Breaking news last week, the NIST (National Institute of Standards and Technology) Small Business Cybersecurity Act was signed into law. The bill will provide an avenue of resources and guidelines for small businesses to reduce their cybersecurity risks. Up next, Black Hat, one of the world’s largest information security conferences, took place in early August 2018 in Sin City. The conference held many briefings on politics, legislation, and Machine Learning (ML) and Artificial Intelligence (AI) in cybersecurity, as well as the challenge of endpoint security for many IoT devices. A topic of importance came from Kryptowire, a mobile security research firm that found firmware vulnerabilities in as many as 10 million Android devices in the United States that have remote escalation privileges.
Category: Cybersecurity News Page 2 of 10
Making headlines last week, over 170,000 carrier-grade routers belonging to internet service providers were compromised. This caused websites being accessed through these routers to be injected with cryptomining malware. In other news, social media site Reddit suffered a data breach in June due to a circumented 2-factor authentication, allowing cybercriminals to access user data like email addresses, usernames, and passwords.
Decoding Security’s most recent episode, Cryptocurrency 101, brought insight into the elusive digital trend of cryptocurrency. Well, it is once again making headlines. Earlier this month, a 20-year old California college student was arrested for stealing over $5M in Bitcoin and other cryptocurrencies by hijacking more than 40 cell phone numbers. Also making cybersecurity news, inmates from five different Idaho Department of Correction facilities hacked tablets given to them for email, music, and games. By exploiting a vulnerability in the tablet’s software, they collected nearly $225,000 worth of credits to purchase various games and eBooks.
Many consider cryptocurrency to be the future of money since it eliminates disclosing personal financial information when purchasing goods and services online. So, what do you need to know? Security Analysts Jessica Ortega and Ramuel Gall highlight information you need to know about cryptocurrency and cryptojacking as you listen in this week.
We continue to hear about cyberattacks and data breaches around the world. Last week, the European retailer, Dixons Carphone, admitted to a huge data breach involving 5.9 million credit cards and 1.2 million personal data records. Meanwhile in the United States, net neutrality has officially been repealed. The rules that required internet service providers to offer equal access to all web content are no longer in effect as of June 11, 2018.
Gamers and music lovers alike may want to reset their passwords after reading the latest headlines. Last week, gaming client Steam announced they had found, and fixed, a severe security flaw that left local systems vulnerable for the past 10 years. The vulnerability would have allowed cybercriminals to infect any of its 15 million users with malware. A few days earlier, ticket distribution website Ticketfly fell victim to a cyberattack. The cybercriminal responsible defaced the website and claims to have a file of user and customer information taken from its database.
Joomla! recently released version 3.8.8 which included nine security updates addressing various vulnerabilities as well as over 50 other bug fixes. Many of the security vulnerabilities impacted all versions of Joomla! from version 2.5.0 through 3.8.7, making application updates important to protecting sites using the open source platform.
Among the vulnerabilities are three cross-site scripting (XSS vulnerabilities) that impact different parts of the core Joomla! Application. In addition to the low and moderate XSS vulnerabilities, there are six other low priority security issues addressed in the new version. These include addressing possibly vulnerable access to website data and field filtering for Joomla! components.
Making headlines last week, the spam campaign Brain Food has been feeding email recipients a steady diet of junk messages, infecting over 5,000 compromised websites over the last four months. Additionally, the U.S. Federal Bureau of Investigation (FBI) took control of a large cyber-attack aimed at Ukraine in late May 2018. The massive malware campaign infected up to 500,000 routers, many located in small businesses and home offices around the world.
Cybersecurity issues can occur anywhere, even in cardiac devices and pacemakers. The U.S. Food and Drug Administration (FDA) announced an upgrade to the firmware installed on certain vulnerable cardiac devices. The update protects these devices from unauthorized access that could be harmful to patients. Also making headlines last week, Georgia’s governor vetoed a bill that would have criminalized unauthorized computer access. The bill received blowback from the state’s booming cybersecurity industry for claiming vulnerabilities in important computer systems would not be uncovered and disclosed responsibly. As a result, cybercriminals would be able to exploit them with ease.