Image
Our security roundup series covers the week’s trending topics in the world of InfoSec. In this quick read summary, we’ll let you know of the latest reports and controversies that the industry has been talking about recently. Here’s what you don’t want to miss from the week of August 17th, 2015:
- The Ashley Madison hack went from bad to worse after the data that was stolen from the site’s 37 million subscribers was leaked online. Numerous reports surfaced claiming that hundreds of accounts allegedly belonged to federal workers, including White House and Congress employees. But that’s not all. The hackers behind the attack have reportedly released another massive data dump targeting Ashley Madison’s parent company, Avid Life Media, exposing emails linked to its CEO.
- Microsoft issued an emergency patch outside of its normal Patch Tuesday schedule, warning users of a critical zero-day vulnerability (CVE-2015-2502) that could potentially allow an attacker to hijack control of a victim’s computer via Internet Explorer. According to the advisory, vulnerable computers can be exploited just by visiting maliciously crafted webpages using the browser, without any further user interaction required.
- The Internal Revenue Service (IRS) announced that the hack that stole the personal information of about 114,000 taxpayers back in May was actually much larger than previously stated. After “deeper analysis,” the agency now says the breach affected more than 300,000 people. The IRS believes that by stealing previous tax returns, cyber criminals are looking to cash in on “refunds” for next year’s filing season.
- Popular music streaming service Spotify is being questioned after it made some major changes to its privacy policy, granting the company much deeper access to a user’s device. Forbes reported the new policy now asks permission to access information stored on the mobile device, such as contacts, photos or media files; location and sensor information; as well as share information with its advertising partners. Spotify’s CEO published a blog post, titled “SORRY.,” in an effort to “try and clear things up.”
- Uber is stepping up its security game. The ride-sharing startup announced plans of transforming its security team from a staff of 25 to 100 by the end of the year. The move comes just months after it appointed Joe Sullivan, former assistant US attorney specializing in high tech crimes and Facebook CSO, as Uber’s new chief security officer.
- Target and Visa reached an agreement this week to settle claims over the infamous 2013 data breach that exposed 40 million credit and debit cards. The retail giant is set to reimburse thousands of Visa issuers up to $67 million for costs associated with the compromise.
- Web hosting company Web.com reported that it discovered unauthorized access to one of its computer systems earlier this month. As a result, payment card data and personal information belonging to 93,000 customers may have been compromised. The Florida-based company said it’s working with an IT security firm to conduct a thorough investigation, and plans to make additional investments in its internal security processes and systems.
- A recent hack at the University of Virginia believed to have originated from China reportedly targeted two specific employees with links to the Defense Department and other intelligence agencies. University spokesman Anthony P. de Bruyn stated the hackers only accessed the employees’ email accounts. The incident led the university to shut down its system for two days, although no other personal or financial information was accessed.
