Mainframe | Current
Cybersecurity Breaches and Threats
in the news

z/OS mainframe security is of utmost importance; it cannot be overlooked or underestimated.

Content specifically related to securing the mainframe, including threats, breaches, and learning resources can be found throughout the rest of the website. provides a central cache of useful mainframe security information for z/OS programmers, administrators, security officers and decision makers. We aim to provide relevant information that will help educate everyone about mainframe vulnerabilities and what to do about them.
Beyond being aware and knowledgeable, it’s incredibly important to utilize mainframe security solutions to help secure the mainframe.

Use the menu above to browse through our summaries of articles related to access, compliance, mainframe network security and encryption, all heavily focused on z/OS mainframe security, along with our list of z/OS security presentations.

First GDPR fine issued by Polish regulators

Q1 2019, Phil Muncaster –

Poland’s Personal Data Protection Office (UODO) has issued its first GDPR (General Data Protection Regulation) fine and fined an unnamed firm over PLN 943,000 ($245,950) for processing the personally identifiable information (PII) of over six million Polish citizens. According to UODO, the company collected and processed this personal data from the country’s Central Electronic Register and Information on Economic Activity which is a publicly available source. The company only informed the 90,000 individuals it had email addresses for, claiming that “high operational costs” prevented it from doing more. Around 12,000 people out of the 90,000 that were notified by the company apparently objected to its use of their data.

SQL injection risk warning in Magento’s code

Q1 2019, Swati Khandelwal –

Magento, an open-source e-commerce platform written in PHP, has been found to have an SQL injection vulnerability in its code. The company has issued a security fix for more than 30 different vulnerabilities in its software, which reportedly has put more than 300,000 e-commerce sites at risk of card-skimming attacks. Online businesses using the code have been urged to download the latest fix, warning that versions prior to 2.3.1 Magento code are vulnerable and being exploited in the wild.

Facebook fails to hash millions of passwords

Q1 2019, Lily Hay Newman –

In January, Facebook discovered that some user passwords had been stored in plain text on its internal data storage systems, which is concerning because tat the company’s login system is supposed to mask passwords. Facebook has now fixed the security flaw notified everyone whose passwords were unencrypted – possibly hundreds of millions of Facebook users plus tens of thousands of Instagram users. Facebook explained that the passwords were never visible to anyone outside of Facebook.

Spear-fishing attacks at top tech firms

Q1 2019 –

Barracuda Networks report that spear-phishing attacks are happening with greater frequency and severity, and companies continue to fall victim to it because the attacks are becoming more tailored, with malicious actors leveraging social engineering tactics such as urgency and brevity. Brand impersonation schemes, often Apple or Microsoft, account for 83% of spear-phishing attacks. Brand impersonation attacks are used to steal personally-identifiable information, such as credit card and Social Security numbers. cyber-criminals carefully time their attacks, with one in five e-mails arriving on a Tuesday. Hackers also take advantage of the holiday season, knowing that there is a greater likelihood of security weaknesses.

Iranian gang steals 6TB of Data from Citrix

Q1 2019, Shaun Nichols –

An Iranian-linked hacking group has stolen 6 terabytes of corporate data from Citrix as part of a campaign against tech, oil and gas, and government organizations. According to LA-based security Resecurity, the hackers used a number of tools, techniques, and procedures allowing them to conduct targeted network intrusion to access at least six terabytes of sensitive data stored in the Citrix enterprise network, including e-mail correspondence, files in network shares and other services used for project management and procurement. These techniques can bypass two-factor authentication systems and access VPNs. The FBI suggested that the hackers used password spraying, a technique that exploits weak passwords.

Ex-NSA contractor steals top secret data

Q1 2019, Mohit Kumar –

Harold Martin III, a former NSA contractor, has confessed to “willful retention of national defense information”, and will now serve a nine-year prison sentence. Formerly in the US Navy, Martin worked at multiple private contracting companies from December 1993 to August 27, 2016, gaining clearance to handle Top Secret and Sensitive Compartmented Information (SCI). He’s thought to have stolen as much as 50TB of data over a 20-year period. Martin may have had links with the infamous hacker group, the Shadow Brokers. It seems Martin contacted anti-virus company Kaspersky, who informed the FBI.

New Zealand mosques shooter’s manifesto used to spread malware

Q1 2019, Graham Cluley –

Following the mass-shootings of worshippers at mosques in Christchurch, New Zealand, the culprit distributed a 73-page manifesto entitled “The Great Replacement”, which was filled with white supremacist rhetoric, and which circulated on forums and social media Web sites. It now seems that someone has altered this Word document so that it downloads malicious code. As a consequence, when the document is opened, the Master Boot Record (MBR) is destructively overwritten, and as Windows reboots the message appears: “This is not us!”.

Grindr a security risk

Q1 2019, Carl O’Donnell, Liana B. Baker, Echo Wang –

Reuters has reported that the Committee on Foreign Investment in the United States (CFIUS) told LGBTQ dating app, Grindr’s China-based parent company that its ownership posed a national security risk. As a result, the Chinese gaming company, Beijing Kunlun Tech Co Ltd, is looking to sell Grindr LLC. This all follows a press report that the company had shared sensitive information belonging to the app’s users without their consent. The personally identifiable and sensitive information included HIV status, e-mail address, telephone number, geolocation, sexuality, relationship status, ethnicity and most recent HIV test date.