Friday Five: 9/4 Edition
Your weekly roundup of information security news.
Happy Friday! Close out the work week with our picks for the hottest articles from the IT and security presses:
"Barclays Hacks Its Own Systems to Find Holes Before Criminals Do" by Keila C. Guimarães and Stephen Morris
According to a study by the Bank of England, cybersecurity is a major concern for a third of banks in the United Kingdom. Barclays, the British multinational banking and financial services company, is one of them. Troels Oerting, the chief information security officer at the company, has recently established a team of eight internal penetration testers to hack the company’s own computer systems. The goal of this is to discover any security holes before attackers do and fill them. To learn more about this strategy, read this article.
"UCLA Health laptop stolen, contained data on about 1,200 patients by Adam Greenberg
UCLA Health’s data has been stolen again – quite literally this time. On September 1st, UCLA Health notified patients of a data theft incident in which a laptop that contained information on 1200 patients was stolen. Learn more about this physical data theft incident by reading this article.
"Popular Belkin Wi-Fi routers plagued by unpatched security flaws" by Lucian Constantin
If you are using a Belkin router for your Wi-Fi network, beware of several vulnerabilities that have recently surfaced. One of them being the ability to spoof Domain Name System responses – a vulnerability that would enable attackers to route users to malicious websites, reconfigure devices, or even take full control over routers. To learn more about the vulnerabilities, read this article.
"Ashley Madison-themed blackmail, data deletion scams hitting inboxes" by Zeljka Zorz
Hackers have had their turn with Ashley Madison; now scammers and blackmailers are trying their best to take advantage of victims of the data breach. As Zeljka Zorz notes, reports have surfaced of Ashley Madison users receiving targeting phishing emails about the data breach, blackmail threatening to release their account information to family and friends, and scammers masquerading as lawyers filing class action suits or offering to delete account information for a fee. To learn more about this update of the Ashley Madison affair, read this article.
"Netflix Sleepy Puppy Awakens XSS Vulnerabilities in Secondary Applications" by Mike Mimoso
Netflix has recently announced “Sleepy Puppy,” an XSS payload management framework. “Sleepy Puppy” is meant to make the lives of security engineers easier by simplifying the process of managing and tracking XSS propagation over extended periods of time. XSS has been a top web application vulnerability since 2004, according to OWASP Top 10. To learn more about Sleepy Puppy, read this article.