Gamers and music lovers alike may want to reset their passwords after reading the latest headlines. Last week, gaming client Steam announced they had found, and fixed, a severe security flaw that left local systems vulnerable for the past 10 years. The vulnerability would have allowed cybercriminals to infect any of its 15 million users with malware. A few days earlier, ticket distribution website Ticketfly fell victim to a cyberattack. The cybercriminal responsible defaced the website and claims to have a file of user and customer information taken from its database.
Category: SiteLock Podcast (Page 1 of 3)
Making headlines last week, the spam campaign Brain Food has been feeding email recipients a steady diet of junk messages, infecting over 5,000 compromised websites over the last four months. Additionally, the U.S. Federal Bureau of Investigation (FBI) took control of a large cyber-attack aimed at Ukraine in late May 2018. The massive malware campaign infected up to 500,000 routers, many located in small businesses and home offices around the world.
Cybersecurity issues can occur anywhere, even in cardiac devices and pacemakers. The U.S. Food and Drug Administration (FDA) announced an upgrade to the firmware installed on certain vulnerable cardiac devices. The update protects these devices from unauthorized access that could be harmful to patients. Also making headlines last week, Georgia’s governor vetoed a bill that would have criminalized unauthorized computer access. The bill received blowback from the state’s booming cybersecurity industry for claiming vulnerabilities in important computer systems would not be uncovered and disclosed responsibly. As a result, cybercriminals would be able to exploit them with ease.
Decoding Security is celebrating National Small Business week by sharing simple recommendations that small businesses can use to protect themselves from today’s ever evolving cyberthreats. But first, we take a look at what’s trending in the news. Two additional security updates were released by the Drupal security team last month as part of continuing maintenance efforts after the discovery of the initial Drupalgeddon2 vulnerability in March. Drupal is urging its users to implement these updates immediately to avoid possible compromise. Meanwhile, the RSA Security Conference took place in San Francisco last month, drawing thousands of attendees from across the globe. However, the third-party mobile app built for the mega IT security conference was found to have a vulnerability, which could have potentially leaked the first and last names of attendees.
Continuing to deal with the fallout from the Cambridge Analytica data scandal, last week, Facebook founder and CEO Mark Zuckerberg, testified before U.S. Congress admitting he never audited Cambridge Analytica to ensure the Facebook user data collected had been deleted. Also in the news this week, Panera Bread experienced a data breach that exposed millions of customers’ personal data for as long as eight months. Despite being warned by multiple security researchers, Panera did not disclose or address the leak until last week.
Facebook has recently dominated cybersecurity headlines following the revelation that a third party analytics firm collected data on over 50 million unknowing users. Many Facebook app users were shocked to learn the social network recorded their personal calls and text messages, not realizing they had inadvertently given the company permission to do so.
The Equifax breach dominated headlines in September 2017, and is once again making news. Last week former Equifax CIO, Jun Ying, was found guilty of selling all of his company stock, knowing it would soon be worthless, before the 2017 security breach was made public. In other cybersecurity news, your Decoding Security hosts also discuss the recently disclosed RyzenFall vulnerability, which could allow cybercriminals to copy data from secure areas of millions of computers.
Gearing up for another annual spring cleaning? Add a digital deep clean to your to-do list! Our hosts, Jessica Ortega and Ramuel Gall, share easy and valuable tips for conducting a digital spring clean of your website and everyday devices. With their help, you’ll be able to spring into the rest of the year with updated and more secure devices!
The 2018 Winter Olympics got off to a shaky start this year thanks to a cyberattack. The attack took down the official Olympics website, preventing access to tickets, thus preventing many ticket holders from attending the opening ceremonies. This kind of cyberattack could happen to any size organization at any time. In fact, it could happen to any person at any time. Cybercriminals often hack into individuals’ personal computers, allowing them access to private online assets, like family photos. No matter who you are, it’s important to put together an incident response plan (IRP) to protect your information should a crisis occur. In this week’s episode, our hosts share a few simple steps that anyone can take to create a response plan.
A few cybercriminals recently hit the jackpot – literally. “Jackpotting,” a hack that forces ATMs to dispense large amounts of cash on demand, hit the cybercrime scene in a big way, with six reported cases in the United States during the last week of January alone. In other cybersecurity news, exercise tracking app Strava and its public heatmap of user activity raised serious privacy concerns this week. A sharp-eyed student noticed that small, secluded areas of high Strava activity in countries like Syria, Afghanistan, and Somalia could potentially indicate the locations of several US military bases.