Happy Friday! Get an overview of this week’s cybersecurity news with our picks for the hottest articles from the IT and security presses:
- “Hack Brief: The Cardinals May Have Hacked The Astros” by Emily Dreyfuss
For the first time ever, Major League Baseball has been hit with a data breach. The FBI has begun to investigate the St. Louis Cardinals as they have been accused of stealing the password to the Houston Astros’ network in an effort to obtain personal data about players. It is believed that the Cardinals gained access to internal discussions about trades, proprietary statistics and scouting reports, and other fundamental information from the Astros’ “Ground Control” database. To find out more about the data breach, check out this article.
- “The LastPass security breach: What you need to know, do, and watch out for” by Ian Paul
The online password manager known as LastPass disclosed a data breach after detecting suspicious activity on its network last week. The company claims that this suspicious activity was attributed to hackers who were able to steal user email addresses, password reminders, server per user salts, and authentication hashes. LastPass doesn’t believe that any encrypted password vaults were breached and has prompted users to change their master passwords. For more, give this article a read.
- “Samsung keyboard bug leaves 600m Android devices exposed to hackers” by Samuel Gibbs
Over 600 million Android users are at risk as there is a vulnerability in Samsung’s Android keyboard that could allow hackers to take complete control of the phone or tablet. This security flaw was discovered in December of last year and has been kept a secret to allow time for a patch to be created, but it is unknown if this patch was ever released. To learn more about this security bug, read this article.
- “Stuxnet spawn infected Kaspersky using stolen Foxconn digital certificates” by Dan Goodin
The recent Kaspersky breach left many wondering how hackers were able to infiltrate Kaspersky’s network. This question has been answered as the attackers used the digital seal from the electronics manufacturing giant, Foxconn, to sign their own malicious drivers. These drivers were on Kasperky’s servers, allowing the attackers to transport information in and out of the network. Check out this article for a more in-depth breakdown of this attack.
- “Bruce Schneier: Russia hacked NSA for Snowden docs” by Joe Curtis
According to security expert Bruce Schneier, China and Russia obtained copies of the NSA documents that Edward Snowden leaked before Snowden arrived in Russia. Schneier believes that China and Russia were able to hack the NSA due to the organization's sub-par security controls. Read this article to find out more.
Data Protection Vendor Evaluation Toolkit
The toolkit contains an RFI-RFP criteria template and a corresponding vendor evaluation scorecard.
Related ArticlesFriday Five: 11/13 Edition
Your weekly roundup of information security news.GitHub to Warn Users of Vulnerabilities in Their Projects
GitHub said Thursday it can now help developers find and fix vulnerabilities in their dependencies.Friday Five: 10/30 Freaky Edition
Your weekly roundup of information security news.