Learn More

from a solutions specialist

Accounting giant Deloitte hit by hack that went undetected for some time

Accounting giant Deloitte hit by hack that went undetected for some time
September 29, 2017

Deloitte, one of the “big four” accounting firms, was targeted by a sophisticated hack that compromised the confidential emails and plans of some blue-chip clients in a cybersecurity attack that went unnoticed for months. The company provides auditing, tax consultancy and high-end cybersecurity advice to some of the world’s biggest banks, multinational companies, media enterprises, pharmaceutical firms and government agencies. Clients across all sectors had material in the company email system that was breached. The hack was discovered in March, but attackers may have had access to systems since October or November 2016. The hacker compromised the firm’s global email server through a single-password administrator’s account that could have given them privileged, unrestricted access to all areas. In addition to emails, hackers had access to user names, passwords, IP addresses, and architectural diagrams for businesses and health information. Some emails had attachments with sensitive security and design details. Source: The Guardian

College students: Do you have what it takes to crack the code?

Registration is open for the 2017 Codebreaker Challenge, a contest that asks college students to use reverse engineering or the ability to take apart code and fix from scratch a fictional break-in of a government data system. The scenario helps the Department of Homeland Security disarm an improvised explosive device using cybersecurity skills. “Reverse engineering is a crucial skill for those involved in the fight against malware, advanced persistent threats, and similar malicious cyber activities,” the National Security Administration’s contest site says. Source: Voice of America

Hackers might have driven away with Sonic customers’ credit card numbers

Millions of credit card numbers may have been stolen in a security breach at the fast food chain Sonic Drive-In. About 5 million credit and debit card accounts were put up for sale by hackers on Sept. 18. Many of the cards in the for-sale batch recently had been used at Sonic locations. It’s not clear if all the stolen credit card numbers were linked to Sonic; other companies also might have been affected. Source: Money magazine

Russian hackers targeted election systems in 21 states

The Department of Homeland Security notified 21 states that their election systems were targeted by Russia-affiliated hackers in an attempt to influence the 2016 election. In most states targeted, the hackers were engaged in preliminary activities such as scanning. In others, hackers attempted to infiltrate systems and failed, but in some, with only Illinois confirmed so far, election systems were compromised successfully. According to Homeland Security, none of these attempts were aimed at the systems that tabulate votes. Source: Tech Crunch

Federal regulators to be embedded into credit-monitoring companies

Credit reporting agencies are going to have to get used to “a new regime” in the wake of the Equifax consumer data hack, says Richard Cordray, director of the Consumer Financial Protection Bureau. Equifax, TransUnion and Experian will get embedded regulators to ensure that similar breaches of private information don’t happen again. “There has to be a scheme of preventive monitoring in place.” Source: CNBC

Equifax CEO out after data breach, could take millions of dollars with him

Equifax CEO Richard Smith stepped down after the credit reporting agency disclosed a disastrous hack to its computer system that exposed the sensitive personal information of 143 million Americans. Even if a review finds Smith at fault, he could walk away with a retirement package of at least $18.4 million, along with the value of the stock and options awarded during his 12-year tenure. Source: ABC

Senators skewer SEC for delay in reporting 2016 data breach

Senators grilled the chairman of the Securities and Exchange Commission on its handling of a 2016 data breach that was disclosed last week. The hack breached the SEC’s system for handling corporate filings intended for investors, known as EDGAR, raising concerns that hackers may have gained advance looks at filings and engaged in insider trading. SEC Chairman Jay Clayton ordered an investigation, and the organization has created a cyber unit to target market manipulation, hacking and dark-web operatives. Source: The Los Angeles Times

Apple privacy site explains policies, gives examples of how things work

Apple launched a revamped and redesigned privacy website designed to make its privacy policies more accessible to consumers. The site outlines how Apple’s commitment to privacy benefits users through examples of such features as Apple Pay and an iPhone’s pass code. One section covers apps and features, including iMessage, Apple Pay, Health, Analytics, Safari, iCloud, CarPlay, Education, Photos, Siri, Apple Music, News, and Maps. Source: Mac Rumors

DHS to monitor immigrants’ social media accounts; privacy advocates balk

Privacy and freedom of expression groups have slammed Department of Homeland Security plans to monitor and collect social media information on all immigrants to the United States. The department published a new rule under the Privacy Act of 1974 in the Federal Register, detailing how it intends to expand the information it collects when determining a person’s immigration status to include social media handles and potentially even search histories. The new requirement is to take effect Oct. 18. Source: Newsweek

New technique will keep private messages private

Researchers have developed a technique that ensures that only a sender and the recipient can read a message. With current end-to-end encryption, if an attacker compromises a recipient’s device, they can intercept, read and alter all future communications without the sender or recipient knowing. The new protocol forces attackers to leave evidence of any such activity and alerts users to take action. Source: Phys.org

Safari system update to gather data without collecting personal information

The Mac OS High Sierra updates to Safari will include differential privacy technology, which will gather information from user habits to identify websites that use excessive power and crash the browser by monopolizing too much memory. Differential privacy is a method for collecting large swaths of information without grabbing any personally identifying data in the process, so none of the information can be traced back to the user. Source: Tech Crunch


The post Accounting giant Deloitte hit by hack that went undetected for some time appeared first on Third Certainty.

Offer 24/7 CyberScout Protection

CyberScout's partnership options help you safeguard the identity and privacy of your policyholders, customers, members and employees. Discover how a customized program can help build brand loyalty, customer retention, and quickly generate long-term recurring revenue.

Get Started