CNET: Instagram users’ accounts reportedly being hijacked in spreading hack

CNET: Instagram users’ accounts reportedly being hijacked in spreading hack. “Increasing numbers of people are reportedly experiencing the same Instagram hack, which logs them out and changes their personal details. Hundreds of people have reported being hacked since the beginning of August, according to Mashable, which highlighted similarities between the attacks.”

Ars Technica: In-the-wild router exploit sends unwitting users to fake banking site

Ars Technica: In-the-wild router exploit sends unwitting users to fake banking site. “Hackers have been exploiting a vulnerability in DLink modem routers to send people to a fake banking website that attempts to steal their login credentials, a security researcher said Friday. The vulnerability works against DLink DSL-2740R, DSL-2640B, DSL-2780B, DSL-2730B, and DSL-526B models that haven’t been patched in the past two years.”

Oh, fore putt’s sake: Golf org PGA bunkered up by ransomware attack just days before tournament (The Register)

The Register: Oh, fore putt’s sake: Golf org PGA bunkered up by ransomware attack just days before tournament. “The Professional Golfers’ Association of America (PGA) was hit by ransomware just before one of the sport’s biggest pro events, which teed off on Thursday. Scrambled files on its infected computers include “creative materials” for this week’s PGA Championship as well as next month’s Ryder Cup, Golf Week reported.”

Krebs on Security: The Year Targeted Phishing Went Mainstream

Krebs on Security: The Year Targeted Phishing Went Mainstream. “It has never been easier for scam artists to launch convincing, targeted phishing and extortion scams that are automated on a global scale. And given the sheer volume of hacked and stolen personal data now available online, it seems almost certain we will soon witness many variations on these phishing campaigns that leverage customized data elements to enhance their effectiveness.”

Ars Technica: Password breach teaches Reddit that, yes, phone-based 2FA is that bad

Ars Technica: Password breach teaches Reddit that, yes, phone-based 2FA is that bad. “In a post published Wednesday, Reddit said an attacker breached several employee accounts in mid-June. The attacker then accessed a complete copy of backup data spanning from the site’s launch in 2005 to May 2007. The data included cryptographically salted and hashed password data from that period, along with corresponding user names, email addresses, and all user content, including private messages. The attacker also obtained email digests that were sent between June 3 and June 17 of this year. Those digests included usernames and their associated email address, along with Reddit-suggested posts from safe-for-work subreddits users were subscribed to.”

TechCrunch: Dixons Carphone now says ~8.8M more customers affected by 2017 breach

TechCrunch: Dixons Carphone now says ~8.8M more customers affected by 2017 breach . “A Dixons Carphone data breach that was disclosed earlier this summer was worse than initially reported. The company is now saying that personal data of 10 million customers could also have been accessed when its systems were hacked. The European electronics and telecoms retailer believes its systems were accessed by unknown and unauthorized person/s in 2017, although it only disclosed the breach in June, after discovering it during a review of its security systems.”

CNET: One in four Singapore residents hit in medical data theft

CNET: One in four Singapore residents hit in medical data theft. “Hackers stole the personal data of 1.5 million people in Singapore by breaking into a government health database, officials said Friday. The data, taken between June 27 and July 4, included names and addresses of those who had visited health clinics since May 2015, but not full medical records. However, details about medications were stolen from about 160,000 people, according to a government statement.”