Week in review: BA breach, Magento sites under attack

Waterfall Security: Trust issues with your firewalls? Eliminating vulnerabilities that accompany firewalls is a click away.

Here’s an overview of some of last week’s most interesting news and articles:

How metrics can enhance the effectiveness of security programs
Choosing the right metrics, for large and smaller companies, is not a one size fits all proposition. Instead metrics must be aligned with the type of organization, its industry, size and attack surface.

Financial info of 380,000 British Airways customers stolen in site, app breach
British Airways has suffered a data breach and has confirmed that personal and financial details of some 380,000 customers have been compromised.

Remotely exploitable flaw in Schneider Electric PLCs is a danger to OT networks
A vulnerability in the Schneider Electric Modicon M221, a programmable logic controller (PLC) deployed in commercial industrial facilities worldwide, can be exploited to remotely disconnected the device from communicating in the ICS network.

IT security teams are being locked out of IoT projects
A survey of 1,150 IT and security decision makers in Germany, France, Japan, the UK and US revealed that 79 percent involve the IT department in choosing industrial IoT solutions, but only 38 percent involve their security teams.

Back to school: Lessons in endpoint security
There are some simple, but effective steps you can provide to your school’s employees and students to help them be more secure.

Implications of the California Consumer Privacy Act of 2018
Going into effect January 1, 2020, the CCPA applies to businesses that collect, sell, or otherwise process information about California residents. The CCPA provides California consumers with significantly expanded rights as to the collection and use of their personal information by businesses. It covers any business that meets revenue or data collection volumes and that collects, processes or sells information about California residents.

Card skimming malware found on thousands of Magento-based sites
A card skimming operation has compromised 7,339 Magento-based online stores, allowing the attackers to quietly slurp payment card info as it’s being entered by customers.

Chrome 69 is out, includes many functional and security changes
Ten years ago Google released the first iteration of its Chrome browser. On Tuesday, the company pushed out version 69.

Access misconfiguration opens 3D printers to remote attacks
Spurred by a report coming from a regular reader, SANS ISC handlers Richard Porter and Xavier Mertens searched for OctoPrint interfaces for 3D printers exposed online and found over 3,700 that are accessible without authentication.

There are no real shortcuts to most security problems
For Xerox Chief Information Security Officer Dr. Alissa Johnson, human ingenuity, partnerships and automation are the answer to most security problems the company has encountered and might yet encounter.

Data breach reports to Information Commissioner increase by 75%
The findings, obtained from a request made under the Freedom of Information Act and analysis of publicly available ICO data, reveal details of data breaches which have compromised a broad range of individuals’ personal data, including health or clinical information, financial details, employment details and criminal records or endorsements.

Tor Browser 8 is out: What’s new?
Version 8 of Tor Browser, the multiplatform browser that routes traffic through the Tor anonymity network, has been released.

Qualys Community Edition: Discover IT assets, manage vulnerabilities, scan web apps
In this podcast recorded at Black Hat USA 2018, Anthony Mogannam, Product Manager, SME/SMB Solutions at Qualys, talks about issues related to open source software and Qualys Community Edition.

Ransomware is a big problem, but it’s also a big opportunity for MSPs to educate clients
The spike in ransomware attacks means it has never been more important to have a reliable business continuity and disaster recovery (BCDR) plan in place to help organisations get up and running as soon as possible after an attack.

Cisco fixes a host of security holes, including latest Apache Struts flaw
Cisco has plugged a heap of security holes – three of which are critical – in a variety of its products.

How leadership implements cyber resiliency across their organizations
A majority of executives around the world feel they face a “specialist-generalist” dilemma as to whom leads on cyber resiliency due to its critical nature across the company, but also the recognition that specialization is necessary, according to a global survey by The Economist Intelligence Unit (EIU) and Willis Towers Watson.

New infosec products of the week​: September 7, 2018
A rundown of infosec products released last week.