The Daily Swig

Web security digest

December 2017
Ancestry.com reveals RootsWeb breach affecting 300,000 users Genealogical community taken offline as new security measures implemented. | 29 December 2017 | 11:36 SAFE HAVEN Edward Snowden introduces new security app. | 28 December 2017 | 10:36 Nissan Canada informs customers of possible data breach Auto firm sounds the horn over finance division hack. | 27 December 2017 | 11:57 Calm before the swarm? GnatSpy mobile malware family discovered. | 22 December 2017 | 05:21 Backdoor captcha’d in popular WordPress plugin Site admins urged to remove Captcha, despite fix. | 21 December 2017 | 12:18 Arrests made in connection with CTB-Locker, Cerber ransomware Five individuals apprehended during Operation Bakovia. | 20 December 2017 | 02:30 Massive cloud leak exposes ‘virtually every American household’ Alteryx bungle delivers some home truths surrounding third-party vendor risk. | 20 December 2017 | 12:44 India’s ruling party accused of hacking voting machines BJP rival says 140 engineers were hired to tamper with EVMs during Gujarat election. | 19 December 2017 | 04:07 Keeper: Your password’s safe Critical flaw patched in Windows’ bundled password manager. | 19 December 2017 | 12:53 LA Tech receives cybersecurity grant Funding will be used to train the next generation of cybersecurity professionals. | 19 December 2017 | 11:20 Social Security – w/e 15 Dec ‘I’m sorry you feel this way, NatWest’ | 15 December 2017 | 04:43 UK banks failing to disclose all cyber-attacks, says FCA Financial services regulator underlines need for transparency. | 15 December 2017 | 02:40 Caught in a trap Study indicates 1% of all websites hacked over past 18 months. | 15 December 2017 | 11:55 Singapore’s Ministry of Defense launches bug bounty program 300 hackers are being invited to pwn MINDEF systems. | 14 December 2017 | 04:07 Mirai architects plead guilty to cybercrime charges Three hackers face lengthy sentences for last year’s supercharged DDoS botnet. | 14 December 2017 | 12:15 Multi-sig software updates could help thwart backdoor attacks You’ve heard of multi-sig for cryptocurrency, but could it work for secure software development? | 13 December 2017 | 05:47 ‘You have 96 hours to comply’ Spider ransomware demands payment within four days – and offers a handy tutorial video for its victims. | 13 December 2017 | 12:57 MoneyTaker syndicate exposed after 18 months of silent ops Hacking group has been targeting banks in the US and Russia. | 12 December 2017 | 03:01 In the clear? 1.4bn data records found on the dark web Easily searchable database leads to fears that the cybercrime epidemic is about to become much worse. | 12 December 2017 | 11:16 UNC Health Care flags potential data breach Stolen computer puts details of 24,000 patients at risk. | 11 December 2017 | 04:08 IT security spending to reach $96bn in 2018 Global cyber-attacks have put execs on high alert. | 11 December 2017 | 03:07 Researchers expose HSTS shortcomings in major browsers Protections can be circumvented by flooding the victim’s browser with directives. | 11 December 2017 | 12:39 Social Security – w/e 8 Dec NiceHash, no stash: Mining marketplace suffers breach as bitcoin soars. | 08 December 2017 | 03:56 ‘Urgent action’ needed to tackle rising tide of financial cybercrime British government not doing enough to tackle online fraud, committee states. | 08 December 2017 | 11:46 Latest Chrome release includes Site Isolation for enterprise security Admin security enhancements and more for Google’s freeware browser. | 07 December 2017 | 01:20 Utility companies warn over TIO data breach News of security vulnerability filters down to consumers. | 06 December 2017 | 04:39 Black Hat Europe: ‘Cyber is the new black’ Chris Painter, former Coordinator for Cyber Issues at the US State Department, offers a global perspective on cybersecurity in the 21st century. | 06 December 2017 | 01:40 UK gov’t launches interim cybersecurity strategy Manifesto will be used to guide the country’s response to technological change. | 05 December 2017 | 01:22 Andromeda botnet dismantled by international taskforce 1,500 malicious domains sinkholed and one suspect arrested in Belarus. | 05 December 2017 | 11:34 SUPERMARKET SWEEP British retailer found liable for 2014 data leak. | 04 December 2017 | 04:19 Executives face jail time under new breach disclosure legislation Measure calls for up to five years in prison for knowingly concealing hacks. | 04 December 2017 | 02:58 PayPal subsidiary suffers data breach TIO services will remain offline until network vulnerabilities are patched. | 04 December 2017 | 12:27 Social Security – w/e 1 Dec ‘If you learn one thing in security, it’s humility’ | 01 December 2017 | 04:20 Additional funding for Georgia’s cybersecurity center Governor Deal underlines southern state’s commitment to infosec. | 01 December 2017 | 03:03 AWS raises its guard against cloud security threats GuardDuty will monitor accounts for malicious activity 24/7. | 01 December 2017 | 02:18 UK shipbroker warns of possible data leak Clarksons refuses to bow to ransom demand. | 01 December 2017 | 11:16