Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.
Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!
After making several threats to publish breached information, hackers took to social media to boast about a data dump that exposed details of 20,000 Federal Bureau of Investigation employees last Monday. This was a quick follow-up to the posted information bragged about a day before by the same group who posted the information of almost 10,000 Department of Homeland Security employees.
The agency said identity thieves last month used personal data of taxpayers that was stolen elsewhere in an attempt to generate e-file personal identification numbers to file fraudulent returns and claim tax refunds.
Malicious apps were recently seen making the rounds in some third-party app stores. They spoof popular apps, increasing the chances of getting selected and downloaded. These include popular mobile games, mobile security apps, camera apps, music streaming apps, and so on.
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Through two executive orders signed Tuesday, President Obama put in place a structure to fortify the government’s defenses against cyber attacks and protect the personal information the government keeps about its citizens.
In his annual assessment of threats to the United States, Director of National Intelligence James Clapper warned that fast-moving cyber and technological advances “could lead to widespread vulnerabilities in civilian infrastructures and U.S. government systems.”
In response to some parents who expressed anger over the unavailability of the toys’ service, VTech updated its terms and conditions. The update now includes a line that reads “You acknowledge and agree that any information you send or receive during your use of the site may not be secure and may be intercepted or later acquired by unauthorized parties.”
Security engineer Reginaldo Silva—himself a former awardee of the social network’s bug bounty program—released the program’s 2015 statistics in a note. Silva wrote that since the creation of Facebook’s bug bounty program in 2011, more than 2,400 valid submissions have been received, with over $4.3 million awarded to more than 800 researchers globally.
Cyber Security in the Connected Vehicle attributed that threat to complexity, connectivity, and content. There’s a “massive future security problem just around the corner,” and it can’t be fixed by trying to bolt on security during the implementation phase.
Scott Schober’s small business got hacked, and hacked again. The harrowing experience led him to write a book – “Hacked Again,” which could just as easily have been called the Cybersecurity Bible for small business owners.
Google’s head of security and privacy, Gerhard Eschelbeck, wrote in a Medium post today that he hopes the discussion will “shine a light on the issues we face today and how we can work together to build an even more secure web in the future.”
Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.