Banks and Fed sites score as least trustworthy in OTA 2017 security and privacy audit
“Privacy and security still not capable online”
An audit of 1,000 top websites that analyzed security and privacy systems has found a concerning trend for now a third year. The Online Trust Alliance commented: “Sites either qualify for the Honor Roll or fail the Audit. In other words, sites increasingly either take privacy and security seriously and do well in the Audit, or lag the industry significantly in one or more critical areas.”
Data Breach Costs Drop Globally But Increase in US
“Data breach costs trend low”
The average cost of a data breach is now about $33.62 million globally, demonstrating about a 10% drop from last year. This is the first time an attack cost has had an overall decrease since the IBM Cost of Data Breach report has been started. Although these statistics are encouraging, the U.S. is an exception to the trend, with a 5% increase for the nations firms.
Report: 99.7% of web apps have at least one vulnerability
“Web app vulnerabilities apparent”
Pretty much every web application has a breachable point, says the 2017 Trustwave Global Security Report released Tuesday. 99.7% of apps scanned by Trustwave had at least one vulnerability, while the mean number was about 11.
Tesco Acknowledges, Apologizes for Compromise of Over 40,000 Accounts
“Cash stolen from about half of accounts accessed”
One of the biggest hacking events on a bank in United Kingdom history occurred Monday, ending with nearly 40,000 accounts compromised according to Tesco CEO Benny Higgins. “Online criminal activity” was reported by the firm over the weekend, and it was later reported that 15% of its total accounts had shown signs of fraudulent withdrawal. The bank has issued various statements on the refunding of cash thefts to date.
RCE Flaw in Bopup Found
“Enterprise IM manager has significant security breach”
Cybersecurity service firm Trustwave has found a remote code execution flaw in Bopup Communications servers, a buffer overflow that cybercriminals to exploit the application. A packet is able to be sent to a remote administration port and allows for remote execution of commands on the communication sites servers.
Controversial Cybersecurity Law Passes in China
“Watchdog organizations warn of human rights violations”
Greater control over the internet in China has many worried about implications towards businesses and individual rights. While the government added certain amendments to address these concerns, it did little to appease critics. Many corporations have announced that the law will force them out of the country, while Sophie Richardson of Human Rights Watch has declared that the requiring of local storage data is in violation with many international treaties.
Moxa Ethernet Products Found to Have Serious Issues
“Critical and moderate vulnerabilities found”
Several security flaws have been detected in Taiwan based Moxa Industrial Ethernet products, according to an advisory recently distributed by ICS-CERT. The Moxa OnCell LTE cellular gateways, AWK Wireless AP/bridge/client products, TAP railway wireless units, and WAC wireless access controllers have improper authentication and other vulnerabilities.