One of the most notable data breaches disclosed this month was by Uber, given the company attempted to cover up the breach by paying off hackers. Over a year ago the transport tech firm was said to have paid £75,000 to two hackers to delete 57 million Uber account records which they had stolen. Uber revealed around 2.7 million of the stolen records were British riders and drivers. As a UK Uber rider, this could mean me, I haven’t received any notification of the data breach from Uber as yet. The stolen information included names, email addresses, and phone numbers. Uber can expect enforcement action from regulators on both sides of the pond, the UK Information Commissioner’s Office (ICO) said it had “huge concerns” about the breach and was investigating.
Jewson, Cash Converters, and Imgur all reported losing data due to hacks this month, while Equifax has reported suffering significant negative financial losses following their high profile hack of personal customer data. Equifax reported their net income had dropped by £20 million due to the hack, and their breach bill was coming in at a whopping £67 million.
November was a very busy month for security patches releases, with Microsoft, Apple, Adobe, Oracle, Cisco and Intel releasing a raft of patches to fix critical vulnerabilities. Apple even had to quickly release an emergency patch at end of November to fix a root access flaw reported in macOS High Sierra version 10.13.1. So just keep patching everything IT to ensure you and your business stays ahead of enterprising cybercriminals, the Equifax breach is a prime example of what can go wrong if system patching is neglected.
November also saw Open Web Application Security Project (OWASP) finally released an updated version to its Top Ten application vulnerabilities list, which is a ‘must know’ secure coding best practice for all software developers and security testers, especially considering that Akamai reported web application attacks had increased by 69% in the third quarter of 2017. Look out for an updated OWASP Top Ten IBM DeveloperWorks Guidance from me in December to reflect the updated list.
- Uber paid off Hackers to delete the Stolen Data of 57 Million People
- OWASP Top Ten 2017 Released: App Development Best Practice & Top Vulnerabilities
- Equifax’s Net Income down £20m and £67m Costs Post Data Breach
- Jewson tells Customers their Data may have been Stolen
- Cash Converters hit by Security Breach
- Web Analytics may Jeopardise User Information and GDPR Compliance
- US charges members of elite Chinese Hacking Unit APT3
- Imgur Discloses years-old Data Breach that Compromised 1.7 Million Users
- Hackers ‘fool’ iPhone X Face ID with a Simple Mask
- Tether Crypto-Currency Operator Reports $31m Raid
- Microsoft releases 20 Critical Security Updates for IE/Edge, Office, & Windows
- Adobe releases fixes for 83 Security Vulnerabilities in Acrobat and Flash
- Apple Addresses KRACK exploits in iOS and macOS Updates, and an Emergency Patch
- Cisco: Critical Vulnerability in 12 types of Voice OS-based Products
- Oracle issues emergency patch for JoltandBleed bug in Tuxedo Middleware
- Windows, Mac and Linux all at Risk from Flaws in Excel File Reader Library
- US CERT issues warning on ASLR vulnerability in Windows 8 & 10
- Intel Management engine Vulnerabilities Expose Millions of PCs to Attack
AWARENESS, EDUCATION AND THREAT INTELLIGENCE
- APT28’s latest Word doc Attack Eliminates needing to Enable Macros
- DDoS attacks have doubled in the six months, up 91% in the First Quarter of 2017
- New Mirai variant back on the Radar after New Exploit Code Published
- Cobalt Malware leverages recently Patched 17-year-old Microsoft Flaw
This is a Security Bloggers Network syndicated blog post authored by Dave Whitelegg. Read the original post at: IT Security Expert Blog