Security

OODA Loop – API Hole on Experian Partner Site Exposes Credit Scores

ByPR 24 April 30, 2021

A Rochester Institute of Technology sophomore discovered a vulnerability on a partner website of Experian that allows anyone to look up credit scores with a name and mailing address. Bill Demirkapi found the leak when he was looking for information about student loan vendors online.

He discovered the code behind a page that used an application programming interface that could be accessed without any authentication. The lender site offered to check his loan eligibility by entering his name, address and date of birth, and when he entered all zeros in the “date of birth” field, the site let him pull up a person’s credit score.Experian was alerted and discovered the lending site that was exposing the API, access is disabled now.

Security

An Indian firm facing 1,738 cyber attacks a week on average, claims report, IT Security News, ET CISO

ByPR 24 August 2, 2021

An organisation in India faced cyber attack 1,738 times on average per week in the last six months compared to 757 attacks per organisation globally, a report showed on Thursday. The most impacted industries in India in the last six months were education/research, government/military, insurance/legal, manufacturing and healthcare, according to the report by Check Point…

Security

Close to Half of US East Coast Fuel Supply Shutdown Due to Ransomware Cyberattack

ByPR 24 May 11, 2021

Colonial system affected by the cyberattack. Colonial is the largest refined products pipeline in the U.S., transporting more than 100 million gallons, or 2.5 million barrels, per day. Its pipeline spans more the 5,500 miles throughout the Southern and Eastern U.S. (Map: Colonial Pipeline) Colonial Pipeline, which accounts for close to half of the United…

Security

US To Give Ransomware Hacks Similar Priority as Terrorism

ByPR 24 June 4, 2021

The U.S. Department of Justice is elevating investigations of ransomware attacks to a similar priority as terrorism in the wake of the Colonial Pipeline hack and mounting damage caused by cyber criminals, a senior department official told Reuters. From the report: Internal guidance sent on Thursday to U.S. attorney’s offices across the country said information…

Security

At Least 10 APT Groups Exploiting Flaws

ByPR 24 March 12, 2021

Cybercrime , Forensics , Fraud Management & Cybercrime Some Attacks Predate Microsoft Being Alerted to the Vulnerabilities, ESET Says Doug Olenick (DougOlenick) • March 11, 2021 Microsoft Exchange attack timeline (Source: ESET) Serious vulnerabilities in Microsoft Exchange have been exploited by at least 10 advanced persistent threat groups that have been collectively been…

Security

Lawyer charged in probe of Trump-Russia investigation

ByPR 24 September 17, 2021

The prosecutor tasked with examining the U.S. government’s investigation into Russian election interference charged a prominent cybersecurity lawyer on Thursday with making a false statement to the FBI. The case against the attorney, Michael Sussmann, is just the second prosecution brought by special counsel John Durham in two-and-a-half years of work. Yet neither case brought…

Security

Data of 700 Million LinkedIn Users Has Been Compromised

ByPR 24 June 30, 2021

E Hacking News – Latest Hacker News and IT Security News 30. June 2021 This article has been indexed from E Hacking News – Latest Hacker News and IT Security News A massive breach has purportedly compromised the data of over 700 million LinkedIn users. LinkedIn has a total of 756 million users, which…

Similar Posts