Security Briefing – 8-1-2017

HBO got its welcome to the unwelcome corner of Netflix’s and Sony’s world last week – the “you’ve been hacked” corner. 1.5TB of HBO data.. Specifically Game of Thrones.. Specifically the script. Oof.

Microsoft has released a bounty program – they are keen that hackers concentrate on its chosen “focus areas”. Bounty hunters focusing on the Hyper-V system in Windows 10, Windows Server 2012 (and 2012 R2) and Windows Server Insider Preview can chase rewards of up to $250,000.

Adobe Flash is going away in 2020 – but should they make it open source? A new debate arises. Maybe the community can fix the issues with the software?

Several North American airlines alerted customers and employees in the past days about various types of cybersecurity incidents, including system breaches, data leaks and credential stuffing attacks. These include Virgin Airlines, the Canada based WestJet and a Florida based Sprint Airlines.

The latest round of documents published by WikiLeaks as part of a leak dubbed by the organization “Vault 7” describes several tools allegedly used by the U.S. Central Intelligence Agency (CIA) to target Mac OS X and other POSIX systems.

New Anthem data breach by contractor affects more than 18,000 enrollees – specifically Medicare and specifically the social security numbers of those members. This is a result of one of the  insurer’s health care consulting firms discovered that one of its employees had been involved in identity theft.

A ransomware attack on Merck, a pharmaceutical giant, has disrupted global manufacturing, research, and sales and services have not been fully restored since JUNE 27th. The company was hit with a more sophisticated version of WannaCry.

There is a 2038 Unix problem that is similar to the Y2K problem. This has to do with the way time is encoded and that 32-bit encoding cannot encode times after 03:14:07 UTC on 1/19/38. We all know what happens when time is off.. this is probably not great.

Hackers at DEF CON last week made quick work of finding vulnerabilities in electronic pollbooks and voting machines, needing just 90 minutes to find exploitable flaws in every piece of voting equipment.