Friday Five: 2/26 Edition
Close out your Friday with our recap of the week’s top cybersecurity news.
1. Linux Mint hit by malware infection on its website, forum after hack attack by Kelly Fiveash
This week started off with the news that the widely popular Linux Mint distro had been compromised. Hackers accessed the Mint website and replaced the 17.3 Cinnamon edition of the software with an infected version containing a backdoor. In addition to the website compromise, the attackers accessed the web database used by the website’s forums, stealing user credentials in the process. Linux Mint has removed the malicious version of the software from its site and advised forum users to change their passwords. Read the article for more on the Linux Mint compromise.
2. OPM’s cybersecurity chief resigns in wake of massive data breach by Erin Kelly
One of last year’s biggest data breach stories made news again this week when it was announced that the Office of Personnel Management’s chief information officer, Donna Seymour, has resigned. Seymour is the second executive to leave OPM as a result of their 2015 data breach that exposed the personal information of millions of federal government employees, as director Katherine Archuleta resigned shortly after the incident was made public. Read the article for more on this development as well as the ongoing investigation.
3. uKnowKids.com responds to data breach, says proprietary IP also exposed by Steve Ragan
The latest data leak via a misconfigured web database – once again discovered by researcher Chris Vickery via the Shodan search engine – was discovered this week. uKnowKids.com, provider of child monitoring software for parents, leaked information on 1,700 children via a publicly accessible web database. The information was exposed for at least 48 days before being discovered by Vickery and subsequently taken offline by uKnowKids.com. Leaked data includes personal messages, social media profiles, and images. Read the article for more on this recent data breach.
4. The rise of LinkedIn fraud by Ondrej Krehel
LinkedIn fraud is fast increasing, according to LIFARS principal Ondrej Krehel’s contribution to CSO Online this week. Krehel has noticed a pattern of attempted fraud on LinkedIn in which attackers are using fake profiles to connect with unsuspecting users to target in phishing attacks. By harvesting information such as business email addresses, job titles, and coworkers’ names, attackers can build profiles on their targets and use that data to make further phishing attempts more convincing – often posing as an executive or superior to drive urgency. Attackers can also use fake profiles to pose as business partners or recruiters to dupe victims into sharing sensitive business or employment information. Read the article for more on this new attack trend.
5. Tax Fraud in 2016 will be HUGE! by Paul Roberts
2015 was a record year for tax fraud, with the IRS fielding 2,748 reported incidents. However, newly released information from the IRS indicates that 2016 could be an even bigger year for tax-related cybercrime. With 7 weeks to go until the April 15th filing deadline, the IRS has already seen 1,389 reported incidents of fraud – a number that exceeds the total number of incidents in 2014 and puts 2016 on pace to be another record-setting year. Read the article by Paul Roberts for more on the latest wave of tax fraud attacks.
The Definitive Guide to DLP
- The seven trends that have made DLP hot again
- How to determine the right approach for your organization
- Making the business case to executives
The Definitive Guide to Data Classification
- Why Data Classification is Foundational
- How to Classify Your Data
- Selling Data Classification to the Business