Friday Five: 9/18 Edition



Your weekly roundup of information security news.

Happy Friday! Close out the work week with our picks for the hottest articles from the IT and security presses:

  1. "Framing Third Party Risk: The PNI Photo Hack" by Paul Roberts
    Remember when CVS shut down its photo service due to a third-party data breach back in July? The incident first came to light as a warning of a potential data leak – recently, Costco and CVS both confirmed that customers’ personal data were accessed by hackers during the period of the breach which lasted for nearly a month. To learn more about how to avoid third party risks and how to securely build out new services, read this article.
  2. "Russian Hacker Drinkman Pleads Guilty in Largest Data Breach by David Voreacos
    Russian hacker, Vladimir Drinkman, has finally pleaded guilty in the federal court of Camden, New Jersey. Drinkman was part of the five man team that stole 160 million credit card numbers in the United States, making it the biggest data breach in U.S. history. Read the full article here.
  3. "Smartwatch sensors can be used to eavesdrop on the keys you're typing" by Lisa Vaas
    While smartphones are ubiquitous today, another gadget – smartwatches are still a relatively new trend and just like smartphones, smartwatches also appear to be susceptible to security flaws. Recently, a couple of researchers have pointed out that a smartwatch’s motion sensors can be used to detect the words you are typing. It is then possible for hackers to invent an app that could eavesdrop on a user’s conversation. To learn more about potential security flaws in smartwatches, read this article.
  4. "Hack Brief: Upgrade to iOS 9 to Avoid a Bluetooth iPhone Attack" by Andy Greenberg
    Say hello to iOS 9 – better battery life, smarter Siri, new features, and most of all, fixed vulnerabilities. The last iOS release had a bunch of security holes, which have been fixed in the latest version of iOS. For example, users can now avoid a phone hijacking incident caused by Bluetooth vulnerabilities which in the past allowed anyone within range to potentially hack into the user’s iPhone. To learn more about this security vulnerability that could be fixed by an upgrade, read this article.
  5. "WordPress Patches Serious Shortcodes Core Engine Vulnerability" by Mike Mimoso
    If you are an avid blogger, this is good news for you – WordPress has recently upgraded to version 4.3.1, which came with three patched vulnerabilities. The most important patch is the one done on “shortcodes”. Shortcodes allow simple embedding of macros in code, which saves developers time by not having to rewrite HTML. To learn more about the WordPress patches, read this article.
Susan Xu

Please post your comments here

Advanced Threat Protection - Building a Kill Chain Defense

Detect and stop targeted attacks with a data-centric approach that protects sensitive data regardless of the source of attack.

Download now

Related Articles
Friday Five: 7/08 Edition

It's Friday! Catch up on the top infosec headlines with our weekly news roundup.

Vulnerability Affects Oracle MICROS POS Systems, Business Data

Researchers warned this week attackers could exploit a vulnerability in some POS systems to hijack business-data rich databases.

Telegram Zero Day Let Hackers Mine Cryptocurrency, Drop Backdoors

Researchers said Tuesday the app was vulnerable to a right-to-left override attack, something which let attackers trick unsuspecting users into installing malware.