clear problem, and Texas is discovering this first hand. * The state has revealed that 23 government entities reported a ransomware attack on the morning of August 16th.