RSA Conference App Leaked

RSA conference app had a flaw which could have released the names of over 40,000 attendees. A secure researcher discovered the flaw and worked with the RSA to quickly fix it. RSA has confirmed that only the 100+ names disclosed from the researcher were accessed in this manner.

Reported by Secureworld

IT staff’s lack of knowledge on alleged INM breach ‘extraordinary

Old data breaches continue to emerge in the news as Independent News & Media IT staff stated they did not understand “the specifics” about removing backup tapes and following investigation. The incident highlights the importance of being able to understand access to the corporate network and data sources, as the most troubling aspect remains that INM was unclear about who accessed their data after the investigation.

Reported by The Irish Times

JPMorgan fired lead security staffer

In 2013 JPMorgan Chase fired an executive who was entrusted with providing the company forensics investigations for spying on his peers within the company. He gained this information through “Metropolis” which correlated employee data together to detect misuse of company property. The executive was eventually caught after suspicious new leaks were provided to the press.

Reported by American Banker

TaskRabbet breached resulting in App and Website takedown

The task-based service operates in over 40 cities allowing users to hand out odd jobs like dog walking, home repair, and other tasks. Defacements of the website redirected users to a site stating that they a breach occurred. These events have led the company to take down both their app and website as they began investigating with the help of law enforcement.

Reported by Fortune

Large Criminal use of facebook

Hours after being alerted by KrebsOnSecurity, Facebook last week deleted almost 120 private discussion groups totaling more than 300,000 members who flagrantly promoted a host of illicit activities on the social media network’s platform.The scam groups facilitated a broad spectrum of shady activities, including spamming, wire fraud, account takeovers, phony tax refunds, 419 scams, denial-of-service attack-for-hire services and botnet creation tools.

Reported by Krebs On Security.