• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
AskCyber Home » News » News » Cyber Security News 16 August 2019

Cyber Security News 16 August 2019

2019-08-16 by Michelle Dvorak

Cyber Security News Update 16 AUG 2019

Cyber Security News 16 August 2019 – European Central Bank BIRD Website Hacked – Microsoft Warns of New 404 Error Phishing Attacks – Public Transport Victoria Violated Privacy Laws

European Central Bank BIRD Website Hacked

Hackers again attacked a European Central Bank (ECB) website according to an ECB announcement. The compromised site is the Banks’ Integrated Reporting Dictionary known as BIRD. Malicious code was discovered during routine website maintenance. BIRD was shut down after the discovery. The email addresses, names and position titles of 481 BIRD newsletter subscribers may have been compromised.

ECB is a European cyber watchdog for the banking sector. BIRD is their external reporting website. It is used by every major European financial institution to file required oversight reports and data. Banks all fall under ECB’s reporting framework and are required to report any cyber attacks promptly.

In 2014 ECB was compromised. In that cyber attack, hackers stole about 20,000 email addresses as well as telephone numbers and addresses of ECB conference registrants. That data compromise was discovered after the hackers demanded a ransom in exchange for the stolen information.

Microsoft Warns of New 404 Error Phishing Attacks

Microsoft cyber security researchers warned of a new phishing attack. The new cyber attack uses spoofed custom 404 error pages to trick web users into entering their Microsoft login credentials on the fake web page. Custom 404 pages are web pages used by a website when a website user navigates to a non-existent web page or an web page that has been removed. Custom webpage are also known as known as page not found pages.

The spoofed custom 404 error pages look like legitimate Microsoft account sign-in pages. Even most of the links from the spoofed page link to legitimate Microsoft web pages. The only phishing links are the account Sign-in options link which is above the Next button and the cookies notification at the top of the page. The hackers created the spoofed web pages using free outlookloffice365user09ngxsmd[.]web[.]app Firebase subdomain to host an unlimited number of phishing scam pages. To accomplish this, the attackers register a domain and instead of creating a single phishing landing page to redirect their victims to, they configure a custom 404 page which shows the fake login form.

US Customs Border Photos Hacked
US Customs Border Photos Hacked

Public Transport Victoria Violated Privacy Laws

Australia’s Office of the Victorian Information Commissioner (OVIC) issued a compliance notice to Public Transport Victoria (PTV) for violating the Privacy and Data Protection Act 2014. OVIC states that it found that PTV violated public privacy laws by disclosing traveler information for a purpose for which it wasn’t collected and for failing to protect personal information.

Public Transport Victoria is part of the state’s Department of Transport.

Public Transport Victoria released three years of Myki travel card data covering the period between July 2015 and June 2018. Data from 1.8 billion travel records from 15.1 million Myki cards was given to the Melbourne Datathon. Myki is the state’s travel card used for buses, trams and trains. The Datathon is an event focused on finding innovative uses for data.

In the OVIC report, Data61, part of Australia’s CSIRO national research agency, stated there was “a high risk that some individuals may be re-identified by linking the data set with other information sources.”

The only security measure taken to anonymize and protect the identities of card holders was to remove their Myki card ID number from each record. Cyber security experts warned PTV that it would be possible to reconstruct the identities of individual card holders by coordinating other information. Data privacy researchers then set out to show how figuring out Australian’s travel records and whereabouts for three years could be accomplished. Trips taken on one card Myki are were linked along with the traveler’s location and precise time each time the card was tapped for entry to transportation. The type of transport card, which was not redacted, also gave insights into who was using it – categories include government officials as well as members of Parliament.

Filed Under: News

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Airline Supply Chain Hack: Saturday Sitrep

Cloud Security Consultant – Location Negotiable

Vaccines for Sale on Dark Web Marketplaces

Cyber Information Systems Security Manager 2

Google Says Advertisers Don’t Need to Track Individual Across the Web

IPVanish

IPVanish VPN

Cyber Security News

Cloud Security Consultant – Location Negotiable

… [Read More...] about Cloud Security Consultant – Location Negotiable

Vaccines for Sale on Dark Web Marketplaces

… [Read More...] about Vaccines for Sale on Dark Web Marketplaces

Google Says Advertisers Don’t Need to Track Individual Across the Web

… [Read More...] about Google Says Advertisers Don’t Need to Track Individual Across the Web

Malaysia Airlines Reports Data Breach

… [Read More...] about Malaysia Airlines Reports Data Breach

More Cyber Security News

Tags

amazon Android app Apple bitcoin China chrome CISA credit card Cyber Attack DHS Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware Romance Scam Russia smartphone tax scam TikTok tutorial VPN WhatsApp WiFi Windows

Government

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

Texas DOT Hit by Ransomware Attack

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2021 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version