Skip to main content

Friday Five: 3/23 Edition

by Chris Brook on Friday March 23, 2018

Contact Us
Free Demo

Atlanta hit by ransomware, Netflix's bug bounty program, and more - catch up on the week's infosec news with this roundup!

1. Atlanta City Government Systems Down Due to Ransomware Attack by Sean Gallagher

Just because it seems as if there have been fewer ransomware attacks and exploit kits doesn't mean they're not happening. While yes, there has been an influx of cryptojacking scams lately, spreading ransomware is still one of the fastest ways to make a buck for attackers. The latest victim? The city of Atlanta apparently. Atlanta NBC affiliate WXIA was one of the first to report the that one city employee was hit with a request to pay $6,800 to unlock each computer or $51,000 to unlock every machine on the system this week. At a press conference Thursday afternoon the city's mayor, Keisha Bottoms, said Microsoft, Cisco, FBI and DHS officials are all involved in investigating the cause. Atlanta city employees who spot anything suspicious are being encouraged to unplug their machines.

2. Survey: Americans Spent $1.4B on Credit Freeze Fees in Wake of Equifax Breach by Brian Krebs

A sobering statistic from Krebs this week, via research commissioned from a loan provider and a research firm: Americans spent $1.4 billion on credit freezes in wake of last year's Equifax breach. Credit freeze costs run the gamut, from $3 to $10 per credit bureau, and differ state to state. Roughly 1 in 5 Americans froze their credit last fall however though. As we wrote here just two weeks ago paying for credit freezes may not be a thing much longer. A provision included in last week's bank deregulation bill passed by the U.S. Senate would let consumers freeze and unfreeze their credit reports without paying a fee.

3. AMD Confirms Processor Flaws Found by CTS Labs, Firmware Fixes are Coming by Zeljka Zorz

After more than a week of speculation AMD finally confirmed this week that vulnerabilities uncovered by researchers at CTS Labs did indeed affect its products. The company said Wednesday it would begin pushing updates in a few weeks and that no performance impact is expected for all vulnerability groups, MASTERKEY, RYZENFALL and FALLOUT, and CHIMERA. It's unfortunate it took so long for AMD to weigh in but at the same time the company had little choice, it was ambushed; it only received communication from CTS about the vulnerabilities less than 24 hours before they went public.

4. Hospitals Are Throwing Sensitive Patient Information Out With the Recycling by Kristen V. Brown

Gizmodo reported on research from a journal, JAMA, this week, which found that thousands of documents containing sensitive information were being recycled multiple times a week. The audit looked at five hospitals in Toronto between November 2014 and May 2016. Turns out information like names, birth dates, policy numbers, diagnosis codes, and billing information were being spilled out to anyone who felt like rifling around the recycling bins. 2,687 documents including critical information like clinical notes and medical reports were found in the recycling, Gizmodo said.

5. Launching the Netflix Public Bug Bounty Program by Sunil Agrawal, Scott Behrens, Dave King, Astha Singhal, Patrick Thomas, Andy Hoernecke, Madan Sriraman

It’s not that Netflix has lagged behind other companies when it comes to setting up bug bounty programs, it’s just that theirs has lingered in the background, kept private since 2013. That changed this week when the streaming service unveiled a public program that could net white hats between $100 and $3000, and up to $15,000. While all the articles that recap the program are well and good the writeup on Netflix’s technology blog by seven developers involved with the program has the best insight to how it was developed. “Netflix works with security researchers that participate in our program to understand and attempt to acknowledge reports quickly, within seven days of submission. Our current report acknowledgement average is 2.7 days,” it reads.

Tags:  Security News Healthcare Vulnerabilities

Recommended Resources

The Definitive Guide to DLP

  • The seven trends that have made DLP hot again
  • How to determine the right approach for your organization
  • Making the business case to executives

The Definitive Guide to Data Classification

  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business