Uber Shock: Firm Hid Breach of 57 Million Users

Here is a little bit of warm and fuzzy reading for all as we enter into a huge travel season.  Uber was breached.  Bad!  Uber paid the bad guys to cover it up.  Worse!  Ultimately, the expense was passed along to a trusting consumer.  Worst and sadly typical!

I think it might be time to shift to Lyft or maybe even go back to supporting all the hard working taxi drivers out there.  Bad form Uber.  Bad form!

https://nakedsecurity.sophos.com/2017/11/22/uber-suffered-massive-data-breach-then-paid-hackers-to-keep-quiet/

https://threatpost.com/uber-reveals-breach-of-57-million-users-admits-to-covering-up-incident/128969/

https://www.infosecurity-magazine.com/news/uber-shock-firm-hid-breach-57/

https://blog.knowbe4.com/uber-total-loss-57-million-records-stolen-but-data-breach-was-hidden-for-a-year

FTC Issues Alert on Earthquake Relief Email Scams

This is both troubling and completely expected.  Cyber criminals have been leveraging the compassion of individuals since the beginning of the Internet.  There are many worthy and safe mechanisms to use to give to those in need around the world.  Take the time to do your research and give safely.  Consider http://www.redcross.org/mo2 as a good starting point.

http://www.tripwire.com/state-of-security/latest-security-news/ftc-issues-alert-on-earthquake-relief-scams/

Krebs – Fraudsters Tap Kohl’s Cash for Cold Cash

This is a particularly interesting form of fraud designed to prey on frequent shopper benefits versus traditional financial mechanisms.  I can say from some experience that retailers often discount security measures surrounding loyalty programs and, instead, focus on more straight-forward payment flows as a target of their security spends.

http://krebsonsecurity.com/2016/02/fraudsters-tap-kohls-cash-for-cold-cash/

Study: Chip & Pin Won’t Cure Retail Breaches

This is an important concept for retailers to grasp.  Chip & Pin is not the final solution when it comes to stopping card fraud.  It is simply one step or layer in a process.  Retailers cannot lose sight of the value of end to end encryption, employee and customer awareness training, network monitoring, and other critical controls.

http://www.darkreading.com/attacks-breaches/study-chip-and-pin-wont-cure-retail-breaches/d/d-id/1317141