Week in review: Equifax breach, Instagram hack, Android Toast Overlay attack

Here’s an overview of some of last week’s most interesting news and articles:

Patch your Android device to foil Toast Overlay attacks
Overlay attacks are nothing new for Android users, and Palo Alto Networks Unit 42 researchers have found yet another way for attackers to perpetrate them.

Review: Cato Cloud
Cato Cloud is a custom-built, SLA-backed backbone that provides global organizations a one-stop solution for interconnectivity, security and policy enforcement.

Navigating GDPR in the mobile enterprise
Today’s enterprises must address three major issues: how to effectively protect employee privacy with the use of mobile devices and apps on those devices, how to provide security that protects customer PII when employees must interact with customer PII, and how to ensure that the security measures protecting customer PII are cost-effective and don’t interfere with employees doing their jobs.

BH Consulting launches scholarship programme to address infosec skills gapi
BH Consulting, an information security specialist company, has launched a Masters Scholarship programme to encourage talented people to enter the cybersecurity market.

Syringe infusion pumps can be fiddled with by remote attackers
A syringe infusion pump used in acute care settings sports eight vulnerabilities, some of which could be exploited by remote attackers to impact the intended operation of the device, ICS-CERT warns.

Equifax breach: Sensitive info, SSNs of 44% of U.S. consumers accessed by attackers
Equifax, one of the three largest American credit agencies, has announced that it has suffered a “cybersecurity incident” affecting some 143 million U.S. consumers.

Hacking virtual and augmented reality: Short-term FUD, long-term danger
Corey Nachreiner, CTO at WatchGuard Technologies, believes virtual reality (VR) and augmented reality (AR) are on the cusp of mass success, and will dramatically change the way we use technology. However, with new technology comes new attack surfaces.

Hackers stole contact info of 6 million Instagram users and are selling it online
The researchers spotted the hackers on an underground forum, trading the personal credentials for celebrity accounts, and presumably that’s when they went searching for the bug.

13% of SMBs have experienced an IoT-based attack
One in four companies have already experienced a ransomware attack and one in eight have dealt with an IoT-based attack, according to Arctic Wolf Networks.

Dragonfly hackers gained operational access to European, US power companies
The Dragonfly hacking group is back – or should we say it probably never went away – and is still interested in penetrating the networks of European and US companies in the energy sector.

Skilled security staff are hard to find, security teams need to be creative
It’s evident that security teams are evolving and maturing with the rest of the cybersecurity industry, but the pool of skilled staff and training simply aren’t keeping up.

Key elements of a secure, sensitive information sharing strategy
It’s been said, data is like the new oil. What does this mean exactly? Like oil, data is a commodity. But unlike oil, the value of data isn’t susceptible to supply and demand. Data is always in demand. Why? Data provides understanding. And the conclusions that are drawn from understanding can be optimized or, even better, monetized.

Security flaw affects 750,000 Estonian ID cards
Theoretically, the reported vulnerability could facilitate the use the digital identity for personal identification and digital signing without having the physical card and relevant PIN codes.

Insider threats and ransomware are most feared, followed by DDoS attacks
A new SANS survey found that ransomware, insider threats and denial of service are considered the top three threats organizations face when it comes to securing sensitive data.

European court says workplace surveillance must not violate workers’ privacy
European companies must strike a fair balance between workplace surveillance and their employees’ right to privacy, the European Court of Human Rights (ECHR) has ruled.

Researchers reverse 320 million hashed passwords
CynoSure Prime, a “password research collective”, has reversed the hashes of nearly 320 million hashed passwords provided by security researcher Troy Hunt through the Pwned Passwords searchable online database.

Axonius announces $4M seed round to secure the explosion of connected devices
The Axonius platform eliminates blind spots on the network and provides a single place to understand, manage and control the security of end user, compute and IoT devices.

New infosec products of the week​: September 8, 2017
A rundown of infosec products released last week.