The Daily Swig

Web security digest

November 2017
Canadian national pleads guilty to Yahoo hack ‘Hacker for hire’ will be sentenced on February 20. | 30 November 2017 | 03:39 Financial sector urged to strengthen defenses against cybercrooks Swift action required, says global banking network. | 30 November 2017 | 02:56 Uber says 2.7m Brits affected by 2016 data breach NCSC encourages password reset amid ongoing investigation. | 30 November 2017 | 11:39 Akamai traces sharp rise in SQLi attacks Number one OWASP threat shows no sign of abating. | 29 November 2017 | 03:44 Apple alerted to critical Mac login glitch Users urged to set ‘root’ password immediately. | 29 November 2017 | 12:31 Google blocks backdoored apps targeting African users Tizi found to be harvesting sensitive data from devices. | 28 November 2017 | 03:47 Rolling clone: Scarab ransomware hits millions of inboxes Necurs botnet sends 12.5m malicious emails in six hours. | 28 November 2017 | 11:43 NHS injects £20m into digital security Security Operations Center will enhance healthcare organization’s digital defenses. | 27 November 2017 | 03:43 In the frame: Hackers capture 1.7m Imgur account details Image-sharing website ‘actively investigating’ incident from 2014. | 27 November 2017 | 12:12 PAINT IT BLACK Cybercriminals taking advantage of holiday season retail frenzy. | 24 November 2017 | 04:32 Australian telco invests in cybersecurity research center Commitments to government-led initiative now total $139 million. | 24 November 2017 | 02:34 Social Security – w/e 24 Nov ‘Uber has essentially rolled the dice with its customers’ | 24 November 2017 | 11:47 APT targeting Saudi Arabian government Malware being distributed through spear phishing campaign. | 23 November 2017 | 03:33 Dutch central bank invites researchers to hack its systems TIBER program launched to improve financial sector’s digital defenses. | 23 November 2017 | 12:05 Bad news travels slowly Uber admits to 13-month-old hack affecting 57m account holders. | 22 November 2017 | 04:40 Microsoft rolls out cybersecurity awareness campaign in India Tech giant ramps up commitment to Digital India initiative. | 22 November 2017 | 03:59 SacRT systems back on track following ransom demand Normal service resumes for Sacramento’s public transport agency. | 22 November 2017 | 11:17 Hive mind: OWASP 2017 Top 10 released Injection remains appsec’s biggest threat in 2017. | 21 November 2017 | 03:53 Pentagon intelligence data archive left on unsecured server Third-party vendor linked to Department of Defense S3 blunder. | 21 November 2017 | 01:35 Oregon launches new cybersecurity initiative Program aims to build tangible solutions to help protect Oregonians against cybercrime. | 21 November 2017 | 10:29 IcedID: New banking trojan discovered in the wild Financial sector’s latest threat utilizes Emotet for webinjection and redirection attacks. | 20 November 2017 | 03:06 Australian broadcaster linked to commercial data breach Securing your S3 buckets… easy as ABC? | 20 November 2017 | 12:40 Crouching Tiger, Hidden Cobra DHS and FBI provide details of ‘Fallchill’ malware allegedly used by North Korea. | 20 November 2017 | 11:05 Pawn in the game Cash Converters reveals customer data breach. | 17 November 2017 | 03:18 Between a rock and a hard drive Global ransomware damages to exceed $11.5bn by 2019. | 17 November 2017 | 12:00 UK builders’ merchant takes store offline following hack Jewson enlists forensic firm to drill into its security systems after suspected breach. | 16 November 2017 | 03:32 UC Berkeley offers new cybersecurity degree Master’s program established to help train the next generation of OpSec professionals. | 16 November 2017 | 02:18 Healthcare cyber-threats weigh heavy on sector’s IT community While healthcare cybersecurity funding is up in the UK, confidence among the sector’s IT community is low. | 16 November 2017 | 12:19 Forever 21 probes card security incident Unencrypted POS systems linked to possible data breach. | 15 November 2017 | 03:44 ‘We have an important journey in front of us’ Equifax counts the cost of this year’s biggest corporate data breach. | 15 November 2017 | 12:00 Mexico launches National Cyber Security Strategy Initiative aims to help protect the country’s rapidly expanding internet user base. | 14 November 2017 | 11:30 Lost in the Ether Parity still scratching its head over multi-sig issue. | 13 November 2017 | 04:00 Amazon rolls out new S3 security components Company’s flagship cloud storage solution now includes default encryption, permission checks, and cross-region replication features. | 09 November 2017 | 12:00 New study underlines AI’s growing role in cybersecurity Asia-Pacific projected to be at the forefront of machine learning trend. | 06 November 2017 | 02:00 Estonia blocks 760,000 ID card certificates Security flaw in card chips could make holders vulnerable to cybercrime. | 03 November 2017 | 05:00 Data leak Down Under 50,000 gov’t employee records found on open S3 bucket. | 03 November 2017 | 04:00 Masters of the Pwniverse Chinese research group takes top spot in annual mobile security challenge. | 03 November 2017 | 10:00 Hetzner hacked in South Africa Web hosting firm alerts customers to database breach. | 02 November 2017 | 04:00 WordPress releases critical security update Months-old SQL injection flaw patched. | 02 November 2017 | 10:00 SAVE your vote? Senators propose electoral bug bounty. | 01 November 2017 | 12:00 Hilton reaches $700,000 settlement over historic data breaches Lax security practices put consumer data at ‘serious risk’. | 01 November 2017 | 10:00