Hacks of the Month — June 2019
Half the year is already over and you would think that data breaches and cyber attacks would be on a decline but guess again. Its time for another round of Hacks of the Month — June 2019 with news reports of companies of all sizes being hit by Security Flaws and Security Incidents. For instance, Flipboard, Radisson Rewards, Dell and others, all find themselves affected by security issues.
Lets Continue with the Hacks of the Month — June 2019
Week 1 (June 1-8): Security Flaws and Security Incidents
Flipboard reports two incidents of security breaches occurring June 2018 – March 2019 and April 21-22, 2019. Both security incidents affect all Flipboard users, account data exposed include:
- Flipboard usernames
- Email addresses
- Passwords and digital tokens used to connect Flipboard accounts to third-party accounts like Facebook or Google.
The company has identified accounts exposed and reset all users’ passwords and digital tokens.
Radisson Rewards may have leaked your data. In an email, Radisson Rewards confesses that it sent some emails to the wrong members. Information accidentally exposed:
- Members’ first names
- The last four digits of the sixteen-digit member’s number
- Point balance
- Member tier
- Number of hotel stays in 2019
- Members’ email addresses
The company request members to “delete any emails receive inadvertently.” They have identified the issue in May 23rd and immediately halted all email communications and investigated more deeply. The company is stating that their network wasn’t compromised.
LabCorp notified that personal and financial data on 7.7 million consumers were exposed by a breach at a third-party collections firm, American Medical Collection Agency. The security incident occurred between August 2018 through March 2019. The information exposed could include:
- First and last name
- Date of birth, address, phone,
- Date of service, provider, and balance information
Week 2 (June 9-15) Security Flaws and Security Incidents
A cyber attack scam is targeting Gmail users through Google Calendar notifications with a link to a phishing URL. They particularly send them to smartphones and the recipient is encouraged to click on the link. The website where they’re directed then tells victims to enter their credit card. If you use Google Calendar be cautious when receiving notifications from the app and opening details on invited events.
Week 3 (June 16-22) Security Flaws and Security Incidents
Major aircraft parts and aviation equipment maker Asco, breaks its silence, admitting it was hit by a “large-scale ransomware attack.” Its servers have fallen prey to a ransomware attack. The network went down in its main headquarters in Germany, then in Canada, where operations were disrupted. The ransomware attack caused a serious disruption to all its systems and the ability to communicate. The company has brought in forensic experts and is working to restore its systems. Asco has now stated that its priority is to provide clarity, continuity, and support to its staff, clients, suppliers, and partners.
Dells’s SupportAssist software comes pre-installed on its PCs now known to contain a security vulnerability. It affects millions of PCs, Dell has notified its software company, PC-Doctor and it has issued a patch to fix impacted devices. Impacted customers can find the latest version of SupportAssist (single PC users) or (for IT managers) on their website.
Users who have VLC media player installed on their computer need to install the latest update ASAP. The software version 3.0.7 contains two high-risk security vulnerabilities. It could allow hackers to remotely take full control over your computer. Update now and avoid opening or playing malicious video files from untrusted third parties.
WeTransfer, a popular online service for sharing large files, announced that for two days it was sending users shared files to the wrong people. The incident occurred June 16 and June 17. This security flaw and security incident has potentially ended up being a privacy issue for affected users. Any user who sent sensitive information including files containing social security numbers, bank accounts, credit card numbers or anything similar should change their account information where possible and keep an eye out for malicious activity involving their accounts.