Happy Friday! Here’s what was big in cyber security headlines this week. Enjoy!
Global Payments breach: “Up to 1.5 million Visa, MasterCard credit card numbers stolen” by Emil Protalinski (@EmilProtalinski). In this blog post Emil Protalinski details the recent security breach against Global Payments, a major payment processing company. It was announced last Friday that Global Payments had suffered a security breach effecting Visa and Mastercard customers in North America. It has been determined that as many as 1.5 million credit card numbers were stolen in the breach, although the company has assured Visa and Mastercard customers that their personal information is still safe and that they are close to putting the issue to rest with minimal negative results.
Social Media Privacy: “Two Months Removed From AddressGate, Path Starts Hashing, Anonymizing Data” by Rip Empson (@ripemp). Social media app Path released an update this Monday to address issues that arose when the app (along with many others) was found to be dumping user information without proper authorization. The latest release, Path 2.1.1, now anonymizes user info via hashing methods in order to protect user data privacy. This technique stores data as an alphanumeric “fingerprint” rather than text so that it can be stored and used safely. While many apps have been found sharing or exporting user data, far fewer have taken substantial measures in remedying their issues. Hopefully Path’s latest release will set an example for other social sites and application makers.
In the meanwhile, if you are an iOS user that is concerned with the privacy of your own user data, be sure to download AdiOS, Mark Kriegsman’s free tool that scans and reports on which of the user’s apps have the ability to export user data.
Financial Data Breaches: “The Top 9 Most Costly Financial Services Data Breaches” by Greg MacSweeney (@gmacsweeney). In the wake of the Global Payments data breach, Wall Street & Technology compiled a list of the top nine most expensive data breaches on financial organizations. The list provides details on each breach, including what type of attack was used, the total cost of the breach, and the overall impact on the organizations involved. It’s an interesting read, particularly because there is a good chance that you will find your own bank on the list as well as some fairly prominent trends from breach to breach.
GameOver Malware: “Rogue US Airways-themed emails distribute ZeuS-based malware” by Lucian Constantin (@lconstantin). A large-scale spam campaign has been spreading the “GameOver” Trojan via emails disguised as US Airways flight confirmations. The emails appear official but contain links to sites that initiate BlackHole attacks that infect users with the ZeuS-based malware. The attack uses a wide variety of components, meaning that the messages, links, BlackHole pages, and more were constantly changed throughout the campaign. The article ends with some savvy advice: it is important to inspect links before opening and to keep all of your installed software up to date.
And we could not resist adding this one in – considering we just rounded the corner on April Fools Day.
April Fools: “Titanic APT” by F-Secure (@fsecure). F-Secure put out one of the better posts that we came across in celebration of April Fools’ Day. It’s a quick read with a funny ending, so without saying much more, check it out.