Tag Archives: orange county public relations

10Fold – Security Never Sleeps – 90

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Another data set from the 2012 LinkedIn hack, which contains over 100 million LinkedIn members’ emails and passwords, has now been released. Washington US District Judge Robert Bryan has thrown out Mozilla’s request for the security flaw’s details. Cybercriminals can call on an extensive network of specialists for “business” expertise, including people who train and recruit, launder money, and provide escrow services, according to HPE. RunKeeper announced Tuesday that it had found a bug in its Android code that resulted in the leaking of users’ location data to an unnamed third-party advertising service.

117 million LinkedIn emails and passwords from a 2012 hack just got posted online – Publication: TechCrunch- Reporter name: Sarah Perez

As you may or may not recall, given how much time has passed, hackers broke into LinkedIn’s network back in 2012, stole some 6.5 million encrypted passwords, and posted them onto a Russian hacker forum. Because the passwords were stored as unsalted SHA-1 hashes, hundreds of thousands were quickly cracked. Now, according to a new report from Motherboard, a hacker going by the name of “Peace” is trying to sell the emails and passwords of 117 million LinkedIn members on a dark web illegal marketplace for around $2,200, payable in bitcoin. In total, the data set includes 167 million accounts, but of those, only 117 million or so have both emails and encrypted passwords.

Mozilla fails to get the details on the FBI’s malware hack – Publication: Engadget – Reporter name: Mariella Moon

If you’ll recall, the FBI seized the server of a child porn website on the Tor network called Playpen in early 2015. They then used a flaw in the Tor browser, which is based on Mozilla Firefox, to install malware that pointed agents to users’ locations. They nabbed over a hundred people from that sting, including a defendant in one of Bryan’s cases. Mozilla asked for the vulnerability’s details when Bryan ordered prosecutors to disclose the flaw to that defendant’s lawyers.

Cybercriminals are launching their own HR departments – Publication: PC World- Reporter name: Grant Gross

Cybercriminals are increasingly taking a business-based approach toward their activities, with some organizations developing in-house training, disaster recovery, and other business functions, and others contracting for those services in the underground marketplace, said Shogo Cottrell, a security strategist with HPE Security. Cybercrime is maturing as a business model, he added. Some criminal hacking businesses offer 24-by-seven telephone support, others offer money-back guarantees on their products, Cottrell said.

RunKeeper acknowledges location data leak to ad service, pushes updates – Publication: Ars Technica – Reporter name: Cyrus Farivar

Like other Android apps, when the Runkeeper app is in the background, it can be awakened by the device when certain events occur (like when the device receives a Runkeeper push notification). When such events awakened the app, the bug inadvertently caused the app to send location data to the third-party service.

Attention Skeptics: Why B2B Marketers Should Worship the World of Mobile Marketing

By Sophorn Chhay

In the infinitely interesting words of industry experts, mobile marketing movement is inevitable, so says industry experts. We’re all moving onward together towards digital excellence, but as the march continues, there are those who are sprinting forward and others who are falling behind. Why? It all comes down to confidence in and understanding of the world of mobile marketing. Are you on board? Here’s why you should be:

Customers Demand It

The old adage “the customer is always right” is just about annoying as it is, well, correct, but it’s not so much about cowering at the feet of demanding clients as it is simply giving the people what they want. And what do the people want? In short, they want convenience. They want access to products and services that solve their problems, they want that access to be easy and intuitive, and they don’t want to have to break their stride – or their budgets – in order to get it. Check this out:

10 FOLD ICON 15x15 An impressive 90 percent of mobile users enrolled in SMS rewards programs said their participation was beneficial.

10 FOLD ICON 15x15 SMS coupons are redeemed 10 times more often than print coupons – probably because no one can remember where they put that little slip of paper they cut out from the Sunday inserts and almost everyone can remember exactly where they put their phone. Well, eventually, anyways.

10 FOLD ICON 15x15 Of all the text messages people receive, only 10 percent are considered (by the consumers themselves) to be spam.

Numbers don’t lie. There is real value in mobile marketing, and you don’t want to be the only company still protesting that you can’t see it.

SMS is Everything, More or Less


First, text revolutionized how we talk to our friends and loved ones. Now, it’s doing the same thing for how we communicate with businesses, both from a B2C and B2B point of view. Who wants to sit on hold for an hour just to get the answer to a simple question like “When is my order going to be delivered?” or “Are we still on for that meeting on Friday? And where is it again?” SMS is simple, efficient, immediate, and it doesn’t even have to be completely text based anymore. You can send coupons via text, links to your weekly blogs, automated information regarding scheduling updates or order confirmations – the possibilities are practically (if not literally) endless.

In fact, a text sent right after a phone conversation increases your chance for a conversion by 40%.

Text is revolutionizing customer service, too. Did you know that 52 percent of those surveyed preferred communicating with customer support via text than by email or phone? If that isn’t enough, consider that it’s a heck of a lot cheaper to set up a mobile marketing automation system than it is to staff an office full of customer service agents.

It’s the Very Best Way to Connect

Everywhere you go, there’s your cell phone. A (not-so) shocking 75 percent of people confess to bringing their phone in the bathroom with them – what other advertising method gets you so up close and personal with current and prospective customers alike? Don’t waste a golden opportunity; approach consumers from a variety of channels, be active on social media, develop killer content, and constantly encourage client feedback. It’s the only way, and it truly works.

We believe that you have something totally worthwhile to sell, and if you could sit down and have a face-to-face with every potential customer in the world, you’d probably have a decent conversion rate, but that’s simply not possible.

Don’t waste a golden opportunity; approach consumers from a variety of channels, be active on social media, develop killer content, and constantly encourage client feedback.

What you can do is reach an incredibly diverse and far-flung array of consumers wherever they happen to be, and the only way you can do that is by figuring out your winning mobile marketing strategy and joining the march forward.

What’s Next?

How do you ensure that your customer is getting the best mobile experience possible when interacting with your brand? Make sure to share them with us in the comments below. I would love to read them.

Author Biography

Sophorn Chhay

Sophorn is the marketing guy at  Trumpia, the most complete SMS software with mass text messaging, smart targeting and automation.

10 FOLD ICON 15x15 Follow Sophorn on Twitter(@Trumpia), LinkedIn, Facebook and Google+

10 FOLD ICON 15x15 Jumpstart your business by grabbing your free copy of his powerful Mobile Marketing Success Kit.

10 FOLD ICON 15x15 Watch Trumpia’s 5-Minute Demo on how to execute an effective mobile marketing strategy.

10Fold – Security Never Sleeps – 89

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: SWIFT, the global financial messaging network that banks use to move billions of dollars every day, warned on Thursday of a second malware attack similar to the one that led to February’s $81 million cyberheist at the Bangladesh central bank. Germany has blamed Russia for a huge cyber attack last year on its parliament and has said that Moscow could be planning further assaults on its institutions. Offices of German chancellor Angela Merkel among those targeted in recent attacks, Trend Micro says. Vormetric announced the results of the Financial Services Edition of the 2016 Vormetric Data Threat Report (DTR).

SWIFT says commercial bank hit by malware attack like $81M Bangladesh hack – Publication: CNBC- Reporter name: STAFF

News of a second case comes as law enforcement authorities in Bangladesh and elsewhere investigate the February cyber theft from the Bangladesh central bank account at the New York Federal Reserve Bank. SWIFT has acknowledged that that scheme involved altering SWIFT software to hide evidence of fraudulent transfers, but that its core messaging system was not harmed. SWIFT had previously acknowledged that the Bangladesh Bank attack was not an isolated incident but one of a number of recent criminal schemes aimed at its messaging platform, which is used by 11,000 financial institutions globally.

Germany points finger at Kremlin for cyber attack on the Bundestag – Publication: Financial Times – Reporter name: Stefan Wagstyl

While Russian connections to cyber attacks on German targets are not new — in January 2015, CyberBerkut, a group linked to Ukraine’s pro-Russia separatists, broke into several German government websites — it is rare for Berlin to point the finger so directly at the Kremlin. A draft defense paper, due to be published in the summer, ranks cyber security second only to global terrorism in a list of 10 threats facing Germany. The tools for cyber attacks are so accessible that individuals and private groups, as well as states, can carry out such offensives, the paper says.

‘Pawn Storm’ APT Campaign Rolls On With Attacks in Germany, Turkey – Publication: Dark Reading- Reporter name: Jai Vijayan

The latest evidence that the group is still alive and operating is an attack last month targeting German chancellor Angela Merkel’s Christian Democratic Union (CDU) party website. As part of the campaign, the threat actors set up a fake webmail server in Latvia designed to look like the CDU’s main webmail server in an apparent attempt to steal the email credentials of party members.  The attackers also set up three separate phishing domains to try and grab the personal email credentials of targeted and high profile users of two German free email service providers.

Security spending rises in areas ineffective against multi-stage attacks – Publication: Help Net Security – Reporter name: Mirko

Vormetric announced the results of the Financial Services Edition of the 2016 Vormetric Data Threat Report (DTR). This edition extends earlier findings of the global report, focusing on responses from IT security leaders in financial services, which details IT security spending plans, perceptions of threats to data, rates of data breach failures and data security stances.

10Fold – Security Never Sleeps – 88

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Hackers are already exploiting a new critical vulnerability in Flash Player, and Adobe Systems is still working on the patch. Brian Krebs reported that Wendy’s investigation into a credit card breach uncovered malicious software on point-of-sale systems in 5 percent of their restaurants–the source of the breach was compromised third party credentials. Symantec has reported that Internet Explorer zero-day vulnerability is being exploited to attack South Korea. PerezHilton.com was under a malvertising attack as discovered by Cyphort.

Hackers are exploiting an unpatched Flash Player vulnerability, Adobe warns – Publication: PCWorld – Reporter name: Lucian Constantin

Adobe Systems is working on a patch for a critical vulnerability in Flash Player that hackers are already exploiting in attacks. In the meantime, the company has released other security patches for Reader, Acrobat, and ColdFusion.

Wendy’s: Breach Affected 5% of Restaurants – Publication: Krebs on Security – Reporter name: Brian Krebs

Wendy’s said today that an investigation into a credit card breach at the nationwide fast-food chain uncovered malicious software on point-of-sale systems at fewer than 300 of the company’s 5,500 franchised stores. The company says the investigation into the breach is continuing, but that the malware has been removed from all affected locations.

​South Korea victim of Internet Explorer zero-day vulnerability – Publication: ZDNet- Reporter name: Asha Barbaschow

Security firm Symantec has reported that South Korea has been affected by targeted attacks that exploited an Internet Explorer zero-day vulnerability.

PerezHilton.com Hit by Malvertising – Publication: InfoSecurity Magazine – Reporter name: Tara Seals

Visitors to pop culture website PerezHilton.com have been redirected to an Angler Exploit Kit variant as a result of a malvertising attack. Researchers at Cyphort have discovered that the EK, dubbed som.barkisdesign.com, is automatically downloaded to website visitors’ computers without any interaction triggers. PerezHilton.com sees a half-million visitors per day, looking for celebrity gossip.

10Fold – Security Never Sleeps – 87

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Vanguard Cybersecurity owner David Michael Levin was charged with three counts of unauthorized access to a computer, network, or electronic device of a Florida county and released on $15,000 bond–the reason for this is because he leveraged pilfered credentials of the county’s supervisor of elections to show security concerns of the county’s elections website. Researchers at security firm Check Point discovered a new Android malware that will automatically join the smartphone to a botnet which disguise ad clicks to generate money. Investigations by the FBI has led to evidence that at least one employee of Bangladesh’s central bank was involved in the theft of $81 million from the bank. However, bank officials still partly blame the SWIFT financial network that allegedly left loopholes for hackers.

How a security pro’s ill-advised hack of a Florida elections site backfired – Publication: Ars Technica – Reporter name: Dan Goodin

A Florida man has been slapped with felony criminal hacking charges after gaining unauthorized access to poorly secured computer systems belonging to a Florida county elections supervisor.

New Android malware poses as popular game, but enlists phones into botnet – Publication: ZDNet – Reporter name: Zack Whittaker

Tens of thousands of Android users are thought to have fallen victim to a newly-discovered malware, which enlists devices as part of a hacker-controlled botnet. The malware is dubbed “Viking Horde,” after one of the popular apps it poses as. The sophisticated malware campaign consists of a number of games and apps that are readily available through Google Play, the app store for Android devices.

Bangladesh central bank hack may be an insider job, says FBI – Publication: ComputerWorld – Reporter name: John Ribeiro

The U.S. Federal Bureau of Investigation has found evidence that at least one employee of Bangladesh’s central bank was involved in the theft of $81 million from the bank through a complex hack, according to a newspaper report.

How Home Technology Will Change the Future

By Kaitlin Krull

Twenty-first-century life is dictated by technology in practically every way. From industry to education, from science to the arts, it’s ever present. One of the most fascinating things about technology is that it is always developing—and home technology is no different. By the time we wrap our minds around the latest gadgets and products for our homes, scientific advancements change the game.

One of the most fascinating things about technology is that it is always developing—and home technology is no different.

Although we can’t predict the future, over at Modernize we have a few ideas as to how exactly home technology is going to alter the course of our lives and change the future.

100% connectivity

Generations to come will never know a world without the Internet and constant connectivity. Current home technology products such as WiFi and Bluetooth are commonplace in virtually all developed countries, and these technologies are only going to expand and improve. By the time we have retired, connectivity will not be an issue for anyone. All of our home electronics (and appliances, and machinery) will be linked all the time, anywhere, automatically.

Automated homes

Connectivity on mobile devicesHome automation is something that most of us thought was only possible in cartoons like the Jetsons, but it’s now a reality for many homes already. A thing of the present rather than the future, smart home automation technologies allow virtually your entire home to be controlled remotely via panels, smartphones, and other devices. As connectivity increases, these devices will be standard in new homes and markedly improved in time.

Increased convenience

Most people would argue that the point of technology is to make life simpler. While millennials are criticized for wanting everything to be available to them instantly, technology is really to blame here. Smartphone apps in particular, give us the opportunity to learn, communicate, purchase, and do anything else we might possibly need to do, instantly.Not too far in the future, everything will become available to all of us at home with the touch of a button.

Smartphone apps in particular, give us the opportunity to learn, communicate, purchase, and do anything else we might possibly need to do, instantly.

Coffee? Clothes? Shower? Phone? Ride to work? Done. Now.

Decreased energy use

Smart energy products such as thermostats are taking off in energy conscious (and technologically advanced) countries throughout the world because they can monitor, track, and adjust your home’s energy use with minimal effort from you. But these kinds of products are just the beginning. We imagine that technologies that tell us exactly when to turn off appliances in order to make our homes as efficient as possible are not far around the corner. Furthermore, developing technologies behind renewable energy sources will decrease our carbon footprint even further than they are now, saving us tons of energy (and money).

Current futuristic technologies

While we can’t possibly know for sure whether our technological predictions will come to fruition, there are quite a few current home products already out there that give us a glimpse into our future. Hydroflooring, smart glass, 3D televisions, and giant touch screen coffee tables are just a few of the current gadgets that make us think that our future home lives might not actually be that far removed from the Jetsons (or even Iron Man, for that matter). In all seriousness, these products point to a technological future of self-sufficiency for homes everywhere.


10Fold – Security Never Sleeps – 86

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Starting today Google will start sending out notifications to employees about a data breach that occurred at a third party company that they do business with for their benefit management services. Babycare retailer Kiddicare has warned customers that personal data shared with the store has been stolen by hackers. Cyber Security Breaches Survey 2016 reveals that of those hit by cyberattacks, a quarter experience a repeated breach at least one a month. Experts are skeptical over the alleged 272 million credentials that were discovered last week, both Google and a Russia-based e-mail service unveiled analyses that call into question the validity of the security firm’s entire report.

Google suffers data breach via benefits provider – Publication: CSO – Reporter name: Dave Lewis

In the Google case, the whoops factor was curtailed and the damage was limited. There were names and Social Insurance Numbers in the document in question but, that didn’t leak beyond that immediate parties according to the breach notification letter which is due out today. Even though the issue was contained, Google is providing credit monitoring for affected parties.

Babycare e-tailer Kiddicare admits customer data breach – Publication: The Register – Reporter name: John Leyden

The compromised data is restricted to name, delivery address, telephone number and email address, according to Kiddicare, which is keen to stress that customer payment details or credit/debit card information has not been accessed.

Two thirds of large businesses have suffered a data breach in the past year – Publication: ZDNet- Reporter name: Danny Palmer

The proportion of businesses that have suffered a breach declines as the organization gets smaller: 51 percent of medium firms said they’d been the victim of an attack, compared to 33 percent of small firms, while just 17 percent of micro firms say they’d suffered a data breach. This could be because smaller firms are less attractive targets to hackers, or perhaps because they lack the skills to recognize a breach has taken place.

Garbage in, garbage out: Why Ars ignored this week’s massive password breach – Publication: Ars Technica – Reporter name: Dan Goodin

What has been clear all along to anyone paying attention is that the plaintext credentials recovered by Hold Security almost certainly didn’t come from hacks on the e-mail providers. Instead, they most likely were collected by hackers who hit dozens, hundreds or thousands of third-party Web services over the years and dumped the account databases into a single list.

10Fold – Security Never Sleeps – 85

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Cybersecurity professionals warn that anyone with a personal email account might want to change their passwords following revelations of a massive cache of stolen usernames and passwords being offered for sale on the Internet. Fiat Chrysler Automobiles Chief Executive Sergio Marchionne said Friday FCA and Alphabet Inc’s Google have yet to determine who will own data collected in their collaboration on testing self-driving vehicles. Hackers caused disruption to a Locky campaign after they breached one of the attackers’ server and replaced the real ransomware with a harmless file containing the string “Stupid Locky.” For the past five years, a vulnerability in many Android phones has left users’ text messages, call histories, and possibly other sensitive data open to snooping, security researchers said Thursday.

Cyber Experts: Change Passwords After Massive Hack – Publication: NBC News – Reporter name: Tom Costello

The thefts involved some of the biggest email providers in the world such as Google, Yahoo, Hotmail and Microsoft. The bulk of the stolen accounts—some 272.3 million—include Russia’s Mail.ru users, according to Alex Holden, founder and chief information security officer of Hold Security who discovered the theft. “We know he’s a young man in central Russia who collected this information from multiple sources,” Holden told NBC News. “We don’t know the way he did it or the reason why he did it.” The user names and passwords were being offered for sale on the so-called “dark web” where hackers hock their goods.

Fiat Chrysler CEO: Data ownership unclear in working with Google – Publication: Reuters- Reporter name: Bernie Woodall

Earlier this week, FCA and Google announced that they would align to fit 100 of the Pacifica minivans made at Windsor for Google’s self-driving test fleet. Marchionne said there are many aspects of the project with Google that have yet to be determined, such as whether the two will develop an open-source software platform that could be shared with others. Marchionne said that what has been agreed so far with Google is limited, but he suggested that the alliance could evolve.

Hackers Disrupt Locky Ransomware Campaign – Publication: SecurityWeek – Reporter name: Eduard Kovacs

According to Avira researcher Sven Carlsen, the attack started with a spam email designed to trick recipients into opening an attachment by informing them of an unpaid fine. The attached file is actually a malware downloader configured to fetch the Locky ransomware from a server whose location is determined based on a domain generation algorithm (DGA). The downloader then executes the file. However, in the attack analyzed by Avira, the downloader did not fetch Locky and instead it downloaded a 12Kb executable containing the message “STUPID LOCKY.” Since the file did not have a valid structure, the downloader failed to execute it, resulting in an error message being displayed.

Critical Qualcomm security bug leaves many phones open to attack – Publication: Ars Technica – Reporter name: Dan Goodin

The flaw, which is most severe in Android versions 4.3 and earlier, allows low-privileged apps to access sensitive data that’s supposed to be off-limits, according to a blog post published by security firm FireEye. But instead, the data is available by invoking permissions that are already requested by millions of apps available in Google Play. Company researchers said the vulnerability can also be exploited by adversaries who gain physical access to an unlocked handset. Indexed as CVE-2016-2060, the bug was first introduced when mobile chipmaker Qualcomm released a set of programming interfaces for a system service known as the “network_manager” and later the “netd” daemon.

10Fold – Security Never Sleeps – 84

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Microsoft plans to retire support for TLS certificates signed by the SHA1 hashing algorithm in the next four months, an acceleration brought on by new research showing it was even more prone to cryptographic collisions than previously thought. Tens of millions of stolen credentials for Gmail, Microsoft and Yahoo email accounts are being shared online by a young Russian hacker known as “the Collector” as part of a supposed larger trove of 1.17 billion records. An analysis of proof-of-concept (PoC) exploits shared online over the last year has shown that social media is the main distribution channel for PoCs, according to threat intelligence firm Recorded Future. All blogs hosted on Google’s blogspot.com domain can now be accessed over an encrypted HTTPS connection.

Microsoft to retire support for SHA1 certificates in the next 4 months – Publication: Ars Technica – Reporter name: Dan Goodin

The software maker hinted at the expedited deprecation in November. Last week, it made those plans official. Sometime this summer (for those in the Northern Hemisphere, anyway) the general release versions of Microsoft’s Edge and Internet Explorer browsers will stop displaying the address bar lock when visiting HTTPS sites protected by SHA1 certificates. The change will occur even sooner for upcoming Windows Insider Preview builds, which are mostly used by developers for testing purposes.

A Russian hacker gave away millions of email credentials for social media votes – Publication: PCWorld- Reporter name: Katherine Noyes

That’s according to Hold Security, which says it has looked at more than 272 million unique credentials so far, including 42.5 million it had never seen before. A majority of the accounts reportedly were stolen from users of Mail.ru, Russia’s most popular email service, but credentials for other services apparently were also included. Hold discovered the breach when its researchers came across the hacker bragging in an online forum. Though the hacker initially asked Hold for 50 rubles for the initial 10GB stash — that’s equivalent to about 75 cents — he eventually turned it over to them in exchange for likes and votes for him on social media.

PoC Exploits Mainly Distributed via Social Media – Publication: SecurityWeek – Reporter name: Eduard Kovacs

A search on Recorded Future’s threat intelligence platform uncovered roughly 12,000 PoC exploit references shared on the Web since March 22, 2015. The company says this represents a near 200 percent increase compared to the previous year. A large majority of the PoCs identified by researchers were disseminated via social media networks — primarily Twitter. In 97 percent of cases, social media has been used to share links to code repositories, paste sites, other social media networks, and deep Web forums hosting the actual PoC code. In some cases, PoC exploit references were found on code repositories, mainstream sites, blogs, forums, malware and vulnerability reporting websites, and paste sites.

Google turns on HTTPS for all Blogspot blogs – Publication: PCWorld – Reporter name: Lucian Constantin

Instead of the “HTTPS Availability” option, blog owners can now use a setting called “HTTPS Redirect,” which will redirect all visitors to the HTTPS version of their blogs automatically. If the setting is not used, users will still be able to access the non-encrypted HTTP version. Forcing HTTPS by default would have been better, but would have likely triggered mixed content alerts in users’ browsers for some blogs. These errors happen when a website served over HTTPS loads resources, such as images and code, from external servers that don’t use HTTPS.

10Fold – Security Never Sleeps – 83

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Cyber thieves have succeeded in stealing sensitive tax and salary information on employees at a dozen companies that use the payroll giant ADP. Researchers have discovered that a critical image processing library has a severe vulnerability which has left a vast amount of websites open to attack. A new survey out by the Ponemon Institute found that the C-level executives are not engaged in their organizations’ third-party risk management processes and that a lack of formal programs in managing that risk is endangering the security and compliance of enterprises today. Maintainers of the OpenSSL cryptographic library have patched high-severity holes that could make it possible for attackers to decrypt login credentials or execute malicious code on Web servers.

Cyber thieves siphon tax forms from ADP payroll data – Publication: CNN Money – Reporter name: Jose Pagliery

On Tuesday, ADP (ADP) explained how fraudsters managed to siphon W-2 tax forms using a convenient online feature. The incident seems small in scope. But it shows how fraudsters have adopted novel techniques to steal personal information — especially the kind that can later be used to claim tax refunds. ADP didn’t say when the theft occurred, and wouldn’t tell CNNMoney how many people had their detailed income data exposed. But it noted the incident affected “around a dozen” of the company’s 630,000 corporate clients.

ImageMagick vulnerability exposes countless websites to exploit – Publication: ZDNet- Reporter name: Charlie Osborne

ImageMagick supplies the backbone library for image processing plugins, including PHP’s imagick, Ruby’s rmagick, paperclip and node.js’s imagemagick. The software is a set of command-line programs which make the bulk processing of images easier, as noted by Naked Security. This is a common feature of many websites, and now, a critical flaw within the software is placing these domains at risk of cyberattack. The vulnerability, CVE-2016-3714, was discovered by security researcher Stewie and the ramifications of the security flaw were explored by Nikolay Ermishkin from Mail.Ru’s security team.

Enterprises Lack Top-Down Management Of Third-Party Risk – Publication: DarkReading – Reporter name: Ericka Chickowski

Large-scale breaches that originate due to attackers targeting third-party weaknesses will continue to escalate until senior leadership and the C-suite starts taking third-party risk more seriously. As things stand, only about 30% of organizations assess security controls of business partners, vendors, and other third parties. When they do a review, the most common practice is a legal review. And one-third of organizations who do review controls said it would be unlikely that their organization would cease or terminate an agreement with a third party if the controls were found to be lacking compared to requirements. What’s more, over half of organizations say that their risk assessment of third-parties doesn’t give them visibility into the intellectual property or other high-value data in the hands of third parties.

Aging and bloated OpenSSL is purged of 2 high-severity bugs – Publication: Ars Technica – Reporter name: Dan Goodin

The updates were released Tuesday morning for both versions 1.0.1 and 1.0.2 of OpenSSL, which a large portion of the Internet relies on to cryptographically protect sensitive Web and e-mail traffic using the transport layer security protocol. OpenSSL advisories labeled the severity of both vulnerabilities “high,” meaning the updates fixing them should be installed as soon as possible. The fixes bring the latest supported versions to 1.0.1t and 1.0.2h.