In Other News: Hyatt Will Pay Hackers to Find Security Vulnerabilities

In Other News:Hyatt Will Pay Hackers to Find Security Vulnerabilities

Hyatt Hotels recently launched a bug bounty program dubbed HackerOne, enabling ethical hackers to report security flaws for rewards up to $4,000. Considering recent card-skimming attacks against the hospitality chain, the innovative platform is designed to “tap into the vast expertise of the security research community to accelerate identifying and fixing potential vulnerabilities”. Other organizations that are following suit and using the platform include Google, Twitter, the US Department of Defense, GitHub, and Qualcomm.

https://www.hotelmanagement.net/tech/hyatt-hotels-launches-bug-bounty-program

What We’re Listening To

What We’re Listening ToKnow Tech TalksThe Continuum PodcastSecurity Now
Defensive Security Podcast 
Small Business, Big Marketing – Australia’s #1 Marketing Show!TubbTalk – The Podcast for IT ConsultantsRisky BusinessFrankly MSPCHANNELe2e

Australia- First National

Australia- First Nationalhttps://www.zdnet.com/article/finger-pointed-at-real-estate-recruiter-after-australian-cv-leak/

Exploit: Leak by “third-party” recruitment agency, Sales Inventory Profile.First National: Real estate network. 

Risk to Small Business: 2 = Severe: Gareth Llewellyn, a security researcher at Brass Horn Communications, originally discovered how the CVs of job applicants of First National had been “inadvertently published” online. At least 12 company offices were affected, and the breach has been pinned to a third-party vendor, Sales Inventory Profile. Such a breach can negatively impact the brand reputation of the organization, even though the vulnerability came from a recruiting agency. Yet another example of why it is crucial to evaluate third-party vendors and secure data on all fronts.

Individual Risk: 2.571 = Moderate: Published CV’s included full names, addresses, phone numbers, date of births, and other personal information. Even without payment information, customers should be weary of unusual transactions.

Customers Impacted: 2,000 job applications.How it Could Affect Your Customers’ Business: Small breaches that expose personal details have consequences that are not easily quantified monetarily but can be catastrophic. Promising employees could choose to work elsewhere, whether or not a third-party was liable for the breach. Businesses must increase the importance they place on database and vendor management in order to protect user privacy and safety.ID Agent to the Rescue: See why Peter Verlezza, Managing Director at SMB Networks uses Dark Web ID and SpotLight ID to monitor real-time domain and login credentials: “I’m already helping to protect my customers with real-time domain monitoring provided by Dark Web ID. By protecting the people who work for those customers with the affordable and government-tested personal identity monitoring SpotLight ID delivers, I know my customer’s business is that much safer from potential breach”.

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Australia - Early Warning Network

Australia - Early Warning Networkhttps://www.csoonline.com/article/3331596/security/australian-emergency-warning-system-hacked-thousands-receive-alerts.html

Exploit: Compromise of login details.Early Warning Network (EWN): Emergency weather alert system of Australia.

Risk to Small Business: 2.555 = Moderate: Interestingly enough, the hack involved an unauthorized individual posting a spam message with a link to some customers stating that "EWN has been hacked. Your personal data is not safe. Trying to fix the security issues." Yet the system did not store personal information and only a small portion of the database received the alert, which means that there should be limited repercussions for EWN. At the same time, investigations are still ongoing with the Australian Cyber Security Center.

Individual Risk: 3 = Moderate:  Fortunately, no sensitive data was compromised since the actual data held in the system was “just ‘white pages’ type data”, as indicated by managing director Kerry Plowright. Nevertheless, the responsible party and their motive has not been identified.

Customers Impacted: None.
How it Could Affect Your Customers’ Business: The absence of personal information exposure is encouraging, but it is still alarming that the system was compromised and a message was sent to customers. As cybersecurity awareness continues to rise in Australia, public perceptions are gravitating towards fear and increased vigilance. Small businesses must partner with security solutions and communicate their commitment to avoiding data breaches in order to attract, convert, and retain customers.ID Agent to the Rescue: See why Peter Verlezza, Managing Director at SMB Networks, uses Dark Web ID and SpotLight ID to monitor real-time domain and login credentials: “I’m already helping to protect my customers with real-time domain monitoring provided by Dark Web ID. By protecting the people who work for those customers with the affordable and government-tested personal identity monitoring SpotLight ID delivers, I know my customer’s business is that much safer from potential breach”.

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Singapore- SingHealth

Singapore- SingHealthhttps://www.zdnet.com/article/employees-sacked-ceo-fined-in-singhealth-security-breach/

Exploit: Initial malware infection coupled with a multi-pronged attack.SingHealth: Singapore’s largest group of healthcare institutions.

Risk to Small Business: 1.444 = Extreme: Besides for the relentless onslaught of articles and news detailing SingHealth’s negligence and lack of “security hygiene”, high-profile members of management were terminated, demoted, and fined. As you can imagine, the long-term implications for employee morale are less than desirable, along with crippling blows to culture, brand, and customer trust.

Individual Risk: 2 = Severe: Although the theft initially occurred between a short period of time (June 27, 2018 to July 4, 2018), data stolen included names, NRIC numbers, addresses, gender, race, and dates of birth. Even worse, around 160,000 also had their outpatient prescriptions taken. It is believed that Prime Minister Lee Hsien Loong was a primary target for the hack, but you can expect the data collected to be sold to the highest bidder.

Customers Impacted: 1.5M individuals.How it Could Affect Your Customers’ Business: Aside from the laundry list of penalties for incurring such a breach, an affected organization must continue business as-is while restoring operations. In this case, SingHealth has imposed a “temporary Internet surfing separation” on 28,000 staff’s work computers. With an entirely new set of security processes to manage while avoiding disruptions caused by the breach, customers should begin to see the value in proactively implementing IT protocols and monitoring for stolen credentials.ID Agent to the Rescue: SpotLight ID allows MSPs, Resellers and Channel Partners to deliver comprehensive personal identity protection for clients’ employees and customers, ultimately safeguarding corporate systems. Get started here: https://www.idagent.com/identity-monitoring-programs.

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

India- Amazon

India- Amazonhttps://threatpost.com/data-exposed-oxo-amazon-mongodb/140802/Exploit: Internal technical glitch.Amazon India: Online shopping site in India.

Risk to Small Business: 2.111 = Severe:  When a company the size of Amazon is involved, issues regarding the erosion of customer loyalty and loss of brand equity can be measured in six-figure range digits. Although the breach exposed the tax data of 400,000 sellers on Amazon, only 0.2% of the seller base, and was rectified immediately, it remains to be seen what the long-term effects for enterprise customers are.

Individual Risk: 2.428 = Severe: Tax data can reveal significant information on Amazon sellers, but the breach was contained and it is likely that no data was maliciously harvested. At the same time, the glitch allowed users to view details of other sellers, which could potentially place sensitive business details in jeopardy.

Customers Impacted: 400,000 sellers.How it Could Affect Your Customers’ Business: No business owner wants their tax information in the hands of the wrong person. Even a small business glitch has the potential to expose proprietary information such as intellectual property, competitive advantages, or earnings, which means that a sustained glitch in seller data could be much more impactful than it appears. Brainstorm how you can work with your security providers to protect and obscure such information.ID Agent to the Rescue: DarkWeb ID can help you proactively monitor if customer data is being leaked on the Dark Web, helping reduce the impact of such a breach. See how you can benefit here:  https://www.idagent.com/dark-web/.

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States- DiscountMugs.com

United States- DiscountMugs.comhttps://www.thepaypers.com/digital-identity-security-online-fraud/credit-card-data-breach-at-discountmugs-com/776755-26

Exploit: Injection of card skimming code into website.DiscountMugs.com: E-commerce website for custom mugs and apparel.

Risk to Small Business: 1.666 = Severe: When hackers can extract credit card numbers from your customers for four months long undetected, the aftermath is never good. Although the company identified that orders between August 5 and November 16 of 2018 had been compromised, the number of shoppers affected has not been determined. Customers will think twice before purchasing from the website and will likely consider competitors with better online security.

Individual Risk: 2.428 = Severe: Given that the cyber attack occurred just before a busy holiday shopping season, you must wonder if the cyber criminals planned their timing strategically. They stole everything from credit card numbers, security codes, and expiration dates, to names, addresses, phone numbers, email addresses and ZIP codes. With this information in hand, anyone is capable of orchestrating payment fraud.

Customers Impacted: To be determined.How it Could Affect Your Customers’ Business: Payment breaches are frightening for businesses and their customers. As American consumers begin to experience how cyber attacks affect them first-hand, they will put their digital dollars towards websites that can protect their financial information.ID Agent to the Rescue: Dark Web ID monitors the Dark Web and can help discover this form of breach before it hits the news cycle. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web/.

Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.