Weekly Recap of Cybersecurity News 12/1

In case you missed it, here are some of the biggest cybersecurity news stories from the past week!

 

36% of US federal websites failed a critical security test
More than one third of US federal website are missing a key security protection, according to a new report from the Information Technology & Innovation Foundation (ITIF), released Monday. Read More

 

Stupid Bug Lets Anyone Change Apple Mac Passwords — Here’s How To Fix It
If you’re running macOS High Sierra, don’t let anyone near your Apple Mac. It’s possible for anyone to login to the Mac and get the admin level of access to change passwords, get access to all data on the main account and lock the original user out. Fortunately, there’s a fix that should solve the problem, even as Apple works to patch. Read More

 

Imgur confirms email addresses, passwords stolen in 2014 hack
Imgur, one of the world’s most visited websites, has confirmed a hack dating back to 2014.The company told ZDNet that hackers stole 1.7 million email addresses and passwords, scrambled with the SHA-256 algorithm, which has been passed over in recent years in favor of stronger password scramblers. Read More

 

Testimony In Waymo Suit Alleges Uber Had Trade Secret Theft-Unit: Report
Days before Uber’s self-driving car division was set to face off with Google’s in court, accusations from a former Uber employee have sent the case off the rails. Read More

 

US indicts Chinese hackers for corporate espionage
US prosecutors have indicted three Chinese nationals accused of hacking into US companies to steal trade secrets and conduct corporate espionage. On Monday, the US Department of Justice (DoJ) said that Wu Yingzhuo, Dong Hao, and Xia Lei worked for Internet security firm Guangzhou Bo Yu Information Technology (Boyusec) in order to infiltrate US companies and other international firms. Read More

 

Report: Web application attacks up 69% in Q3 2017, here’s what to do
While traditional cyberattack vectors are alive and well, criminals continue to advance their toolkits, according to the Akamai State of the Internet / Security Report. Web application attacks are on the rise, increasing 69% in Q3 2017 over Q3 2016, the report found—representing an increase of 30% over Q2 2017 alone. Read More

 

Google stops the spread of Tizi Android malware in the Play Store
A recently discovered Android malware variant has given Google a much-needed security victory. Called Tizi, it’s a family of backdoor malware that specifically targets social media. Google picked up on it in September and has managed to “detect and investigate Tizi-infected apps and remove and block them from Android devices.” Read More

 

How Bots Broke the FCC’s Public Comment System
On a single day day in late May, hundreds of thousands of public comments poured into the Federal Communications Commission regarding its plans to roll back net neutrality protections. A week and a half later, on June 3, hundreds of thousands more followed. The spikes weren’t the voices of pro-net neutrality Americans, worried what will happen if the FCC allows internet service providers to block and throttle content whenever it so chooses. In fact, they weren’t really voices at all. Read More

 

Chinese Trio Linked To Dangerous APT3 Hackers Charged With Stealing 407GB Of Data From Siemens
Three Chinese nationals were charged with cybercrime offences today, accused of hacking three companies – Moody’s Analytics, Trimble and Siemens – to steal gigabytes of sensitive data and trade secrets. The Department of Justice said the men were part of an organization, Guangzhou Bo Yu Information Technology Company Limited (Boyusec), which has been linked by cybersecurity researchers to one of the more advanced and active Chinese government-sponsored espionage groups. Read More

 

Microsoft Launches Compliance Manager To Help Customers Achieve GDPR Compliance
With just under six months until the EU’s General Data Protection Regulation (GDPR) goes into effect, many companies are scrambling to get the right policies and controls in place to comply by the May 25, 2018 deadline. Microsoft recently unveiled a new tool to help customers achieve that goal—Compliance Manager. Read More

 

NSA’s Ragtime program targets Americans, leaked files show
A leaked document shines new light on a surveillance program developed by the National Security Agency. The program, known as Ragtime, collects the contents of communications, such as emails and text messages, of foreign nationals under the authority of several US surveillance laws. Read More

 

Report: 26% of ransomware attacks target business users
In 2017, ransomware evolved suddenly into a crisis for enterprises around the world, leading Kaspersky Lab to name the threat the “key topic” of the year, according to a new report. Read More

 

Ransomware continues to plague businesses: In 2017, 26% of ransomware targets were business users—up from 23% in 2016. This increase is due in large part to three major, sophisticated attacks: WannaCry in May, ExPetr in June, and BadRabbit in October. Read More

 

Over 75% of Android apps are secretly tracking users
Yale Privacy Lab (YPL) has just published the results of research that should be startling to any Android user: Over 75% of Android apps tested contain trackers that are unknown to their users. Android apps tracking users aren’t just small timers looking to make a buck selling data—it’s apps like Tinder, Spotify, Uber, PayPal, Twitter, and Snapchat. YPL adds that there are likely many more that haven’t been detected, as tracking users via mobile apps is an entire industry. Read More

 

35% of IT professionals see themselves as the biggest security risk to their company
When it comes to security, employees are every organization’s weak link—but the IT department in particular may be putting their company most at risk, according to a new report from Balabit. Some 35% of IT professionals said they see themselves as the biggest internal security risk to their organizations’ networks, the report found. Read More

 

NSA leak exposes Red Disk, the Army’s failed intelligence system
The contents of a highly sensitive hard drive belonging to a division of the National Security Agency have been left online. The virtual disk image contains over 100 gigabytes of data from an Army intelligence project, codenamed “Red Disk.” The disk image belongs to the US Army’s Intelligence and Security Command, known as INSCOM, a division of both the Army and the NSA. Read More

 

Eavesdropper put hundreds of enterprise apps at risk. Here’s how it could have been prevented
A mobile app vulnerability called Eavesdropper, which was discovered earlier this year, has been detected in over 685 enterprise apps (44% Android, 56% iOS). The vulnerability is caused by using hard-coded credentials in mobile applications based on the Twilio Rest API or SDK. If compromised, these credentials can provide global access to all metadata stored in Twilio accounts, which can include text/SMS messages, call details, and voice recordings from every app developed with the exposed credentials. This vulnerability has the potential to put organizations at risk of data disclosure, blackmail or other types of compromise. Read More

 

Like our content?

Subscribe to our blog above and get content delivered straight to your inbox or follow us on LinkedIn, Twitter, and Facebook to stay up to date on the latest news in cybersecurity!
or
Get a free demo of SentinelOne for your company today by Clicking Here!