Week in review: The death of Java plugin, Magento fixes e-store hijacking flaw, cybercriminals targeting healthcare data
Here’s an overview of some of last week’s most interesting news and articles:
There’s no turning back: Say goodbye to the perimeter
If you’ve been following the announcements from this year’s Consumer Electronics Show is Las Vegas, you couldn’t have missed Ford’s partnership announcement with Amazon. Fifteen years ago, who would have foreseen a strategic partnership between what was then essentially an online book seller and a traditional Detroit car manufacturer? Yet, the catalyst of technology innovation changes so many things that being surprised is almost a constant state. The reason for this oddest of pairings is simple – the IoT changes everything.
Review: Automating Open Source Intelligence
You can discover a lot – too much, some believe – by digging through publicly available data. But, how to go about it, how to make the search as easy and quick as possible, and what are the things you have to be careful about? This book will tell you.
SSH backdoor found in more Fortinet devices, exploit attempts spotted in the wild
In case you missed it, Fortinet announced last week that the recently discovered FortiOS SSH backdoor – or, as they call it, “a management authentication issue” – has been found by its Product Security Incident Response team also on some versions of FortiSwitch, FortiAnalyzer and FortiCache.
Versatile Linux backdoor acts as downloader, spyware
Another Linux Trojan has been discovered by researchers, and this one is pretty versatile: it opens a backdoor into the infected device, can download and run additional malicious files, and can spy on users by logging keystrokes and making screenshots.
Threats to the critical information infrastructure on the rise
Citizens and businesses depend on information and communications infrastructure to support online critical services (e.g. energy, telecommunications, healthcare). Increased cyber threats can impact greatly the provision of services and result in loss of money and reputation damage for businesses.
Belgian bank Crelan loses €70 million to BEC scammers
The theft was perpetrated by outsiders (possibly foreigners), and was discovered during an internal audit.
The dismal state of payment data security
With acceptance of mobile and other new forms of payments expected to double in the next two years, a new global study shows a critical need for organizations to improve their payment data security practices.
Magento plugs XSS holes that can lead to e-store hijacking, patch immediately!
The bug can be exploited remotely by simply adding JavaScript code to the email address entered into the customer registration form on the site.
The history of cyber attacks: From ancient to modern
In the 1990s, your typical hacker’s approach used to be “hit-and-run”, and in many cases it was about fame and recognition. Back in those days most organizations only had a firewall implemented between their internal network and the Internet. As time passed, the focus started shifting, and cyber-attacks evolved into a profitable business for cybercriminals. As we are now living in the world we once thought of as the distant future, we are witnessing sophisticated and targeted attacks against many organizations.
Consumers are increasingly concerned about privacy and they’re acting on it
More Americans are concerned about not knowing how the personal information collected about them online is used than losing their principal source of income.
Oracle announces Java plugin deprecation, death
With a short post by a member of the Java strategy team, Oracle has announced the approaching death of the hated Java plugin.
Free eBook: Microsoft 70-410 Exam Study Guide
The Study Guide is written from an exam-developer point of view, describing the most effective study approach for both inexperienced and hands-on system administrators.
Data protection and breach readiness guide
The Online Trust Alliance (OTA) released its 2016 Data Protection and Breach Readiness Guide, which provides prescriptive advice to help businesses optimize online privacy and security practices, and detect, contain and remediate the risk and impact of data loss incidents.
1 in 3 home routers will be used as public Wi-Fi hotspots by 2017
Major broadband operators such as BT, UPC and Virgin Media in Europe and several of the biggest cable TV operators in the US such as Comcast and Cablevision have adopted the homespot model as a low-cost way of rapidly expanding their domestic Wi-Fi coverage.
Beware of Facebook “Security System Page” scams
Facebook users have lately become targets of phishers who are not satisfied with stealing the users’ login information, but they want their security questions and payment card information as well.
Larger, more complex, financially motivated DDoS attacks on the rise
DDoS attacks are becoming increasingly larger, more complex, and perpetrated by cyber extortionist instead of hacktivists and vandals, the results of Arbor Networks’ 11th Annual Worldwide Infrastructure Security Report have revealed.
Why cybercriminals target healthcare data
Protected health information (PHI) – which includes sensitive information such as Social Security numbers, medical record data, and date of birth — has incredible value on the black market.
Cisco plugs hole in firewall devices that could lead to device hijacking
Cisco has released a firmware update that plugs a critical, easy-to-exploit vulnerability that could allow a remote attacker to take control of the company’s RV220W Wireless Network Security Firewall devices.
Bug in pre-installed app opens LG G3 smartphone owners to data theft, phishing
Dubbed “Snap”, the vulnerability is located in the Smart Notice app that comes pre-installed on every new LG device, and is activated by default.
OpenSSL bug that could allow traffic decryption has been fixed
The OpenSSL Project has pushed out new versions of the widely used OpenSSL cryptographic library, which incorporate patches for two distinct security bugs, and an update of the protection against the infamous Logjam vulnerability.