Friday Five: 7/17 Edition (Updated 2020)
Your weekly roundup of information security news.
Happy Friday! Close out the work week with our picks for the hottest articles from the IT and security presses:
- "OPM Hack Part of Large-Scale Cyber Attack On Personal Data " by Bill Gertz
The personal data of millions of Americans has been compromised again, and it took the Department of Homeland Security a full year to notice. According to a new report from the DHS, the OPM hacks were part of an extensive cyber campaign consisting of nine attacks against government and private targets. Large amounts of Personally Identifiable Information were stolen in the attacks, which investigators believe may have originated in China. For more, read this article.
- "Mozilla Disables Flash in Firefox" by Dennis Fisher
News flash, Mozilla has disabled Flash in Firefox in order to protect its users. In last week’s Friday Five, we talked about how versions of the Kovter malware have been found updating Flash. Disabling Flash is a temporary decision by Mozilla as Adobe tries to patch two new Flash vulnerabilities exposed in the Hacking Team data breach. According to Adobe, those vulnerabilities should be patched this week. For further details, read this article.
- "Data Breach May Implicate Two Dozen US Zoos" by Threat Post
It seems that every business is being attacked these days – the bad guys have been busy. Most recently it has been reported that data breaches struck at two dozen zoos in the United States, stealing customer data via compromised gift shop POS devices. It is advised that customers who visited the zoos within the last couple of months check their bank statements. As far as visiting zoos goes, stick to the Smithsonian zoo for now and don’t buy anything from the gift shop (as tempting as that may be). For more on the data breach, read this article.
- "United Airlines pays hacker one million air miles in bug bounty reward" by John Zorabedian
Here’s an easy way to earn more air miles: discover security flaws and bugs in United Airline’s software. Jordan Wiens has just been rewarded one million United miles after discovering and reporting a remote code execution in a United web property. United announced the program back in May, making them the first to implement such a program in the airline industry. Wiens is the first to claim United’s million mile bounty, the highest attainable reward in their program. For more about the bounty program, read this article.
- "As Predicted, OPM Director Resigns in Wake of Epic Hack" by Kim Zetter
When millions of Americans’ data is hacked, it is safe to assume that heads will turn to security leadership at the victim organization. In the case of the OPM hack, director Katherine Archuleta has been scrutinized publicly for several security shortcomings that contributed to the attack’s success. After much speculation, last Friday it was officially announced that Archuleta has resigned. “…it is best for me to step aside and allow new leadership that will enable the agency to move beyond the current challenges and allow the employees at OPM to continue their important work.” Archuleta said. This doesn’t change the fact that there was a data breach, but at least now we can hope for better security leadership at the OPM going forward. For more about the OPM breach, read this article.