Dec 142018
 

Todd Wallack reports:

Save the Children Federation, one of the country’s best-known charities said it was the victim of a $1 million cyberscam last year.

The Connecticut-based nonprofit said hackers broke into a worker’s e-mail, posed as an employee, and created false invoices and other documents, to fool the charity into sending nearly $1 million to a fraudulent entity in Japan. The con artists claimed the money was needed to purchase solar panels for health centers in Pakistan, where Save the Children has worked for more than 30 years.

Read more on Boston Globe.

Dec 132018
 

Sergiu Gatlan reports:

According to the Ministry’s public statement, the hackers managed to get their hands on the names, phone numbers, and email addresses of all people who had an account on the French Ariane emergency contact database. 

The platform is used by the French Ministry of Europe and Foreign Affairs to allow citizens traveling abroad to received security updates in case of emergency. 

“Personal data recorded during registration on the Ariane platform have been stolen,” says the Ministry’s statement

Read more on Softpedia.

Dec 132018
 

ASI Computers is notifying some of their customers after discovering on November 1, 2018 that usernames and passwords on a support web site had been hacked prior to December 2016. 

From their notification to California:

ASI confirmed which credentials had been exposed by the following day, November 2, 2018. ASI determined the affected credentials related to California residents. ASI notified affected individuals because their username and password were subject to unauthorized access.

Their notification to affected consumers begins:

We recently observed suspicious activity potentially impacting ASI Computer Systems accounts used to log into https://go.asicentral.com/e/148181/2018-11-02/3yr9ql/338348891 to access customer service support material and other general information. We take the privacy and security of your account and personal information very seriously and are investigating the suspicious activity. As a precautionary measure, your existing password has been deactivated and you will be required to select a new password to access ASI Computer Systems.

You can read their full notification and sample letter to customers on the California Attorney General’s web site
Dec 132018
 

Shaun Nichols reports:

Hackers are targetting critical infrastructure providers, including nuclear power and defense agencies, in what may be a state-sponsored attack that’s hiding behind North Korean code.


Discovered by McAfee and dubbed “Sharpshooter”, the operation has been running since November, largely focusing on US-based or English-speaking companies and agencies around the world with an emphasis on nuclear, defense, energy, and financial businesses.


It appears that, for now, the hacking operation is focused mostly on reconnaissance and harvesting sensitive information from the infected machines. McAfee did not note any behavior related to damaging or sabotaging infrastructure.

Read more on The Register.

Dec 122018
 

WABI reports on a hack impacting employee, but not student, data:

Last week, former and current employees of AOS 77 in Washington County were made aware of a data breach in the school department’s central office.


The superintendent tells us he sent a letter to about 2,000 people making them aware some of their personal information might have been compromised.

[…]


But staffers were told information including their dates of birth, addresses, and social security numbers might have been accessed.

Read more on WABI.  

Thanks to “Russy” for sending in this link.