Weekly Recap of Cybersecurity News 11/17

In case you missed it, here are some of the biggest stories in cybersecurity from the past week!

 

McAfee’s own anti-hacking service exposed users to banking malware
McAfee’s own anti-hacking service exposed users to banking malware. The purportedly safe link pointed users to a malicious Word document, laden with Emotet banking malware. Read More

 

Fileless attacks surge in 2017, security solutions are not stopping them
Fileless attacks are on the rise and are predicted to comprise 35 percent of all attacks next year, according to the Ponemon Institute. A new national survey conducted by Barkly and the Ponemon Institute titled “2017 State of Endpoint Security Risk,” released on Wednesday, suggests that this method of cyberattack is becoming more popular — and traditional antivirus solutions are doing little to stop the trend. Read More

 

Adobe patches 67 vulnerabilities in Flash, Reader
Adobe’s latest security update has swatted a total of 67 bugs, some of them critical, in Adobe Flash, Acrobat, and Reader. On Tuesday, the software provider released a security advisory detailing a huge amount of vulnerabilities which have now been fixed in the latest patch round. Read More

 

Despite increased budgets cyberattacks are getting costlier: Survey
The survey which is a collaborative effort between CSO Online, the CERT Division of the Software Engineering Institute at Carnegie Mellon University, the U.S. Secret Service, and Forcepoint revealed how security and business leaders are defending their organizations, the top threats they are facing, as well as the ramifications when an attack occurs. Read More

 

Businesses Account for More Than Half of All Data Breaches
The latest count from the Identity Theft Resource Center (ITRC) indicates that there have been 1,152 data breaches recorded this year through November 7 and that nearly 172 million records have been exposed since the beginning of the year. The incident total is 21.4% higher than at the same time last year. Read More

 

New Google study reveals the massive extent of online account hijacking
Even as web giants such as Google Inc. implement increasingly sophisticated security safeguards to protect their users, account hijacking remains a major threat. In a bid to shed more light on the issue, the company on Thursday released a landmark study that breaks down hacker activity by the numbers. Read More

 

Massive data breach has cost Equifax nearly $90 million
A massive security breach that hit Equifax has cost the US credit bureau nearly $90 million so far, a figure that is set to rise further, its chief financial officer said on Thursday. Read More

 

Payment data security and compliance: Verizon 2017 Payment Security Report’s findings
The number of organisations complying with the Payment Card Industry Data Security Standard (PCI DSS) has increased over the last year, but many organisations are still failing to abide by these standards, according to a report published by Verizon. Read More

 

26% of Orgs Would Pay Ransomware After Healthcare Cyberattack
A recent survey found that nearly one-quarter of UK and US healthcare organizations would pay a ransomware demand following a healthcare cyberattack. Read More

 

Microsoft Just Fixed a Security Flaw In Office That’s 17 Years Old
Every day, vulnerabilities in the software you use on your smartphones, tablets, and computers put you at risk. We hope that the good guys fix those flaws before the bad guys discover them, but that’s not always the case. Sometimes a flaw goes unpatched for a long, long time — like one Microsoft recently addressed in Office. Read More

 

Apple Face ID ‘Fooled’ By $150 Mask — But Big Questions Remain
Researchers in Vietnam claim to have bypassed Apple’s Face ID facial recognition technology with a mask that cost less than $150 to make, but many questions remain about just how they achieved their hack. Indeed, there are a number of gaps in the Vietnamese hackers’ disclosure that leave room for doubt about the applicability of their attack in the real world. Read More

 

Amazon Key Flaw Could Let Rogue Deliverymen Disable Your Camera
When Amazon launched its Amazon Key service last month, it also offered a remedy for anyone who might be creeped out that the service gives random strangers unfettered access to your home. But now security researchers have demonstrated that with a simple program run from any computer in Wi-Fi range, that remedy could be manipulated.  Read More

 

Oracle pushes emergency patch for critical Tuxedo server vulnerabilities
Oracle has released an emergency patch outside of scheduled security updates to resolve serious server vulnerabilities, some of which have achieved top severity ratings. Read More

 

Parity shakes up wallet audits, but funds remain frozen
Parity has temporarily disabled multi-sig functionality in the firm’s wallets following the accidental freeze of millions of Ether, but there is still no word on how users are going to recover their funds.
Read More

 

Forever 21 investigating possible data breach
Forever 21 is investigating a potential data breach that may have compromised customer information and payment cards. On Tuesday, the US clothing retailer said that the company recently received a tip from a third-party that there “may have been unauthorized access to data from payment cards” at a number of Forever 21 outlets. Read More

 

Hack Brief: OnePlus Phones Have an Unfortunate Backdoor Built In
OnePlus Smartphones have developed a bit of a cult following, thanks to a combination of design and affordability that few other Android handsets match. But OnePlus has also experienced some notable privacy and security issues, including a recent admission that it was collecting a sketchy amount of user data on its corporate servers. Read More