Sign up to save your podcasts
Or
Share Cyber & Crypto Podcast - Episode 2
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Cyber & Crypto Podcast - Episode 2
Ticketmaster Hack with widely used tools. RiskIQ says it has identified malicious code within a different third-party marketing and analytics service used by Ticketmaster. The service is developed by a company called SociaPlus.
“This supplier was also breached by the Magecart actors, and the scripts they served to customers were modified on subdomains specifically set up for Ticketmaster as a customer,” RiskIQ says. “We observed instances in December 2017 through January 2018 where the Magecart skimmer was added to one of the SociaPlus scripts and subsequently injected into multiple Ticketmaster websites.”
http://links.ismgcorp.com/I080GZf0pFIYkd0R0Z0XI08
Cryptocurrency Exchange Developer Bancor loses 23.5 Million. Based on the currently published details, it seems that the Bancor hack was enabled by permissioned backdoors that were put in the smart contracts by the team, and were presumably compromised by the attackers.
http://links.ismgcorp.com/CXI0020Kp0ZZ0kdf0R88I0F
Hospital diverts ambulances due to ransomware attack – Missouri county medical center. Happened on a Monday at 11am and that Wednesday they were only 70% restored.
http://links.ismgcorp.com/HZ0008R0kI3fZIF0p8X00Ld
Timehop breach – 21 million users are affected by a breach that exposed names, email addresses, access tokens and for some users, phone numbers. Someone obtained valid user credentials for an administrator account and then used those credentials to log into Timehop’s cloud services provider. The unauthorized user created a new administrator account and then began doing reconnaissance, Timehop says in a technical write-up.
“For the next two days, and on one day in March 2018 and one day in June 2018, the unauthorized user logged in again and continued to conduct reconnaissance,” the company says.
http://links.ismgcorp.com/n0ZI02f00Rkp0IX0f708dVF
Multi-factor Providers:
duo.com
okta.com
How-to articles for setting up 2-factor:
https://www.pcmag.com/feature/358289/two-factor-authentication-who-has-it-and-how-to-set-it-up/2
https://www.theverge.com/2017/6/17/15772142/how-to-set-up-two-factor-authentication
Follow me on Twitter @eenglish34
View all episodes
By Eric English
4.6
2424 ratings
Ticketmaster Hack with widely used tools. RiskIQ says it has identified malicious code within a different third-party marketing and analytics service used by Ticketmaster. The service is developed by a company called SociaPlus.
“This supplier was also breached by the Magecart actors, and the scripts they served to customers were modified on subdomains specifically set up for Ticketmaster as a customer,” RiskIQ says. “We observed instances in December 2017 through January 2018 where the Magecart skimmer was added to one of the SociaPlus scripts and subsequently injected into multiple Ticketmaster websites.”
http://links.ismgcorp.com/I080GZf0pFIYkd0R0Z0XI08
Cryptocurrency Exchange Developer Bancor loses 23.5 Million. Based on the currently published details, it seems that the Bancor hack was enabled by permissioned backdoors that were put in the smart contracts by the team, and were presumably compromised by the attackers.
http://links.ismgcorp.com/CXI0020Kp0ZZ0kdf0R88I0F
Hospital diverts ambulances due to ransomware attack – Missouri county medical center. Happened on a Monday at 11am and that Wednesday they were only 70% restored.
http://links.ismgcorp.com/HZ0008R0kI3fZIF0p8X00Ld
Timehop breach – 21 million users are affected by a breach that exposed names, email addresses, access tokens and for some users, phone numbers. Someone obtained valid user credentials for an administrator account and then used those credentials to log into Timehop’s cloud services provider. The unauthorized user created a new administrator account and then began doing reconnaissance, Timehop says in a technical write-up.
“For the next two days, and on one day in March 2018 and one day in June 2018, the unauthorized user logged in again and continued to conduct reconnaissance,” the company says.
http://links.ismgcorp.com/n0ZI02f00Rkp0IX0f708dVF
Multi-factor Providers:
duo.com
okta.com
How-to articles for setting up 2-factor:
https://www.pcmag.com/feature/358289/two-factor-authentication-who-has-it-and-how-to-set-it-up/2
https://www.theverge.com/2017/6/17/15772142/how-to-set-up-two-factor-authentication
Follow me on Twitter @eenglish34