Hackers ‘take over Boeing 757’ as it’s sitting on the runway, without the pilots realizing

https://www.britishairways.com/assets/images/information/about-ba/fleet-facts/airbus-320-200/photo-gallery/750x500-airbus-320-200-1.jpg

Security researchers have shown off alarming hacks where they ‘take over’ cars – but a new demonstration may be the scariest yet.

Security researchers from America’s Homeland Security were able to remotely ‘hack’ a Boeing 757 while it sat on the runway, without the pilots being aware.

For more details, read here.

Author: Rob Waugh

Hackers may have accessed data of millions of T-Mobile customers

http://media.syracuse.com/news/photo/2014/07/02/t-mobile-3c4c4b06bcf7a433.jpg

“A bug on T-Mobile‘s website may have allowed hackers to view your personal information. The bug, which has since been patched, allowed hackers to view your email address, account number, and even your phone’s IMSI number (a unique number that identifies subscribers). According to the researcher that found the bug, there was no way to prevent someone writing a script and finding out the information for all 69.6 million potential victims.”

For more details, read here.

Author: Matt Adams

1,200 Football Players’ Personal Data Exposed In NFL Leak — Colin Kaepernick Included

But that’s what has happened, in a data leak from the website of the NFL Players Association that affects as many as 1,135 football players. And hackers may now have access to all that information, a security expert warned Tuesday.

Ostensibly, hackers had found the database, attempted to lock it up and demand payment to open it. That ransom note contained the threat that hackers would release information from the database to the public unless 0.1 bitcoins (worth approximately $428) was sent to their wallet. It’s unclear if the ransomware attempt was successful; the bitcoin wallet had not received any funds at the time of publication.

For more details, read here.

Author: Thomas Fox-Brewster

Deloitte says it’s been hacked

https://krebsonsecurity.com/wp-content/uploads/2017/09/deloitte-580x364.png

“The global accountancy firm Deloitte said Monday it was the victim of a hack that targeted its email system.

The cybersecurity breach, which was first reported by The Guardian newspaper on Monday, impacted “only very few clients,” Deloitte said in an emailed statement.

The firm said it contacted “governmental authorities immediately after it became aware of the incident …. No disruption has occurred to client businesses, to Deloitte’s ability to continue to serve clients, or to consumers.”

Deloitte is one of the “big four” accounting firms, offering audit, tax and advisory services to large global corporations. It reported global revenue of nearly $39 billion in its latest fiscal year, and risk advisory was one of its fastest growing business segments. Its competitors include PwC, EY and KPMG.

The Guardian reported Monday that the hack compromised “confidential emails and plans of some of its blue-chip clients,” but the breach went unnoticed for months.”

Read more details here.

Author: Alanna Petroff

SEC says its corporate filing system was hacked

“Federal securities regulators said late Wednesday that hackers gained access to the government’s electronic system for corporate filings and may have made illicit gains by trading on the information.

The Securities and Exchange Commission discovered the intrusion, which occurred last year, only in August. The agency said in a statement that a software vulnerability in its so-called EDGAR filing system, which publicly listed companies use to make regulatory disclosures, was “exploited” for access to nonpublic information.

“Notwithstanding our efforts to protect our systems and manage cybersecurity risk, in certain cases cyber threat actors have managed to access or misuse our systems,” SEC Chairman Jay Clayton said in a statement disclosing the hack.”

Read more details here.

Author: Alain Sherter

Hackers broke into SEC computer systems and may have traded on the stolen information

Hackers broke into the systems of the top US securities regulator last year, and may have used confidential information to trade in the stock market. The Securities and Exchange Commission said yesterday that criminals exploited a software vulnerability in its filing system. While the breach was detected in 2016 and the weakness patched, the SEC says it wasn’t until last month that the agency realized the information may have been exploited through stock market trades.

It’s the second disclosure this month that cyber criminals exploited records entrusted to a key US financial institution. Credit reporting company Equifax said on Sept. 7 that hackers had stolen personal information, such as social Social Security numbers and birth dates, for about half the nation’s population. In the SEC hack, the agency says personal data wasn’t stolen.

Instead, hackers broke into the SEC’s database of filings, called Edgar (Electronic Data Gathering, Analysis and Retrieval system), which houses information from thousands of public companies that are regulated by the agency. Edgar receives and processes more than 1.7 million electronic filings per year. The intruders may have taken advantage of information in the system that hadn’t yet been made public.

Read more details here.

Author: John Detrixhe

U.S. moves to ban Kaspersky software in federal agencies amid concerns of Russian espionage.

The U.S. government on Wednesday moved to ban the use of a Russian brand of security software by federal agencies amid concerns the company has ties to state-sponsored cyberespionage activities.

In a binding directive, acting homeland security secretary Elaine Duke ordered that federal civilian agencies identify Kaspersky Lab software on their networks. After 90 days, unless otherwise directed, they must remove the software, on the grounds that the company has connections to the Russian government and its software poses a security risk.

Read more details here.

Author: Ellen Nakashima and Jack Gillum

Equifax Faces Multibillion-Dollar Lawsuit Over Hack

A proposed class-action lawsuit was filed against Equifax Inc. late Thursday evening, shortly after the company reported that an unprecedented hack had compromised the private information of about 143 million people.

In the complaint filed in Portland, Ore., federal court, users alleged Equifax was negligent in failing to protect consumer data, choosing to save money instead of spending on technical safeguards that could have stopped the attack. Data revealed included Social Security numbers, addresses, driver’s license data, and birth dates. Some credit card information was also put at risk.

Equifax first discovered the vulnerability in late July, though it chose not to announce it publicly until more than a month later. The company was widely criticized for its customer service approach in the aftermath of the hack, as users struggled to understand whether their information had been affected. Others expressed frustration that three senior executives sold about $1.7 million in stock in the days following the discovery of the hack. A spokeswoman for Equifax said the men “had no knowledge that an intrusion had occurred at the time.”

The plaintiffs in the lawsuit are Mary McHill and Brook Reinhard. Both reside in Oregon and had their personal information stored by Equifax.

Read more details here.

Author: Polly Mosendz
Image: CBS

See if you were someone impacted by the breach.