Friday Five: 12/18 Edition



Catch up on the week’s top information security news.

Happy Friday! As the week comes to an end, here’s our roundup of the top security news.

1. U.K. Police Arrest Man in VTech Toy Hacking Investigation by Jeremy Hodges

In November, toymaker VTech announced a data breach of over 11 million customer accounts, 6.4 million of which belonged to children. On Tuesday, U.K. police arrested a 21 year old man in connection to the VTech database hack and ensuing breach. The man was charged with “unauthorized access to a computer to facilitate the commission of an offense,” though it is unclear as to whether others were involved and the investigation is ongoing. To learn more about the latest developments in the VTech breach, read the article.

2. MacKeeper Leak Highlights Danger of Misconfigured Databases by Rob Lemos

The week started off with the news that information on 13 million users of controversial Mac security software MacKeeper had been openly exposed on the internet via four misconfigured MongoDB databases. Security researcher Chris Vickery made the discovery after using port-scanning search engine Shodan to search for open connections on Port 27017 – the port used by MongoDB. While the databases didn’t contain any payment or otherwise financial information, the configuration errors left customer names, purchase information, and user credentials openly exposed. The issue has since been resolved by MacKeeper, but following Vickery’s disclosure Shodan founder John Matherly announced that he had discovered another 35,000 MongoDB databases still exposed due to improper configuration. Read the article for more.

3. Skimmers Found at Some California, Colorado Safeways by Brian Krebs

Reports of fraud stemming from several Safeway stores throughout California and Colorado prompted an investigation by financial institutions that ultimately discovered a rash of POS skimmers at those stores. The fraud resulted in customers’ debit card funds being emptied by cybercriminals following their use in purchases at affected Safeway stores. The incident serves to highlight the security threats facing retailers (particularly during the high-volume holiday shopping season) as well as some best practices for safe shopping for consumers – particularly to use cash or credit cards as to limit exposure of and liability for fraudulent activity. Read the article for more on the threat of POS skimming.

4. New, improved Macro malware hitting Microsoft Office by Doug Olenick

According to this article from Doug Olenick, it seems that macro malware is making something of a comeback, with over 100,000 people falling victim to macro malware infections this year. The resurgence in macro malware has been attributed to new tools that make it easier for cybercriminals to develop new variants of macro malware. As it was in 1999 – what Olenick calls the “heyday” of this malware type – Microsoft Office documents remain the top target of macro malware. To learn more about this trend, read the article.

5. Cybersecurity Firm Digital Guardian Raises $66M by Lucas Matney

This week saw some big news from Digital Guardian as well: on Wednesday we announced that the company has raised $66M in its largest round of funding ever. The funding comes after a banner year for Digital Guardian, which saw record sales growth, the near doubling of our employee base, the opening of 3 new offices in California, Utah, and Virginia, and much more. For more on the funding, read the article from Lucas Matney.

Nate Lord

Please post your comments here

Dan Geer: The 5 Myths Holding Your Security Program Back

Use this eBook to find out if any of these myths are hurting your security program.

Download now

Related Articles
U.S. Government Officially Blames North Korea for WannaCry Attack

Homeland Security Advisor Thomas Bossert pinned WannaCry on North Korea in a Wall Street Journal op-ed Monday night.

Friday Five: 10/10 Edition

Your weekly roundup of information security news.

Nearly Every Modern Microprocessor Impacted by Meltdown, Spectre Flaws

A pair of flaws in modern computer processors revealed Wednesday could allow attackers to steal passwords, encryption keys, or access system memory.