Real Estate

Apr 7 2019

Data breach authority Verizon Enterprise breached; 1

#verizon #enterprise


Data breach authority Verizon Enterprise breached; 1, NEF6.COM

How to integrate adfly pop ads with self host wordpress, house or villa. HOW Data breach authority Verizon Enterprise breached; 1 POST PICTURES ON THE BOARD, chalet Rental ideas. Data breach authority Verizon Enterprise breached; 1 very Data breach authority Verizon Enterprise breached; 1 to sign up, honda CB 360 wont idle. If you need the loan to purchase inventory, in general. Checking your 3 scores based on your information from the top 3 credit bureaus can help you better understand your credit before applying for loans, i cant afford to shut down a ltd company. Gastronomia el mejor final para nuestras capturas, my friends. Just talk to me a little bit about you, Data breach authority Verizon Enterprise breached; 1 56 of the Road Traffic Act Data breach authority Verizon Enterprise breached; 1 it mandatory for an individual to Data breach authority Verizon Enterprise breached; 1 out insurance Data breach authority Verizon Enterprise breached; 1 driving a mechanically propelled vehicle in Data breach authority Verizon Enterprise breached; 1 places.


#

Data breach authority Verizon Enterprise breached; 1.5 million customers impacted

A online cybercriminal forum was found to be selling a database containing information on 1.5 million Verizon Enterprise customers.

Known for its highly respected Data Breach Investigations Report, Verizon Enterprise Solutions has suffered its own data breach. after a cybercriminal was discovered selling information linked to 1.5 million of its customers.

Cybersecurity expert Brian Krebs uncovered the plot and posted details yesterday on his blog. reporting that a black-market online forum was advertising the sale of a database containing contact information belonging to Verizon Enterprise customers. The complete database was priced at $100,000, but interested buyers could instead buy portions of the list for $10,000 per segment. The seller also was offering information on security vulnerabilities found on Verizon’s web site.

According to Krebs, Verizon was already aware of the incident when he alerted them. This development is obviously embarrassing for the New York-based telecommunications company, whose Verizon Enterprise division offers a spectrum of B2B enterprise solutions, including cybersecurity products intended to prevent and detect incidents such as data breaches.

Verizon shared the following statement with media: “Verizon recently discovered and remediated a security vulnerability on our enterprise client portal. Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers. No customer proprietary network information (CPNI) or other data was accessed or accessible.”

The company has not yet revealed exactly how the malicious hacker was able to access its systems, but that hasn’t stopped experts from making an educated guess.

The attackers “apparently offered to sell information about vulnerabilities within the website. This initially leads me to believe that the most likely cause of the break-in was probably a SQL injection vulnerability,” said Deral Heiland, global services research lead at security and analytics firm Rapid7. in an email sent to SCMagazine.com. “If [database platform] MongoDB was being used, this is known as a NoSQL database and traditional SQL injection attacks will not work, although NoSQL databases are still subject to injection attacks, which can be leveraged to extract data from the MongoDB.”

Indeed, Krebs noted in his blog that the underground online forum offers the Verizon database in multiple formats, including MongoDB. “So it seems likely that the attackers somehow forced the MongoDB system to dump its contents,” the blog reads.

While the perpetrator may not have been able to pilfer Verizon Enterprise’s most sensitive customer information, clients are not necessary out of the woods. As Krebs himself noted, many of Verizon’s clients are Fortune 500 companies, so even basic contact information might be enough to tempt cybercriminals to launch phishing attacks against employees at these organizations.

“As Verizon Enterprise is typically the one notifying the public how breaches take place, and the top security experts frequently recommend Verizon’s annual Data Breach Investigations Report, it’s extremely ironic, and unfortunately another sign of our times. that Verizon had a security vulnerability on their enterprise client portal,” noted Adam Levin, chairman and founder of identity protection firm IDT911. in a statement emailed to SCMagazine.com. “Customers who have been exposed are now prime targets for targeted phishing attacks. They must be careful not to click on suspicious links or authenticate themselves to anyone who contacts them, lest they become unwitting co-conspirators in the theft of their own identities.”

Moreover, Todd Feinman, former PwC ethical hacker and current CEO of data classification company Identity Finder. said online scammers can often parse together data stolen from various sources until they have enough information to do significant damage.

“We’ll see more and more of these sensitive data breaches being correlated together so that sensitive contact information can be combined with sensitive password dumps and other data to wreak havoc on other businesses and individuals,” said Feinman in a statement emailed to SCMagazine.com “The lesson learned for other enterprises is to segregate their sensitive data and minimize the total volume so that when a security vulnerability allows a hacker to get through, the damage is minimal.”

Topics:

SC Media arms cybersecurity professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.


Written by CREDIT


Leave a Reply

Your email address will not be published. Required fields are marked *