The Daily Swig

Web security digest

October 2017
Nearly 2bn data records compromised in first half of 2017 More data breaches have been witnessed in the first six months of the year than the whole of 2016. | 31 October 2017 | 08:00 IMPERFECT 10 Oracle patches critical vulnerability. | 31 October 2017 | 02:00 Malaysian telco breach results in leak of 46.2m mobile numbers Attack dating back to 2014 thought to affect entire country. | 30 October 2017 | 03:00 US lawmakers back IoT certification program Proposed Cyber Shield Act aims to help consumers identify most secure products. | 27 October 2017 | 04:00 Whole Foods resolves in-store data breach US grocery chain replaces compromised POS systems. | 26 October 2017 | 11:00 BlackBerry launches cybersecurity consulting service Are you GDPR ready? | 26 October 2017 | 10:00 Microsoft introduces new ransomware safeguards Intrusion prevention software ships with latest Windows update. | 25 October 2017 | 02:00 Patient data stolen from London plastic surgery Clinic ‘horrified’ by breach – but probably not as much as its patients. | 25 October 2017 | 12:00 Down the rabbit hole: NotPetya 2.0 raises its head Kiev Metro, Odessa airport, and Russian media outlets hit by ransomware attack. | 25 October 2017 | 10:00 The cookie crumbles – MEPs call for stronger online privacy laws Despite a majority vote, ‘privacy by default’ legislation is not without its detractors. | 24 October 2017 | 12:00 BlackOasis: Adobe releases critical Flash update Hopes of a peaceful retirement are fading for iconic media platform. | 24 October 2017 | 10:00 MacBook Proton Data-thieving trojan hits Elmedia video player. | 23 October 2017 | 02:00 Google implements Play Store bug bounty ‘Security reward’ program encourages techies to find flaws in key apps. | 23 October 2017 | 01:00 CSA urges all firms to conduct ‘comprehensive’ risk assessments More than half of Canadian businesses experienced a cybersecurity incident in 2016. | 23 October 2017 | 11:00 Red alert: Hackers advancing attacks against critical US networks Advanced persistent threat activity targeting energy and other critical infrastructure sectors. | 23 October 2017 | 10:30 New IoT botnet will make Mirai look like child’s play Reaper campaign spreading rapidly worldwide. | 23 October 2017 | 10:00 ‘Pretty much the entire population’ South Africa hit by major data leak. | 20 October 2017 | 04:00 Voluntary breach notifications up 7% in Australia Majority of vulnerabilities closed within 60 days. | 20 October 2017 | 10:00 Global security spending to reach $120bn by 2021 Services and software to capture lion’s share of revenues, sector-wide. | 19 October 2017 | 11:00 Spam and cheese: Domino’s customer emails leaked in Australia Australian pizza fans receive personalized emails from scammers. | 19 October 2017 | 10:00 Google puts accounts on lockdown with Advanced Protection Top-tier 2FA protection for those who need it most. | 18 October 2017 | 01:00 NORTHERN POWERHOUSE NCC cuts ribbon on new global HQ. | 18 October 2017 | 12:00 FBI urges consumers to ramp up IoT protection IC3’s list of recommendations comes on the heels of large-scale IoT-related cybercrime events. | 18 October 2017 | 11:00 DHS issues new directive to secure federal communications Department mandates HTTPS and DMARC as part of new ‘cyber hygiene’ policy. | 18 October 2017 | 10:00 Stuffed trust: Pizza Hut falls victim to US hack Fast food chain’s half-baked reaction led to fraudulent charges, customers say. | 17 October 2017 | 11:00 Google launches antivirus engine for Chrome Your Windows need a Cleanup. | 17 October 2017 | 10:00 Social networks: We Heart It alerts users to historic data breach Eight million user account details in the frame. | 16 October 2017 | 05:00 US Congress tables ‘hack back’ legislation ACDC aimed at rocking the balance of power between hackers and their victims. | 16 October 2017 | 04:00 Kracking the WiFi code – ‘serious’ flaw found in WPA2 Ubiquitous wireless security protocol open to abuse through session key exploit. | 16 October 2017 | 03:00 Household hacks? Australia calls for IoT consumer rating Seal of approval system aimed at clamping down on vulnerabilities. | 16 October 2017 | 10:00 Samsung CEO to step down amid ‘unprecedented crisis’ Kwon to resign as South Korean electronics conglomerate expects record Q3 earnings. | 13 October 2017 | 11:00 Hyatt suffers second card data breach in two years 41 hotels impacted across Asia and the Americas. | 13 October 2017 | 10:00 Mirai image Chicago, Washington DC, and Atlanta named ‘botnet powerhouses’ of North America. | 12 October 2017 | 10:00 Vermont ramps up cybersecurity efforts Dedicated WebSec team to help protect against threats to public and private enterprises. | 11 October 2017 | 04:00 Over the limit: SpiderLabs exposes major banking scam Threat report details large-scale ‘hybrid’ cyberattack targeting banks across eastern Europe. | 11 October 2017 | 02:00 SUPPLY AND DEMAND Darknet ransomware economy soaring in 2017. | 11 October 2017 | 12:00 Misfortune 500 Accenture client data left out in the wind. | 11 October 2017 | 10:00 Misconfigured AWS bucket results in mass clinical data exposure Medical records of 150,000 patients laid bare on unprotected server. | 10 October 2017 | 12:00 CALIFORNIA GLEANING Student data compromised in separate attacks. | 10 October 2017 | 12:00 Indecent exposure: Pornhub users targeted by malvertising campaign Spoof software alert duped visitors into downloading click ad fraud malware. | 10 October 2017 | 11:00 Luck of the Irish? Study highlights lackluster security policies on the Emerald Isle. | 10 October 2017 | 10:00 Hacker gains access to Forrester Research content Cybersecurity incident puts market data in hands of illicit operator. | 09 October 2017 | 02:00 Rapid response: Disqus alerts users to hack in just 24hrs Blog comment hosting service commended for quick actions over data breach. | 09 October 2017 | 10:00 Global IT spending to reach $3.7tn in 2018 Adaptive risk and trust assessment named as key tech trend over next 12 months. | 06 October 2017 | 12:00 FDIC suffers more than 50 data breaches in two years Audit finds federal insurance group’s data management practices ‘inadequate’. | 06 October 2017 | 11:00 Malware attack hits US fast food chain Scale of Sonic Drive-In card theft remains undisclosed. | 05 October 2017 | 02:00 NCSC tackles nearly 600 ‘significant’ attacks in first year of ops One year on since its creation, the UK’s new cybersecurity agency is doubling down on efforts to protect the country against future digital attacks. | 05 October 2017 | 01:00 Mozilla announces end date for XP and Vista support Firefox will stop guarding the henhouse from June next year. | 05 October 2017 | 12:00 ‘City network down’ – Englewood systems under ransomware attack Personal data safe, but public systems taken offline. | 05 October 2017 | 11:00 Chaos after the storm: Yahoo data breach found to affect all 3bn customers New intelligence sees web giant revise hacked account figures upwards… to 100% of its user base in 2013. | 04 October 2017 | 04:00 Actions are louder than words ISACA urges business leaders to address tech governance gap. | 04 October 2017 | 02:00 It’s good to talk: BT and Interpol unite to fight cybercrime Mutual data sharing agreement aimed at protecting consumers and businesses against rising tide of digital theft. | 04 October 2017 | 12:00 Study highlights ongoing DNS security failings One year on from the Dyn attack that knocked dozens of major sites offline, a new study finds DNS security is still being overlooked. | 04 October 2017 | 10:00 Wordfence spots three zero-day WordPress plugin flaws Vulnerabilities being exploited in outdated add-ons. | 03 October 2017 | 03:00 OAS partners with AWS in web security initiative Digital security pulled into focus through transcontinental agreement. | 03 October 2017 | 01:00 Best router forward: New network security standards created Border Gateway Protocol will help protect internet traffic from hijacking by data thieves, says NIST. | 03 October 2017 | 12:00 Fake news? Nixi refutes data breach claims Darknet data vendor’s assertions classed as ‘audacious and far from truth’. | 03 October 2017 | 11:00 Crest rolls out threat intelligence analyst certification Industry accreditation body sets the bar for threat intel professionals. | 03 October 2017 | 10:00 MGT announces commercial launch of anti-hacking system Sentinel starts its watch in November | 02 October 2017 | 04:00 Early Detection System: MasterCard ups the ante against digital fraud Payments giant arms issuers with predictive tool to combat account-related fraud from data breaches. | 02 October 2017 | 02:00 GrammaTech lands $9m US Navy contract Software developer will use the funds to implement new cybersecurity techniques. | 02 October 2017 | 01:00 Record participation for 5th Europol-Interpol conference More than 400 delegates unite in fight against cybercriminals. | 02 October 2017 | 12:00 Stop. Think. Connect. CyberSecMonth kicks off in US and Europe Large-scale initiative on both sides of Atlantic aims to increase awareness of cybersecurity issues. | 02 October 2017 | 11:00