Happy Friday! As the week comes to an end, here’s our roundup of the top security news.
In November, toymaker VTech announced a data breach of over 11 million customer accounts, 6.4 million of which belonged to children. On Tuesday, U.K. police arrested a 21 year old man in connection to the VTech database hack and ensuing breach. The man was charged with “unauthorized access to a computer to facilitate the commission of an offense,” though it is unclear as to whether others were involved and the investigation is ongoing. To learn more about the latest developments in the VTech breach, read the article.
The week started off with the news that information on 13 million users of controversial Mac security software MacKeeper had been openly exposed on the internet via four misconfigured MongoDB databases. Security researcher Chris Vickery made the discovery after using port-scanning search engine Shodan to search for open connections on Port 27017 – the port used by MongoDB. While the databases didn’t contain any payment or otherwise financial information, the configuration errors left customer names, purchase information, and user credentials openly exposed. The issue has since been resolved by MacKeeper, but following Vickery’s disclosure Shodan founder John Matherly announced that he had discovered another 35,000 MongoDB databases still exposed due to improper configuration. Read the article for more.
Reports of fraud stemming from several Safeway stores throughout California and Colorado prompted an investigation by financial institutions that ultimately discovered a rash of POS skimmers at those stores. The fraud resulted in customers’ debit card funds being emptied by cybercriminals following their use in purchases at affected Safeway stores. The incident serves to highlight the security threats facing retailers (particularly during the high-volume holiday shopping season) as well as some best practices for safe shopping for consumers – particularly to use cash or credit cards as to limit exposure of and liability for fraudulent activity. Read the article for more on the threat of POS skimming.
According to this article from Doug Olenick, it seems that macro malware is making something of a comeback, with over 100,000 people falling victim to macro malware infections this year. The resurgence in macro malware has been attributed to new tools that make it easier for cybercriminals to develop new variants of macro malware. As it was in 1999 – what Olenick calls the “heyday” of this malware type – Microsoft Office documents remain the top target of macro malware. To learn more about this trend, read the article.
This week saw some big news from Digital Guardian as well: on Wednesday we announced that the company has raised $66M in its largest round of funding ever. The funding comes after a banner year for Digital Guardian, which saw record sales growth, the near doubling of our employee base, the opening of 3 new offices in California, Utah, and Virginia, and much more. For more on the funding, read the article from Lucas Matney.
Dan Geer: The 5 Myths Holding Your Security Program Back
Use this eBook to find out if any of these myths are hurting your security program.
Related ArticlesU.S. Government Officially Blames North Korea for WannaCry Attack
Homeland Security Advisor Thomas Bossert pinned WannaCry on North Korea in a Wall Street Journal op-ed Monday night.Friday Five: 10/10 Edition
Your weekly roundup of information security news.Nearly Every Modern Microprocessor Impacted by Meltdown, Spectre Flaws
A pair of flaws in modern computer processors revealed Wednesday could allow attackers to steal passwords, encryption keys, or access system memory.