Friday Five: 9/30 Edition
It’s Friday! Catch up on the top infosec headlines with our weekly news roundup.
Forbes features Digital Guardian CEO, Ken Levine, in this article on how he transformed and rebranded Verdasys into Digital Guardian. With experience in cyber security under his belt through NitroSecurity and then McAfee, Ken was intrigued with Verdasys’s technology. Taking a neglible salary ($1 at the time of his start) and having invested around $10 million to date, Ken believes that winning is only when all the other investors and employees have won as well. Now Digital Guardian, the company’s revenues have grown at 30% annually. For more on Ken’s story, read the full article on Forbes.
Answers.com, a knowledge-based website, has been infected with malvertisements. Visitors exposed to these malvertisements could be infected with ransomware without even clicking on an ad. This leaves 2 million visitors daily vulnerable. The attack uses the RIG exploit kit to drop CrypMIC ransomware by using wscript.exe to bypass certain proxies. Read the full article for more info.
Following Yahoo’s recent announcement of a huge 2014 data breach, angry customers have filed lawsuits. The suit states that if Yahoo had been more vigilant about user privacy, millions of personal data wouldn’t have been leaked. Additionally, they point out that Yahoo took too long to come forward about the breach. Users are becoming more demanding of corporate responsibility to protect data. Two other recent examples of lawsuits filed against companies that’ve suffered data breaches include Morrisons and Seagate. Though any customer considering taking legal action needs to prove that they’ve incurred direct financial loss, customer troubles on top of compliance woes and breach fines should be enough of a headache for companies to reinforce the need to be more proactive in cyber security. Head over to SC Mag for more.
The same day U.S. Homeland Security disclosed that 18 states have asked for cyber security help with their electronic voting systems, the FBI requested to examine cell phones of Democratic Party staffers through “imaging” to search for evidence of hacking. Once again, the finger is pointed at Russia. If hackers were successful, they could’ve stolen a large variety of data from text messages, emails, photos, and contacts. Check out Reuters for more info.
KrebsOnSecurity was not the only site affected by recent DDoS attacks. French web hosting provider OVH was also among those that fell victim. Hackers used hijacked IoT devices such as security cameras and video recorders. This is just the tip of the iceberg. As homes and business buildings become “smarter”, attackers are given a larger selection of electronics to hack. Because many of these are items get plugged in and forgotten, many people neglect to update software, putting that device at risk. For more on this IoT army story, head over to the Wall Street Journal.