Puma victim of a cyberattack, a QuickBooks scam, an API warning, and more
Welcome to Cyber Security Today. It’s Wednesday, February 9th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
;
Sportswear brand Puma has acknowledged its North American operations were hit by a data breach in December. According to a notice filed with the State of Maine, names, Social Security numbers and other personal information of 6,632 people was stolen. According to the Bleeping Computer news service, the breach followed a ransomware attack that hit the cloud-based Kronos workforce management service, used by a number of companies for tracking employee attendance. I reported on this attack on Kronos’ parent company, UKG, in December.
An application programming interface, or API, is a piece of software code that helps companies to open their data to other applications. APIs are increasingly an invisible part of the way people use the internet. However, if not written properly an API can open a hole for hackers. The latest example comes from researchers at Pen Test Partners. They found a vulnerability in the API used in the website of delivery service DPD Group for tracking parcels. The site creates a map for an authorized customer showing where a parcel is. However, a skilled hacker could leverage the vulnerability by typing in a postal code and ultimately figure out a recipient’s address. The hole has been fixed. But the lesson to application…
