Security Briefing – 4-10-18
Over 95% of the email domains managed by the Executive Office of the President (EOP) haven’t implemented the Domain Message Authentication Reporting & Conformance (DMARC) protocol, the Global Cyber Alliance (GCA) has discovered. After analyzing 26 such domains, GCA discovered that 18 haven’t even started the deployment of DMARC, while 7 of them have implemented the protocol at the lowest level (“none”), which only monitors emails.
After Delta Air Lines and Sears Holdings, Best Buy has also come forward to warn customers that their payment card information may have been compromised as a result of a breach suffered by online services provider.
Panera had a plaintext database for their online ordering systemin which user ID’s were incremented by single digits (1, 2, 3), so if you knew where to look for that ID in the URL, you could find some info about other users. Neat! Brian Krebs is currently fighting with Panera about this and Panera is ‘currently investigating.’
Last week, LGBTQ social networking app Grindr has found itself with the uncomfortable job of explaining why it has quietly been sharing the HIV status of its users with third parties.
Intel decided not to fix the microcode that allowed Spectreto be a thing for a large swath of legacy processors, most from 2007-2010 and a few Atom chips from 2015. Anything listed in red on this pageis not getting the microcode update.
The Department of Homeland Security publicly acknowledged the use of StingRays(fake cell ‘towers’ used to scrape information like location, call and text data) in the Washington, D.C. metro area for the first time. No word on what, if anything, they plan to do about it.
An attacker last week found a flaw in the Verge (XVG) cryptocurrency that allowed them to execute a widely-hypothesized blockchain takeover called a 51% attack- leveraging the majority of the mining power of the chain by spoofing time stamps and netting $80/second for nearly 3 hours.
After doubling in 2016, the frequency of ransomware attacks doubled again in 2017, according to findings in the latest Verizon Data Breach Investigations Report (DBIR).
Ransomware, spyware, and cryptomining were the biggest enterprise threatsduring an otherwise quiet quarter for malware, researchers report.