VIPRE Weekly Roundup: August 16, 2019

Another week has passed, and another massive amount of cybersecurity news has been made. Take a read-through of the VIPRE Weekly Roundup, where we breakdown the week’s most interesting news into easy-to-read bite-sized pieces.


A Call to Better Email Security (VIPRE)

In a recent research report by IBM and the Ponemon Institue, it was found that 29.6% of organizations will experience a data breach with the next year or two. Couple that with the Verizon DBIR’s statistic that 94% of detected malware enters through the email attack vector. You may be thinking, “Wow, email security is a necessity!” Sadly, the sad thing is that many organizations large and small have chosen to not lock down their email with proper email security measures. In this piece, VIPRE dives into the intricacies of email security and how organizations can improve. [READ FULL ARTICLE…]


SEC Investigating Data Leak at First American Financial Corp. (Krebs on Security)

The United States Securities and Exchange Commission (SEC) is investigating a security failure on the Web site of real estate title insurance giant First American Financial Corp. that exposed more than 885 million personal and financial records tied to mortgage deals going back to 2003. These documents are related to real estate closings over the past 16 years and include such sensitive information as bank account numbers, social security numbers, tax records, drivers, license images, and more. [READ FULL ARTICLE…]


Password Spraying Hacker Attacks: DHS Warning (MSSP Alert)

The Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) is advising users and IT administrators to be on the watch for password spraying attacks. Their bulleting is based on an advisory from Australia’s similar cybersecurity organization. Password spraying is a fling-mud-against-the-wall type of brute force attack in which malicious actors use a single password against targeted accounts before trying other passwords until one works. [READ FULL ARTICLE…]


Kaspersky Antivirus Software Exposed Millions to Web Tracking (Tom’s Guide)

According to a German journalist, Kaspersky antivirus software let websites track users for years. It appears that Kaspersky software injected JavaScript code onto every web page rendered on every browser. Even worse, the Kaspersky JavaScript contained an ID number that was replicated in every page rendered on a single machine. The ID number was changed on other PCs. This is a bad idea, other scripts running in the context of the website domain can access the entire HTML source any time, which means they can read the Kaspersky ID. In other words, any website can read the user’s Kaspersky ID and use it for tracking purposes. Kaspersky has issued a statement in response to the original article. [READ FULL ARTICLE…]


Meet Bluetana, the Scourge of Pump Skimmers (Krebs on Security)

Bluetana is a new mobile app that seeks out Bluetooth-based payment card skimmers hidden inside gas pumps. This new tool helps police and state employees more rapidly and accurately locate compromised fuel stations across the nation. Data collected in the course of the investigation also reveals some fascinating details that may help explain why these pump skimmers are so lucrative and ubiquitous. [READ FULL ARTICLE…]


More Than a Million People Have Their Biometric Data Exposed in Massive Security Breach (TripWire)

One of the biggest breaches this week involves a biometrics system that is used to secure more than 1.5 million locations around the world. This includes banks, police forces, and defense companies in the United States, UK, India, and more. The impacted firm, Suprema, runs their web-based biometric access platform BioStar 2, but left the fingerprints and facial recognition data of more than one million people exposed on a publicly accessible database. Privacy researchers also discovered a total of 27.8 million records that included usernames and passwords stored in plaintext format. [READ FULL ARTICLE…]


Credit Karma Glitch Exposed Users to Other People’s Accounts (TechCrunch)

Users of credit monitoring site Credit Karma have complained that they were served with other customer’s account information when they logged in recently. Many upon refreshing their own information pages were served with other’s personal info. A Reddit user said that it was like playing roulette. Credit Karma’s spokesperson denied that there was a data breach, but the company was quick to pull down the login page to remediate the issue. [READ FULL ARTICLE…]


Did you miss last week’s VIPRE Weekly Round? You can find it by clicking here!

The post VIPRE Weekly Roundup: August 16, 2019 appeared first on VIPRE.

Leave a Reply

Your email address will not be published. Required fields are marked *