A selection of this week’s more interesting vulnerability disclosures and cyber security news.
If you want to just skip to the huge number of data breaches both recent and historical then scroll down, though if, as a normal personal internet user you feel confident in your security then hang on one moment. This week I want to draw attention to our daily use of consumer tech and the ease in which just one mistake can suddenly expose us to all sorts of nastiness. This was brought to light from a friend this week who had her PayPal charged with numerous £400 charges from Google Play for games she certainly didn’t buy and our subsequent discussion about the number of spam emails we see daily. Thankfully both of those parties sorted things out for her, but it did make me recall the near death experience last year when Stagefright came out. As soon as I saw the reports I disabled various bits on my phone, and that was lucky that I did, a few hours later I received an odd text from a friend with a link which looked like such an attack. I told him to ditch the phone as he was probably now compromised.
This week we have a few articles that highlight some of the simple attacks that could, in a moments lapse of concentration, open us up to loss. What perhaps we also forget is that our devices, especially mobile phones now pack a huge amount of technology and computing power, and once breached could be doing more than just going through your phone contact list. The lesson as always is pause to think before anything unexpected occurs.
And here we have the hacks and other chaos of the week:
- Russian internet giant Rambler.ru hacked, leaking 98 million accounts Zack Whittaker reports on yet another 2012 hack where the data are first being leaked publicly
- Bitcoin Exchange BTC-E and BitcoinTalk Forum Breaches Two Bitcoin related websites were hacked, namely Btc-E.com (a Bitcoin exchange acting similar to a foreign currency exchange) and Bitcointalk.org (the largest Bitcoin discussion forum in the world
- SWIFT Reveals New Hacking Attempts On Member Banks Banks being pushed to meet November 19 deadline for updated security features, including stronger password rules.