Happy Friday! Close out the work week with our picks for the hottest articles from the IT and security presses:
- "Framing Third Party Risk: The PNI Photo Hack" by Paul Roberts
Remember when CVS shut down its photo service due to a third-party data breach back in July? The incident first came to light as a warning of a potential data leak – recently, Costco and CVS both confirmed that customers’ personal data were accessed by hackers during the period of the breach which lasted for nearly a month. To learn more about how to avoid third party risks and how to securely build out new services, read this article.
- "Russian Hacker Drinkman Pleads Guilty in Largest Data Breach by David Voreacos
Russian hacker, Vladimir Drinkman, has finally pleaded guilty in the federal court of Camden, New Jersey. Drinkman was part of the five man team that stole 160 million credit card numbers in the United States, making it the biggest data breach in U.S. history. Read the full article here.
- "Smartwatch sensors can be used to eavesdrop on the keys you're typing" by Lisa Vaas
While smartphones are ubiquitous today, another gadget – smartwatches are still a relatively new trend and just like smartphones, smartwatches also appear to be susceptible to security flaws. Recently, a couple of researchers have pointed out that a smartwatch’s motion sensors can be used to detect the words you are typing. It is then possible for hackers to invent an app that could eavesdrop on a user’s conversation. To learn more about potential security flaws in smartwatches, read this article.
- "Hack Brief: Upgrade to iOS 9 to Avoid a Bluetooth iPhone Attack" by Andy Greenberg
Say hello to iOS 9 – better battery life, smarter Siri, new features, and most of all, fixed vulnerabilities. The last iOS release had a bunch of security holes, which have been fixed in the latest version of iOS. For example, users can now avoid a phone hijacking incident caused by Bluetooth vulnerabilities which in the past allowed anyone within range to potentially hack into the user’s iPhone. To learn more about this security vulnerability that could be fixed by an upgrade, read this article.
- "WordPress Patches Serious Shortcodes Core Engine Vulnerability" by Mike Mimoso
If you are an avid blogger, this is good news for you – WordPress has recently upgraded to version 4.3.1, which came with three patched vulnerabilities. The most important patch is the one done on “shortcodes”. Shortcodes allow simple embedding of macros in code, which saves developers time by not having to rewrite HTML. To learn more about the WordPress patches, read this article.
Advanced Threat Protection - Building a Kill Chain Defense
Detect and stop targeted attacks with a data-centric approach that protects sensitive data regardless of the source of attack.
Related ArticlesFriday Five: 4/6 Edition
Chip card scams, tracing stolen Bitcoin and more - catch up with the week's infosec news in this roundup!Microsoft's Emergency Spectre Fix Disables Intel Fix
Microsoft released an emergency update over the weekend to disable Intel's Spectre fix.Friday Five: 1/26 Edition
IoT botnets, encryption, GDPR -- catch up on the week's infosec news with this roundup!