Information Security News for 11/24/17
This week’s news has brought about some fascinating revelations.
Uber kept a data breach from going public. Krebs pondered if it was truly an unusual thing when compared to companies who pay for decryption keys after they’re hit with ransomware.
Speaking of Krebs, he’s hit on another salient point today, bringing FAFSA into the light for consideration. With a minimal amount of personal data, one can reveal an excessive amount of information about that someone.
Data you may never expect is being saved for later analysis. Using a technology to keep form entries is becoming a regular practice for some websites out there, including incomplete forms. Be wary of what you type into a website. These are akin to remote keyloggers.
Mozilla’s Firefox is adding a feature to bring awareness when visiting websites that have had recent breaches. Sure to wrangle the company or site being called to the carpet it will be interesting to see how they juggle that. Will it be like blacklisted spam email servers? Where’s the link to get me delisted?
Ever heard of Minix? It’s a small operating system that runs on many PCs outside of your expected run of the mill OS (operating system) like Windows. The potential risks are still being ferreted out, but Intel has this component called the Management Engine using it, which has control over the PC that’s entirely outside any OS layer controls. Stay tuned to this one in the near future. It may end up landing on numerous vendors laps to update their firmware to bring this beast back under control. Intel has released a number of updates to address variously identified vulnerabilities.
Knowb4 is warning people against a phishing attack using JAR files that disable local AV. Beware of simple mechanisms phishers use to bypass attachment blocking such as Zip files.
Another misconfigured Amazon S3 cloud service has exposed data unintentionally at an Australian Broadcast Company. (Yes, I also momentarily read ABC and had a double take…)
Apple may or may not end up in a legal battle with the FBI to unlock the Texas shooters phone. The Washington Post has obtained information showing that because of the circumstances this could be a poor way to pave the legal precedence needed for future cases.
If you would like to subscribe to get your weekly dose of Infosec news please do. We’d be happy to include you.