The Daily Swig

Web security digest

February 2018
New SEC guidelines call for clearer breach disclosures Agency also warns company bosses against selling stock following a cybersecurity incident. | 23 February 2018 | 04:30 Social Security – w/e 23 Feb ‘I don’t want to live in a world where younger generations grow up without privacy’ | 23 February 2018 | 04:00 ‘Technology alone can’t defeat cybercrime’ Security expert Joseph Carson discusses how UK councils can empower employees to take cybersecurity seriously. | 23 February 2018 | 12:22 uTorrent users urged to update app after hijacking bug exposed Torrent client issues patch for RCE vulnerability that allows hackers to take full control of users’ devices. | 23 February 2018 | 10:24 Maritime telecoms giant patches SQL vulnerability Navarino delivers Infinity hotfix to an estimated 6,000 vessels. | 22 February 2018 | 04:25 Free, ready-to-infect ransomware available on the dark web Unskilled cybercriminals can now gain access to file-encrypting malware without the need for upfront payment. | 22 February 2018 | 02:40 Placing trust in the industry: Siemens launches global cybersecurity charter Siemens’ global head of government affairs outlines the key principles of the newly launched Charter of Trust. | 22 February 2018 | 11:30 Australia’s breach disclosure law now in effect The NDB scheme means consumers will no longer be left in the dark – but how will the term ‘serious harm’ be defined? | 22 February 2018 | 11:14 HardWare Zone forum hacked in Singapore’s biggest-ever data breach SPH Magazines apologizes to customers after 685,000 profiles were viewed by hackers. | 21 February 2018 | 04:19 Tempting fate: Avast outlines latest Facebook phishing scam Facebook Messenger users are being duped into downloading spyware disguised as Kik Messenger app. | 21 February 2018 | 03:35 US Department of Energy creates new cybersecurity office CESER established to address the emerging threats of tomorrow. | 21 February 2018 | 12:28 Tesla becomes latest victim of cryptojacking epidemic Hackers infiltrated electric car giant’s cloud environment. | 20 February 2018 | 04:10 Flight sim add-on installer bundled with Chrome password stealer FSLabs admits move to combat piracy was ‘a bit heavy-handed’. | 20 February 2018 | 01:08 Microsoft vulnerabilities double as Google exposes Edge flaw Security flaws in Microsoft’s operating systems and Edge browser are up 132% since 2013. | 20 February 2018 | 12:35 California wildlife agency issues breach alert Employee data heads into the wild. | 19 February 2018 | 03:42 Hackers behind major US credit card breach sentenced Successful SQL injection attacks resulted in the loss of 160 million card details. | 19 February 2018 | 02:46 Going public: Intel expands bug bounty program Bounties have been raised across the board. | 19 February 2018 | 12:18 Hackers steal $2m from India’s City Union Bank SWIFT network once again leveraged for fraudulent transactions. | 19 February 2018 | 11:38 Google rolls out adblocker for Chrome Built-in browser feature aims to tackle annoying and intrusive ads. | 16 February 2018 | 04:01 ‘We’re fortunate that the attackers had a very limited imagination’ Security researcher Scott Helme takes stock of this week’s BrowseAloud cryptojacking campaign. | 16 February 2018 | 11:21 UK gov’t points finger at Moscow for last year’s NotPetya attack Russia accused of being responsible for one of 2017’s biggest cybersecurity incidents. | 15 February 2018 | 02:37 Blink to the future Scanning the biometric horizon. | 14 February 2018 | 09:07 Eternal Romance exploit tied to Winter Olympics cyber-attack Cybercrooks are still showing love for leaked NSA code. | 13 February 2018 | 12:37 Equifax hack: More consumer data exposed than previously reported Tax ID numbers, email addresses, and phone numbers added to the hit list. | 12 February 2018 | 02:48 Belgian authorities release Cryakl ransomware keys Victims can decrypt their files for free. | 09 February 2018 | 03:23 Social Security – w/e 9 Feb ‘A secure web is here to stay’ | 09 February 2018 | 01:07 Hold the phone: Swisscom breach hits 800,000 customers Incident prompts Swiss telco to reassess its security posture. | 08 February 2018 | 04:07 Moving security forward by looking back Infosec experts must learn from past mistakes in order to avoid the dreaded Hamster Wheel of Pain. | 08 February 2018 | 02:40 EU-led NIS Directive will underpin UK’s cybersecurity laws, post-Brexit Just 10 months will separate the introduction of new cybersecurity regulations in the UK from the country’s ultimate departure from Brussels – but the timing could not be better. | 08 February 2018 | 12:25 Adobe releases patch for Flash Player zero-day Successful Windows exploit tied to Group 123 in North Korea. | 07 February 2018 | 11:28 Crypto-mining Android botnet spreading globally ADB.Miner propagating through open diagnostic test ports. | 06 February 2018 | 04:25 Critical mass: Singapore’s Cybersecurity Bill passed in Parliament New law aims to strengthen critical information infrastructure in the island nation. | 06 February 2018 | 11:56 Pwn2Own returns with new targets and $2m prize pool Virtualization category expanded to include Oracle and Microsoft solutions in 2018. | 05 February 2018 | 04:29 Cybersecurity in Canada: The best offense is a good defense Canadian cybersecurity specialist Dave Lewis takes a closer look at the country’s ongoing efforts to strengthen its defenses ahead of the 2019 federal elections. | 05 February 2018 | 03:24 Massachusetts gov’t launches online data breach reporting tool Web-based service will help reduce potential damage to Bay State residents. | 05 February 2018 | 12:01 Vulnerability found in Oracle POS terminals Retail and hospitality businesses urged to patch Micros flaw. | 02 February 2018 | 11:00 In the know: Australian breach disclosure rules come into force this month Notifiable Data Breaches scheme applies to businesses with an annual turnover of $3 million or more. | 01 February 2018 | 01:14