Breaching News: Week of 10/12/2018
Welcome to our series of blog posts dedicated to Cybersecurity Awareness Month! This month, we will update you with the latest security news, share some tips and tricks as well as a special announcement about our very own Cybersecurity Techxpo on October 23, 2018 here in NYC. Stay tuned!
What a week for security news. Constant breaching, countless user information exposed, and many IT security professionals losing sleep at night.
This week, we are bringing you the round-ups.
From Google, Microsoft, Adobe to governments, it seems like nobody’s data is safe these days
1. Google shuts down Google+ after a user data breach of up to 500,000 profiles.
WSJ reported Google quietly patched up an API bug that exposed the personal data of its users to outside developers in March 2018. It didn’t alert the public, and thus is in hot water with Congress. Say goodbye to your “less than 5 seconds” Google+ sessions (per the company’s report). Google opens up a G Suite security threat alert for businesses in response to the backlash. Funny, you know, because Google just criticized Apple for Safari bugs.
2. Apple patches critical vulnerabilities in iOS 12.
Speaking of Apple, the iOS giant just released a new update to patch two vulnerabilities, one in QuickLook and the other in VoiceOver. These vulnerabilities would allow you to bypass the iOS lock screen and see contacts, photos, emails, and telephone numbers. If you have an iPhone, it’s time to update your iOS from 12 to 12.0.1.
3. Microsoft released updates to fix 12 critical vulnerabilities
It seems like Microsoft can’t catch a break with these updates. After users reported multiple files missing with the new update, Microsoft pulled it off, issued an announcement for its users not to update just yet, and rolled out another one on Tuesday to fix this missing file issue (along with other critical vulnerabilities). Kaspersky also reported a new security exploit in Microsoft Windows OS. Windows 10 is facing a big quality test, much like the US government this upcoming midterm election.
4. The government is facing multiple hacking attacks
Speaking of vulnerabilities… After DefCon showed how easy it is to hack the votes, it seems like the government has much more to worry about:
5. Adobe security fixes ignored Flash Player
Kind of ironic, since some harmful software is waiting to update your Flash player for you and install crypto malware with it. As Adobe is retiring Flash in 2020, it placed less importance on the once-popular internet plugin. However, this exposed Flash to high vulnerability.
6. BONUS: Your fitness data with FitMetrix is exposed, too.
The reason? Servers with no password. Millions of customer data are affected by the breach.
Don’t wait until sensitive data is already in the sticky hands of hackers to react to a breach. Stay proactive with MDS and work with us to build out a custom, company-wide security protocol that is effective and easy to maintain.