over

now browsing by tag

 
 

Grace Millane: Question of consent raised in appeal over backpacker’s murder | #tinder | #pof | romancescams | #scams

The jury that found a man guilty of murdering British backpacker Grace Millane should have given more thought to whether he believed she consented to certain acts during sex, a […] View full post on National Cyber Security

#childpredator | NSW man charged over child abuse network | The Bellingen Shire Courier Sun | #parenting | #parenting | #kids

A NSW Central Coast man is facing almost 90 charges after police uncovered a pedophile ring abusing and exploiting Australian children. Australian Federal Police on Tuesday laid an additional 80 […] View full post on National Cyber Security

#childmolestor | Convicted sex offender worked with kids while facing charges over abuse videos | #parenting | #parenting | #kids

A convicted child sex offender who later worked as a camera operator for organisations including Auckland’s Museum of Transport and Technology, Football New Zealand and the television production company that […] View full post on National Cyber Security

#minorsextrafficking | Thai karaoke club owner arrested over underage sex | #parenting | #parenting | #kids

The owner of a karaoke club in the northern Thai city of Chiang Mai has been arrested for allegedly employing underage boys to provide sexual services to customers. The establishment’s owner, a 56-year-old transgender woman whom police identified as Chatsiri Maosang, is accused of using the venue, which also offered massage… View full post on National Cyber Security

Pa. man shot at wrong house over botched drug deal, killing sleeping teacher: cops | #teacher | #children | #kids | #parenting | #parenting | #kids

It was a case of mistaken identity turned deadly. The suspect in the shooting death of a sleeping teacher tells police he was shooting at the wrong house. The accused […] View full post on National Cyber Security

Cathay Pacific fined over crooks slurping its database for over 4 years – Naked Security

Source: National Cyber Security – Produced By Gregory Evans

The UK’s Information Commissioner’s Office (ICO) said on Wednesday that it’s fined Cathay Pacific Airways £500,000 (USD $647,015, €576,992) for failing to secure passengers’ personal details, leading to malware being installed on its server that harvested millions of people’s names, passport and identity details, dates of birth, postal and email addresses, phone numbers and historical travel information.

Cathay said at the time that the intruders also accessed 403 expired credit card numbers, as well as 27 credit card numbers that didn’t have a CVV attached.

This wasn’t a one-time security fail, the ICO said. All that data was at risk for over four years.

Cathay, which is based in Hong Kong, first realized in March 2018 that its database had been hit by a brute-force attack. As we’ve explained previously, you can think of such an attack like this:

→ Brute force is the way you open those cheap bicycle locks with wheels numbered 0 to 9 if you forget the code. You turn the dials to 0-0-0 and then click round systematically, counting up digit by digit, until the lock pops open.

Once it found that its database had been rifled through in 2018, Cathay Pacific hired a cybersecurity firm and subsequently reported the incident to the ICO.

Investigations found that the airline lacked appropriate security to secure customers’ data from October 2014 to May 2018. The data was exposed for longer than that, though: Cathay said in October 2018 that its system had been compromised at least seven months prior. As the New York Times reported, Cathay learned in May 2018 that passenger data had been exposed after first discovering suspicious activity on its network in March.

Why didn’t the company announce the breach earlier? It didn’t say.

The incident led to the exposure of a huge trove of personal data belonging to 111,578 people from the UK and about 9.4 million more worldwide.

The ICO says that Cathay Pacific’s systems were entered via a server connected to the internet. Enabled by what the office called a “catalog of errors,” crooks managed to install data-harvesting malware. The security sins turned up by the ICO’s investigation included some basic ones: for example, the ICO found back-up files that weren’t password-protected, unpatched internet-facing servers, use of operating systems that were no longer supported by the developer, and inadequate anti-virus protection.