Skip to main content

Friday Five: 10/21 Edition

by Ellen Zhang on Tuesday September 15, 2020

Contact Us
Free Demo

It's Friday! Catch up on the top infosec headlines with our weekly news roundup.

1. What Cybersecurity Experts Can Learn From The Gaming Industry by Ben Dickson

With data breaches galore from Yahoo to LinkedIn, cybersecurity is becoming increasingly more urgent. But there’s a huge gap between the security talent available and the need for security experts. Part of filling this gap is user education. That’s where cybersecurity can learn a lesson or two from the gaming industry. Gamification has yielded effective and positive results in the cybersecurity world. Take for example, Digital Guardian’s DG Data Defender. It’s a free gaming system that is incorporated into the workflow of organizations and uses positive reinforcement to reward employees for good security practices. For more, read the full article on HuffPost.

2. This Is Probably Why Half the Internet Shut Down Today by William Turton

Friday morning started out rough. Hackers unleashed a large DDoS attack on the services of Dyn, a major Domain Name Servers (DNS) host. The attack brought down popular sites like Twitter, Spotify, and Reddit that use Dyn and mainly affected the East Coast of the United States. With the release of the source code for the Mirai botnet, which brought down KrebsOnSecurity, it’s safe to say we’ll be seeing more and more DDoS attacks. Recent updates around noon show that another DDoS attack has hit the Dyn DNS infrastructure. For a list of the some of the sites affect, head over to Gizmodo.

3. Weebly hacked, 43 million credentials stolen by Kate Conger and Katie Roof

The latest in the string of megabreaches: it has been discovered that web design platform Weebly was hacked in February and over 43 million usernames and password combos were stolen. IP addresses were also stolen. Because the passwords were hashed with a strong algorithm, Weebly does not believe any websites were compromised. However, the company will send out a password reset; though, any Weebly users should just reset their passwords in good practice. For more info, read the full article.

4. “Most serious” Linux privilege-escalation bug ever is under active exploit (updated) by Dan Goodin

CVE-2016-5195, otherwise known as Dirty COW, is a Linux privilege-escalation vulnerability that has been around for nine years and is currently under active exploit. Users are encouraged to install a patch ASAP as the underlying bug was finally patched this week. The flaw is located in a part of the Linux kernel that’s been in nearly every distribution of this open-source OS for the past decade. Privilege-escalation vulnerabilities allow attackers who have limited access of a computer to potentially gain root access. Linux developer Phil Oester found that in this testing, any user can become root in less than 5 seconds. For more info, see the full article on Ars Technica.

5. Ex-NSA Contractor Stole 50 TB of Classified Data; Includes Top-Secret Hacking Tools by Swati Khandelwal

Not too long ago, we found out that ex-NSA contractor, Harold T. Martin III, was arrested in August for allegedly stealing classified government documents. Just this week, a court document was filed stating that the FBI had seized over 50 terabytes of data that he had taken from government computers over the last two decades. In those 50 terabytes of data, there were over 500 million pages of government records containing top-secret national defense information and personal information of government employees. Also among the documents seized was a letter Martin had sent to his colleagues in 2007, in which he was highly critical of the information security practices of the government. The government now plans to charge Martin with violations of the Espionage Act. An insider threat, he could also be linked to the Shadow Brokers’ breach of top secret NSA hacking tools. For more info, read the full article.

Tags:  Security News

Recommended Resources

The Definitive Guide to DLP

  • The seven trends that have made DLP hot again
  • How to determine the right approach for your organization
  • Making the business case to executives

The Definitive Guide to Data Classification

  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business