Network Security News Weekly

Current cybersecurity news to keep
you informed.

IT Services | Government | Financial |
Healthcare | Non-Profit

Network Security News Weekly

Articles of interest from the week of April 2, 2018

Credit Card Data Swiped From 5M Saks, Lord & Taylor Customers
Hackers stole credit and debit card information from millions of consumers who have shopped at Saks Fifth Avenue and Lord & Taylor stores. Parent company, Hudson’s Bay Company, confirmed the security breach on Sunday, stating that customer payment card data at certain Saks Fifth Avenue, Saks Off 5TH and Lord & Taylor stores in North America are impacted. (By: , Threatpost)

Under Armour breach exposes the personal data of 150 million people
"On March 25, the MyFitnessPal team became aware that an unauthorized party acquired data associated with MyFitnessPal user accounts in late February 2018," reads a press release detailing the breach. "The investigation indicates that the affected information included usernames, email addresses, and hashed passwords - the majority with the hashing function called bcrypt used to secure passwords." (By: , Mashable, Inc.)

Boeing production plant hit with WannaCry ransomware attack
A Boeing production plant in Charleston, South Carolina was hit by the WannaCry ransomwear cyberattack on Wednesday, according to a report from the Seattle Times. Mike VanderWel, the chief engineer at Boeing Commercial Airplane production engineering, sent out a company-wide memo calling for “all hands on deck.” (By: , The Verge)

Philippine central bank has thrown an alert after SWIFT hackers hit Malaysia central bank
The Philippine central bank has thrown an alert to local financial institutions following a cyber attack against the Malaysian central bank. According to Malaysian governor, the hackers attempted to steal money through fraudulent wire transfers, the good news is that the attack failed. (By: , Security Affairs)

Apple macOS issues reveal passwords for APFS encrypted volumes in plaintext
A vulnerability in APFS file system for macOS High Sierra operating system has been discovered by forensic analysts. According to the analysts, the flaw exposes passwords of encrypted external drives in plain text. (By: , Security Affairs)

Tens of thousands of misconfigured Django apps leak sensitive data
Security researchers have discovered misconfigured Django applications that are exposing sensitive information, including passwords, API keys, or AWS access tokens. Django is a very popular high-level Python Web framework that allows rapid development of Python-based web applications. The researchers explained that installs expose data because developers forget to disable the debug mode for the Django app. (By: , Security Affairs)

Microsoft Fixes Bad Patch That Left Windows 7, Server 2008 Open to Attack
Microsoft released an out-of-band fix on Thursday for a Windows vulnerability introduced earlier this year as a patch. If exploited, the bug could allow an authenticated attacker to install programs, access stored data or create new accounts with full user rights on Windows 7 and Server 2008 R2 machines. (By: , Threatpost)

We're Only Human: Why Business Email Compromise Scams Still Work
Criminals have recognized that the user behind the computer screen remains the most vulnerable security feature when attempting to compromise and defraud a company or individual. Exploiting the 'human factor' can be done simply and cheaply without using any special tools, malware, or technical knowledge. With only a small amount of research, threat actors can effectively impersonate a trusted source of a targeted company. (By: Alexandrea Berninger, IBTimes Co., Ltd)

Getting Your Staff to Take Cybersecurity Seriously
It doesn’t matter what type of business you run, you always need to make sure your cybersecurity is top-notch and on par with modern standards. And even if you take all the necessary steps and do your best to make everything secure, no one can guarantee that safety. Why? Because of the biggest security flaw there is: the human factor. (By: , The Staffing Stream)

Preventing The Next Ransomware Attack
WannaMine and other cryptocurrency mining malware pose a unique threat to enterprises because the malware is particularly stealthy, enabling hackers to mooch off of the organization’s power and available resources to fund illegal activities. (By: , INFOSECURITY MAGAZINE)

Sign Up For Netsec News Weekly

Contact Us

If you are concerned about a potential breach or if you are currently experiencing a breach and require immediate assistance, contact our 24x7x365 Emergency Hotline:


Ingalls Information Security
Ingalls Information Security is a Pure-Play Cybersecurity Services Company with 100% of Operations in the United States