Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.
Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!
The recent news that the malicious code XcodeGhost made it into nearly 40 iOS apps and thus out to hundreds of millions of iPhone and iPad users is a watershed moment that calls into question the viability of “trust us, we’ve got it covered” as the sole means of protecting iOS users.
One year after Shellshock, the panic has subsided, but the threat goes on living. Attacks related to Shellshock continue to plague our digital world. We have seen 50 attacks on our honeypots and customer systems in the past 15 days alone.
One of the scariest parts of the massive cybersecurity breaches at the Office of Personnel Management just got worse: The agency now says 5.6 million people’s fingerprints were stolen as part of the hacks. That’s more than five times the 1.1 million government officials estimated when the cyberattacks were initially disclosed over the summer.
Philippine President Benigno S. Aquino III has formed the National Cybersecurity Inter-Agency Committee that will assess the vulnerabilities of the country’s cybersecurity, and the Office of the Executive Secretary released Wednesday a copy of Executive Order No. 189 for the creation of the committee.
We’ve taken 10 years of information on data breaches in the U.S. from the California-based Privacy Rights Clearinghouse (PRC) (from 2005 through 2015) and subjected it to detailed analysis to better understand the real story behind data breaches and their trends. Our report has just been released.
The U.S. Department of Defense is developing a new cybersecurity framework designed to help stay one step ahead of oncoming cyber threats. According to the deputy commander of U.S. Cyber Command, the electronic system will detect vulnerabilities associated the military’s computer networks, weapons systems and installations.
When asked in a recent survey what role cyber-security policy and regulation play in the upcoming presidential election, 54% of InfoSec Professionals said it would be a key issue. However, 32% acknowledged that while most candidates will discuss cyber-security, these discussions will be mainly rhetoric.
Perpetrators behind ransomware have moved away from targeting consumers and tailored their attacks to extort small and medium-sized businesses (SMBs). These SMBs are less likely to use comprehensive backup solutions unlike in enterprises, increasing the probability of paying the ransom.
The federal government has the second-best cybersecurity defenses of any sector, following the financial industry, according to a new report. Analysis of 119 agencies by security research firm BitSight suggested that in general, federal organizations do a decent job at securing their networks against threats — even given the massive data breach at the OPM.
Where does your Presidential candidate stand on privacy? A new survey rates the candidates’ websites with nearly ¾ receiving a failing grade. This week, the Online Trust Alliance released a survey of all 23 Presidential Candidates. The findings are very interesting and disappointing. Only 6 of the 23 received a “passing” grade, while the remaining 17 received failing grades.
Please add your thoughts in the comments below or follow me on Twitter; @GavinDonovan.