Home Tags Posts tagged with "security breach"

security breach

0

Hyatt hotels are warning visitors of a security breach in the company’s customer payment system.

The hotel group said it had found malware on the payment processing computers for the hotels it managed.

Hyatt’s global president of operations Chuck Floyd said that the problem had been fixed, but advised past customers to check bank statements for any unusual activity.

“As soon as we discovered the activity, we launched an investigation,” said Chuck Floyd.Hyatt Hotels security breach

The Chicago-based Hyatt group has 627 properties in its portfolio, although it said only the 318 it managed directly were affected by the malware, with franchised hotels unaffected.

Hyatt did not say whether the malware had led to any customer information being accessed, but did say it had hired independent cybersecurity experts to help investigate.

The company has set up a webpage to communicate updates to its customers.

“We have taken steps to strengthen the security of our systems, and customers can feel confident using payment cards at Hyatt hotels worldwide,” said Chuck Floyd.

Hyatt is not the first hotel group to admit it has had to tackle such a cybersecurity breach.

The Hilton, Starwood, Mandarin Oriental and Trump Collection hotel groups have also faced security problems with customer payment information in 2015.

0

Chinese hackers appear to have accessed sensitive data on US intelligence and military personnel, American officials say.

Details of a major hack emerged last week, but officials have now given details of a potential second breach.

It is feared that the attack could leave US security personnel or their families open to blackmail.

The Office of Personnel Management (OPM), is yet to comment on the reports.

Officials, who spoke on condition of anonymity to the Associated Press, believe the attackers have targeted the forms submitted by intelligence and military personnel for security clearances.

The document includes personal information – everything from eye color, to financial history, to past substance abuse, as well as contact details for the individual’s friends and relatives.

Photo Getty Images

Photo Getty Images

A 127-page vetting document called Standard Form 86 may have been accessed. Among the questions potential employees are asked:

  • In the past seven years, have you defaulted on any loans?
  • Have you ever voluntarily sought counseling or treatment as a result of your use of alcohol?
  • In the last seven years, have you illegally used any drugs or controlled substance?

A White House statement said investigators had a “high degree of confidence” that background information on government employees had been accessed.

Joel Brenner, a former US counterintelligence official, called the data a “gold mine” for hackers.

It is also believed the breach of personal data of US government workers announced last week may be far larger than previously reported.

Initial estimates put the number of people potentially affected at four million, but officials close to the investigation told AP that as many as 14 million might be involved.

The US has said the hackers, thought to be behind both attacks, are believed to be based in China. Beijing called the claims “irresponsible”.

The Obama administration meanwhile announced further measures to beef up cybersecurity on June 12.

A White House statement said: “Recent events underscore the need to accelerate the administration’s cyber strategy and confront aggressive, persistent malicious actors that continue to target our nation’s cyber infrastructure.”

Secret Service Director Julia Pierson has resigned following several high-profile security lapses.

Julia Pierson offered her resignation to the Secretary of the Department of Homeland Security on October 1.

On September 30, Julia Pierson faced angry questions in Congress about a major breach of White House security.

News of another incident involving an armed man allowed in an elevator with President Barack Obama compounded calls for her to go.

“Today Julia Pierson, the Director of the United States Secret Service, offered her resignation, and I accepted it,” Secretary of Homeland Security Jeh Johnson wrote in a statement.

“I salute her 30 years of distinguished service to the Secret Service and the Nation.”

President Barack Obama also expressed his appreciation to Julia Pierson for her long history of public service, White House spokesman Josh Earnest told reporters on October 1.

Julia Pierson offered her resignation because “she believed it was in the best interests of the agency to which she has dedicated her career”, Josh Earnest added.

Julia Pierson faced angry questions in Congress about a major breach of White House security

Julia Pierson faced angry questions in Congress about a major breach of White House security

In an interview with Bloomberg News after her resignation was announced, Julia Pierson said she knew Congress had “lost confidence in my ability to run the agency”.

Joseph Clancy, in charge of the presidential protective division of the Secret Service, will take over as acting interim director.

High-ranking members of the Congress had been calling for Julia Pierson’s resignation in the wake of her testimony before a House oversight committee on September 30.

There Julia Pierson acknowledged the Secret Service security plan was “not executed properly” during a recent breach of the White House.

On September 19, suspect Omar Gonzalez, 42, allegedly scaled a fence and gained entry to the White House while carrying a knife.

On October 1, Omar Gonzalez pleaded not guilty to charges against him, including entering a restricted building or grounds while carrying a deadly or dangerous weapon.

Prosecutors say Omar Gonzalez jumped the main fence around the White House and gained entry inside through an unlocked door, then barreled past a guard and ran into the East Room before being tackled.

The incident is the latest in a string of security lapses overseen by the Secret Service, tasked with guarding the Obama family.

On September 16, President Barack Obama is said to have been in an Atlanta elevator with an armed security contractor who had assault convictions.

This contravened a protocol that only members of the Secret Service are allowed to carry weapons in the presence of the president.

[youtube af1-5JGtudI 650]

President Barack Obama rode in an elevator this month with an armed security contractor who had assault convictions, in what appears to be another security lapse.

It happened on September 16 when Barack Obama visited the Centers for Disease Control and Prevention (CDC) in Atlanta.

The incident came to light on September 30, hours after Julia Pierson, the boss of the Secret Service, was grilled by Congress about a security breach at the White House.

An armed contractor with violent criminal record got in the elevator with President Barack Obama during his visit at CDC in Atlanta

An armed contractor with violent criminal record got in the elevator with President Barack Obama during his visit at the CDC in Atlanta (photo Reuters)

A Secret Service official confirmed the incident but declined to comment.

The gun was found when the man was questioned after taking a video in the elevator and was immediately fired by his employers, according to newspaper reports.

The Washington Post said the man had three convictions for assault and battery.

“This person was within arm’s length of the president with a gun,” said Utah congressman Jason Chaffetz, who was told of the incident by a whistleblower.

It will come as another embarrassment on the day when Secret Service Director Julia Pierson took responsibility before a hostile House oversight committee hearing for an “unacceptable” security breach at the presidential residence.

[youtube kD6vRjNvJGI 650]

0

A second fence has been erected between the White House and a thoroughfare popular with tourists, local residents and workers, days after Omar Gonzalez scaled the main fence and entered the mansion through an unlocked door.

The Secret Service said the new fence created a “temporary buffer zone” while it reviewed its procedures.

The new barrier is a series of linked sections about 3.2ft high.

Omar Gonzalez, 42, is being held in connection with September 19 intrusion.

Authorities say the man was carrying a 3.5in knife and faces charges of unlawfully entering a restricted building carrying a “deadly or dangerous weapon”.

A second fence has been erected between the White House and a thoroughfare popular with tourists, local residents and workers

A second fence has been erected between the White House and a thoroughfare popular with tourists, local residents and workers

Omar Gonzalez, an Iraq War veteran, was previously stopped by Virginia police in July. Officers found two powerful rifles, four handguns and other firearms and ammunition in Omar Gonzalez’s vehicle along with a map marking the White House.

An unnamed federal law enforcement official told the Associated Press news agency Secret Service agents had interviewed Omar Gonzalez twice during the summer but concluded there was no evidence he was a security threat.

President Barack Obama and his family were not at the White House when the intrusion happened, having departed about 10 minutes earlier by helicopter.

The new fence went up late Monday evening.

The Secret Service, which protects the president, the vice-president, their families and visiting foreign dignitaries, in addition to other security duties, did not say how long the second barrier would be in place.

A review of security was initiated by Secret Service director Julia Pierson, who also ordered “the immediate enhancement of officer patrols and surveillance capabilities” around the White House.

Pennsylvania Avenue, which runs in front of the north facade of the White House, was closed to vehicular traffic in 1995 but remains highly popular with tourists as well as residents and office workers seeking a short cut through the parks surrounding the president’s home.

Since September 19, Washington DC residents and media figures have angrily rejected the suggestion the Secret Service screen pedestrians and cyclists who want to enter the closed stretch of Pennsylvania Avenue or block it off entirely.

[youtube d9zktGsrLFM 650]

Armed robbers have made off with a “gigantic” haul of diamonds after a rapid raid at Brussels Airport.

They broke through a fence on Monday evening and stole gems which could be worth 50 million euros ($67 million), as they were being loaded from a Brinks security van onto a Swiss-bound plane.

They escaped back through the same hole. Police later found a burned-out vehicle close to the airport.

Police are looking for eight men, a prosecutors’ spokeswoman said.

Caroline De Wolf, of the Antwerp World Diamond Centre, estimated the haul at 50 million euros, saying: “What we are talking about is obviously a gigantic sum.”

AFP quoted an unnamed spokeswoman at the same Antwerp centre calling the robbery “one of the biggest” ever.

She said that the diamonds were “rough stones” being transported from Antwerp to Zurich.

Armed robbers have made off with a "gigantic" haul of diamonds after a rapid raid at Brussels Airport

Armed robbers have made off with a “gigantic” haul of diamonds after a rapid raid at Brussels Airport

Antwerp is the hub of the world diamond trade – about 150 million euros’ worth of stones move in and out of the city every day, the spokeswoman added.

Brussels prosecutor’s spokeswoman Anja Bijnens said the thieves were masked and well armed, but no shots were fired and no-one was hurt in the raid.

They used two vehicles, the raid was over in a matter of minutes, and they made off into the night.

An airport spokesman, Jan Van Der Crujsse, said the robbers made a hole in the perimeter fence and drove up next to the Swiss passenger plane that was preparing to leave.

He could not explain the security breach.

“We abide by the most stringent rules,” he said.

[youtube dJ2FxeqXLqs]

Despite security warnings a shocking number of internet users continue to use some of the most blatant letter and number combinations.

In the wake of a security breach at Yahoo a Slovakian IT security company has released a list of the most commonly used passwords for hacked accounts.

ESET carried out a study of the almost half a million account details leaked online by an unknown hacker group, as reported by Yahoo News.

Analysts found that almost 1,700 (0.38%) of the hacked accounts were protected with the password “123456”, while 780 users opted for “password”.

In 2011 “password” was the most commonly used password, according to password management application maker SpashID.

Also in the top 10 were “welcome”, “abc123” and “qwerty”. They are easy to remember but also very easy to guess.

In the wake of a security breach at Yahoo a Slovakian IT security company has released a list of the most commonly used passwords for hacked accounts

In the wake of a security breach at Yahoo a Slovakian IT security company has released a list of the most commonly used passwords for hacked accounts

ESET advised in a statement: “Since all the accounts are in plain-text, anyone with an account present in the leak which also has the same password on other sites (e-mail, Facebook, Twitter, etc), should assume that someone has accessed their account.”

The security breach happened on Wednesday when a hacker group has posted online the details of 450,000 user accounts and passwords it claimed to have stolen from a Yahoo server.

Anyone who is concerned an account was compromised in the Yahoo attack can visit security company Sucuri’s online check at labs.sucuri.net/?yahooleak.

The Ars Technica technology news website reported that the group, which calls itself D33DS Company, hacked into an unidentified subdomain of Yahoo’s website where they retrieved unencrypted account details.

The affected accounts appeared to belong to a voice-over-Internet-protocol (VOIP), service called Yahoo Voices, which runs on Yahoo’s instant messenger.

The Voices service is powered by Jajah, a VOIP platform that was bought by Telefonica Europe BV in 2010.

The hackers’ website where the original claim was made, d33ds.co, was not available later on Thursday.

It was registered in February. Industry website CNET reported the hackers as saying the breach was intended as a ‘wake-up call and not as a threat’ and that Yahoo’s security was lax.

The Voices hack is one of several in recent months.

The business networking service LinkedIn admitted last month that 6.4 million member passwords had been stolen from its website.

  

Top 10 passwords in hacked accounts:

1. “123456” used by 1666 (0.38%)

2. “password” used by 780 (0.18%)

3. “welcome” used by 436 (0.1%)

4. “ninja” used by 333 (0.08%)

5. “abc123” used by 250 (0.06%)

6. “123456789” used by 222 (0.05%)

7. “12345678” used by 208 (0.05%)

8. “sunshine” used by 205 (0.05%)

9. “princess” used by 202 (0.05%)

10. “qwerty” used by 172

 

 Yahoo! News: The most commonly used passwords for hacked Yahoo! accounts

US credit firms Visa, Mastercard and Discover have warned that credit card holders’ personal information could be at risk after a security breach.

The companies said there had been “no breach” of its own system, instead blaming a third party.

Security blog KrebsOnSecurity, which first reported the story, said industry sources believed more than 10 million cards may have been compromised.

Reports suggested the stolen details had been obtained in New York.

The Wall Street Journal quoted its own industry sources as saying card-processing firm Global Payments was the company that suffered the breach. Shares in the company fell by more than 9% on Friday.

Global Payments has not responded to requests for comment.

Visa, Mastercard and Discover have warned that credit card holders' personal information could be at risk after a security breach

Visa, Mastercard and Discover have warned that credit card holders' personal information could be at risk after a security breach

None of the three companies, which are the three of the largest credit card processors would confirm how many customers were affected.

Visa and Mastercard, also used for debit cards of major US banks, said they had notified banks of the breach.

Discover Financial Services said it was monitoring accounts and would reissue cards if necessary.

In a statement, Mastercard said: “[We are] concerned whenever there is any possibility that cardholders could be inconvenienced and we continue to both monitor this event and take steps to safeguard account information.

“If cardholders have any concerns about their individual accounts, they should contact their issuing financial institution.”

Visa echoed Mastercard’s statement, emphasizing that its customers are not responsible for fraudulent purchases.

Gartner analyst Avivah Litan said she believed the breach was related to a taxi garage in New York City.

“So if you’ve paid a NYC cab in the last few months with your credit or debit card – be sure to check your card statements for possible fraud,” she said.

 

Sony music confirmed that Michael Jackson’s entire back catalogue has been stolen by internet hackers.

Sony music suffered its second major security breach in a year, with thieves targeting songs and unreleased material by Michael Jackson.

It’s alleged the hackers downloaded more than 50,000 music files, worth over $250 million, in the biggest ever cyber attack on a music company.

The news comes just a year after Sony paid $395 million for the seven-year rights to the songs following Michael Jackson’s death.

The contract with Michael Jackson’s estate also allowed Sony music to release 10 new albums, including material from studio sessions produced during the making of some of the megastar’s biggest albums.

Michael Jackson, who died in June 2009 at the age of 50, had recorded unreleased duets with artists ranging from the late Freddie Mercury and Black Eyed Peas singer Will.i.am.

In April the details of 77 million gamers were stolen after Sony’s Playstation Network was hacked. The breach cost Sony $167 million and hugely damaged their reputation.

Sony music confirmed that Michael Jackson's entire back catalogue has been stolen by internet hackers

Sony music confirmed that Michael Jackson's entire back catalogue has been stolen by internet hackers

The attack on the Michael Jackson files occurred shortly afterwards but has not been revealed until now.

The hack was discovered during routine monitoring of social networking sites, Michael Jackson fan sites and hacking forums.

A source close to Sony said: “Everything Sony purchased from the Michael Jackson estate was compromised.

“It caused them to check their systems and they found the breach. There was a degree of sophistication.

“Sony identified the weakness and plugged the gap.”

The hack has compromised the work of other artists managed by the firm, including songs by Jimi Hendrix, Paul Simon, Olly Murs, the Foo Fighters and Avril Lavigne.

The source added that the second breach happening so soon after the first “would have made investors and artists think, <<What other part of Sony isn’t secure?>>”

Last night Sony admitted there had been a security breach and that the Michael Jackson material had been stolen but refused to say how much the hackers downloaded.

A source within the company said that although the Michael Jackson estate had been told about the hack the company did not have to make the knowledge public as there was no customer data involved.

They added that computer experts had traced the hack to the UK by examining a “fingerprint” allegedly left behind.

The Serious Organised Crime division took up the case and two men appeared in court last week charged with offences under the computer Misuse Act.

They denied all charges and were remanded on bail.