Deloitte says it’s been hacked

https://krebsonsecurity.com/wp-content/uploads/2017/09/deloitte-580x364.png

“The global accountancy firm Deloitte said Monday it was the victim of a hack that targeted its email system.

The cybersecurity breach, which was first reported by The Guardian newspaper on Monday, impacted “only very few clients,” Deloitte said in an emailed statement.

The firm said it contacted “governmental authorities immediately after it became aware of the incident …. No disruption has occurred to client businesses, to Deloitte’s ability to continue to serve clients, or to consumers.”

Deloitte is one of the “big four” accounting firms, offering audit, tax and advisory services to large global corporations. It reported global revenue of nearly $39 billion in its latest fiscal year, and risk advisory was one of its fastest growing business segments. Its competitors include PwC, EY and KPMG.

The Guardian reported Monday that the hack compromised “confidential emails and plans of some of its blue-chip clients,” but the breach went unnoticed for months.”

Read more details here.

Author: Alanna Petroff

Uber admits it failed on consumer privacy, settles with FTC

http://theurbantwist.com/wp-content/uploads/2017/01/uber.jpg

“Remember when Uber employees were reportedly tracking their ex-girlfriends and Beyoncé with a secret God View feature?

Uber just admitted that it had flaws in its privacy guarantees. The ride-hailing giant agreed to settle charges from the Federal Trade Commission that it deceived customers by failing to monitor employee access to their personal information and that it failed to secure sensitive consumer data stored in the cloud.

“Uber failed consumers in two key ways: First by misrepresenting the extent to which it monitored its employees’ access to personal information about users and drivers, and second by misrepresenting that it took reasonable steps to secure that data,” FTC Acting Chairman Maureen K. Ohlhausen said in a statement. “This case shows that, even if you’re a fast-growing company, you can’t leave consumers behind: you must honor your privacy and security promises.”

As part of its settlement agreement, Uber will implement a new privacy program, and be regularly and independently audited every two years for the next 20 years. Uber is also prohibited from misrepresenting how it monitors internal access to consumer information and how it protects consumer data.”

Read more details here.

Author: Emma Hinchliffe

Beware Google Chrome scam that could inject malware into your computer

“A Google Chrome scam that could infect your computer with malware continues to pose a threat to users, according to cybersecurity experts.

Last month security company Proofpoint warned that hackers can inject script into poorly-protected web pages. The script, which targets the Chrome browser on Windows, rewrites the compromised website on the victim’s browser to make the page unreadable and creates a fake issue for the user to resolve.

A popup, which contains the message “The ‘HoeflerText’ font wasn’t found,” urges users to download an update to their computers. The update, however, is actually a malware download.”

Read more details here. 

Author: James Rogers