• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
AskCyber Home » News » News » Cyber Security News 16 August 2019

Cyber Security News 16 August 2019

2019-08-16 by Michelle Dvorak

Cyber Security News Update 16 AUG 2019

Cyber Security News 16 August 2019 – European Central Bank BIRD Website Hacked – Microsoft Warns of New 404 Error Phishing Attacks – Public Transport Victoria Violated Privacy Laws

European Central Bank BIRD Website Hacked

Hackers again attacked a European Central Bank (ECB) website according to an ECB announcement. The compromised site is the Banks’ Integrated Reporting Dictionary known as BIRD. Malicious code was discovered during routine website maintenance. BIRD was shut down after the discovery. The email addresses, names and position titles of 481 BIRD newsletter subscribers may have been compromised.

ECB is a European cyber watchdog for the banking sector. BIRD is their external reporting website. It is used by every major European financial institution to file required oversight reports and data. Banks all fall under ECB’s reporting framework and are required to report any cyber attacks promptly.

In 2014 ECB was compromised. In that cyber attack, hackers stole about 20,000 email addresses as well as telephone numbers and addresses of ECB conference registrants. That data compromise was discovered after the hackers demanded a ransom in exchange for the stolen information.

Microsoft Warns of New 404 Error Phishing Attacks

Microsoft cyber security researchers warned of a new phishing attack. The new cyber attack uses spoofed custom 404 error pages to trick web users into entering their Microsoft login credentials on the fake web page. Custom 404 pages are web pages used by a website when a website user navigates to a non-existent web page or an web page that has been removed. Custom webpage are also known as known as page not found pages.

The spoofed custom 404 error pages look like legitimate Microsoft account sign-in pages. Even most of the links from the spoofed page link to legitimate Microsoft web pages. The only phishing links are the account Sign-in options link which is above the Next button and the cookies notification at the top of the page. The hackers created the spoofed web pages using free outlookloffice365user09ngxsmd[.]web[.]app Firebase subdomain to host an unlimited number of phishing scam pages. To accomplish this, the attackers register a domain and instead of creating a single phishing landing page to redirect their victims to, they configure a custom 404 page which shows the fake login form.

US Customs Border Photos Hacked
US Customs Border Photos Hacked

Public Transport Victoria Violated Privacy Laws

Australia’s Office of the Victorian Information Commissioner (OVIC) issued a compliance notice to Public Transport Victoria (PTV) for violating the Privacy and Data Protection Act 2014. OVIC states that it found that PTV violated public privacy laws by disclosing traveler information for a purpose for which it wasn’t collected and for failing to protect personal information.

Public Transport Victoria is part of the state’s Department of Transport.

Public Transport Victoria released three years of Myki travel card data covering the period between July 2015 and June 2018. Data from 1.8 billion travel records from 15.1 million Myki cards was given to the Melbourne Datathon. Myki is the state’s travel card used for buses, trams and trains. The Datathon is an event focused on finding innovative uses for data.

In the OVIC report, Data61, part of Australia’s CSIRO national research agency, stated there was “a high risk that some individuals may be re-identified by linking the data set with other information sources.”

The only security measure taken to anonymize and protect the identities of card holders was to remove their Myki card ID number from each record. Cyber security experts warned PTV that it would be possible to reconstruct the identities of individual card holders by coordinating other information. Data privacy researchers then set out to show how figuring out Australian’s travel records and whereabouts for three years could be accomplished. Trips taken on one card Myki are were linked along with the traveler’s location and precise time each time the card was tapped for entry to transportation. The type of transport card, which was not redacted, also gave insights into who was using it – categories include government officials as well as members of Parliament.

Filed Under: News

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version