10Fold – Security Never Sleeps – 9

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Hilton hotel has released a statement saying they have suffered a security breach that leaked customer financial information. The U.S. Air Force is looking into how classified data found its way into a report in Forbes magazine. Yet another root certificate preinstalled on Dell machines when they are shipped out to customers, this certificate makes the computer easy prey for malicious attacks while using public Wi-Fi networks. A Russian hacker who claims to have access to websites like Facebook and Twitter has recently been linked to the breach of 1.2 billion internet credentials.

Hilton Hotel Chain Reports Data Breach – Publication: Wall Street Journal – Reporter name: Craig Karmin

Hilton Worldwide Holdings Inc. on Tuesday said it suffered a security breach related to customer credit and debit card payments at its hotels, prompting the company to launch a global investigation to determine how far the breach had spread.


U.S. Air Force Looking Into Data Breach Related To Contract Protest: Sources – Publication: Reuters – Reporter name: Andrea Shalal

The U.S. Air Force is looking into how classified data about a competition for a next-generation U.S. bomber found its way into a report published by Forbes magazine, according to several sources familiar with the issue. Boeing Co and Lockheed Martin Corp this month filed a formal protest against the Air Force’s contract with Northrop Grumman Corp to develop the new long-range strike bomber, a deal worth up to $80 billion.


Dell In Hot Water Again As Second ‘Superfish’ Root Certificate Surfaces – Publication: ZDNet – Reporter name: Liam Tung

Dell customers have turned up a second root certificate installed on some Dell machines, which could make them easy prey for malicious attacks on public Wi-Fi networks. The second problematic root certificate is called DSDTestProvider. Its discovery follows yesterday’s removal by Dell of the dangerous eDellroot certificate from affected Dell PCs.


FBI Has Lead In Probe Of 1.2 Billion Stolen Web Credentials: Documents – Publication: Reuters – Reporter name: Nate Raymond

A hacker who once advertised having access to user account information for websites like Facebook (FB.O) and Twitter (TWTR.N) has been linked through a Russian email address to the theft of a record 1.2 billion Internet credentials, the FBI said in court documents. That hacker, known as “mr.grey,” was identified based on data from a cybsecurity firm that announced in August 2014 that it had determined an alleged Russian crime ring was responsible for stealing information from more than 420,000 websites, the documents said. The papers, made public last week by a federal court in Milwaukee, Wisconsin, provide a window into the Federal Bureau of Investigation’s probe of what would amount to the largest collection of stolen user names and passwords.