News of Recent Breach Alerts Inspiring NEW Breach Alerts
By Hodgson Consulting & Solutions | August 16, 2019
As reported by KnowBe4 (knowbe4.com, 2019), hackers “are now exploiting news of the CapitalOne breach to push a malicious backdoor trojan via a phishing email purporting to offer a Windows Security Update.” According to reports, the emails are targeted at the IT Department within a desired organization and they use informal and technical language to seem credible. KnowBe4 encourages all organizations to warn their employees about this recent and relevant scheme. They also suggest employing random phishing test to help equip your employees with the ability to spot and report phishing test appropriately, opposed to falling for them.
While some hackers have been capitalizing on the paranoia surrounding the CapitalOne data breach, others have been stealing more unique user data. Reports confirm that internet privacy researchers from the vpnMentor’s team “recently discovered a huge data breach in biometrics security platform BioStar 2.” The report also stated that, “once stolen, fingerprint and facial recognition information cannot be undone and an individual will potentially be affected for the rest of their lives.” (knowbe4.com, 2019) For those of you who are unfamiliar with BioStar 2:
“BioStar 2 is a web-based biometric security smart lock platform. A centralized application, it allows admins to control access to secure areas of facilities, manage user permissions, integrate with 3rd party security apps, and record activity logs. As part of the biometric software, BioStar 2 uses facial recognition and fingerprinting technology to identify users.” (knowbe4.com, 2019)
When you have your personal biometric information stolen, it puts you at huge risk. This particular breach endangered businesses, organizations, and individuals, with “over 1 million fingerprint records, as well as facial recognition information” being stolen.
And as if stealing your biometric information doesn’t create a big enough sense of unease, how about learning that hackers are stealing your money? A very popular and growing lending app, backed by some big name celebrities, reported to the New York Post about a breach it experienced. The Earnin app “was hit by a security breach earlier this year that revealed it had been lax with users’ sensitive personal information, including bank account numbers.” (nypost.com, 2019) This app has access to user’s purchase histories, bank statements and more. It is eerie to think of what hackers might be able to do with this kind of financial information. It is even stranger to think about just how quickly consumers are in applying trust to new applications, gadgets, and so on. Remember, anything that you post online can be used against you! Make sure you and your company use reliable sources, and have the proper protections in places.
How it Could Affect You:
Nearly everyone has a mobile device, online accounts, and an online presence. The digital age has created a need to stay connected to our data, information, and social accounts with both quick and frequent access.
To keep up with fast-paced needs of consumers, our devices have become equipped with biometric scanning, password memorization, and more quick access tools. Because we all use these devices, and because most people trust big named and trendy companies such as CapitalOne and Earnin, the types of breaches discussed above can easily affect you. Ask yourself these questions:
- Could you and the members of your team pass an unannounced phishing test? Do you know what to look for and the proper means of reporting a suspected attack?
- How often do you and your team complete security awareness training? How detailed and up to date is that training?
- What latest applications, or platforms have you and your company adopted? How certain are you that these additions are properly vetted? How much easier would it be if knowledgeable experts were able to do that vetting for you?
Hodgson Can Help:
Here at Hodgson Consulting & Solutions, we specialize in securing data and information loss prevention for companies with multiple locations and/or a remote workforce. Contact us to receive a FREE 17-Point Technology Security Consultation and learn more about our Managed Security Service Plans.
Don’t blindly apply trust and end up blindsided by cyber criminals. Contact Hodgson today to learn if and where holes exists in your current security protections.