Breaching News: Week of 10/12/2018

By Jen Trang Nguyen, MDS

Welcome to our series of blog posts dedicated to Cybersecurity Awareness Month! This month, we will update you with the latest security news, share some tips and tricks as well as a special announcement about our very own Cybersecurity Techxpo on October 23, 2018 here in NYC. Stay tuned!

What a week for security news. Constant breaching, countless user information exposed, and many IT security professionals losing sleep at night.

This week, we are bringing you the round-ups.

From Google, Microsoft, Adobe to governments, it seems like nobody’s data is safe these days

1. Google shuts down Google+ after a user data breach of up to 500,000 profiles.

WSJ reported Google quietly patched up an API bug that exposed the personal data of its users to outside developers in March 2018. It didn’t alert the public, and thus is in hot water with Congress. Say goodbye to your “less than 5 seconds” Google+ sessions (per the company’s report). Google opens up a G Suite security threat alert for businesses in response to the backlash. Funny, you know, because Google just criticized Apple for Safari bugs.

2. Apple patches critical vulnerabilities in iOS 12.

Speaking of Apple, the iOS giant just released a new update to patch two vulnerabilities, one in QuickLook and the other in VoiceOver. These vulnerabilities would allow you to bypass the iOS lock screen and see contacts, photos, emails, and telephone numbers. If you have an iPhone, it’s time to update your iOS from 12 to 12.0.1.

3. Microsoft released updates to fix 12 critical vulnerabilities

It seems like Microsoft can’t catch a break with these updates. After users reported multiple files missing with the new update, Microsoft pulled it off, issued an announcement for its users not to update just yet, and rolled out another one on Tuesday to fix this missing file issue (along with other critical vulnerabilities). Kaspersky also reported a new security exploit in Microsoft Windows OS. Windows 10 is facing a big quality test, much like the US government this upcoming midterm election.

 
4. The government is facing multiple hacking attacks

Speaking of vulnerabilities… After DefCon showed how easy it is to hack the votes, it seems like the government has much more to worry about:

– Security firm uncovers new cyber group targeting government, military sectors in espionage campaign.

- The military’s cyber defenses are in appallingly bad shape.

- Lesser-skilled cybercriminals adopt nation-state hacking methods.

- These are the hackers targeting the midterm election.

5. Adobe security fixes ignored Flash Player

Kind of ironic, since some harmful software is waiting to update your Flash player for you and install crypto malware with it. As Adobe is retiring Flash in 2020, it placed less importance on the once-popular internet plugin. However, this exposed Flash to high vulnerability.

6. BONUS: Your fitness data with FitMetrix is exposed, too.

The reason? Servers with no password. Millions of customer data are affected by the breach.

 

That concludes our Breaching News for this week. What a week to be in IT security!

Don’t wait until sensitive data is already in the sticky hands of hackers to react to a breach. Stay proactive with MDS and work with us to build out a custom, company-wide security protocol that is effective and easy to maintain.

 

Pulling the plug doesn't have to be your only security solution.

Don’t become part of a rising statistic — ensure your company is armed against a security hack.
Share This