Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.
Big items to consider: U.K. police have arrested a man in response to the 4.9 million account data information stolen during the Vtech hack. A security researcher has found that an antivirus Mac app has exposed personal details of 13 million Mac users. Joomla content management system has been exposed to hackers actively exploiting a remote command-execution vulnerability that has been undetected for 8 years. Lastly, an article on 6 ways to protect your data in the age of wearables.
A 21-year-old man was arrested Tuesday as part of a cyber-crime probe into a computer hack at children’s electronic toymaker VTech Holdings Ltd, police said. The man was held by police in Bracknell, west of London, on suspicion of “unauthorized access to a computer to facilitate the commission of an offense,” the South East Regional Organized Crime Unit said in a statement. Almost 6.4 million profiles set up for children and about 4.9 million accounts belonging to parents were targeted in the November attack, the Hong Kong-based maker of children’s electronic toys, smartwatches and computer tablets said at the time.
MacKeeper, an antivirus tool for Apple Mac users, has leaked the details of over 13 million users, according to researcher Chris Vickery. Vickery found a section of the MacKeeper website that, when accessed without a password or username, allowed him to see the details of customer information, including names, email addresses, usernames, passwords, phone numbers, and system information.
Attackers are actively exploiting a critical remote command-execution vulnerability that has plagued the Joomla content management system for almost eight years, security researchers said. A patch for the vulnerability, which affects versions 1.5 through 3.4.5, was released Monday morning. It was too late: the bug was already being exploited in the wild, researchers from security firm Sucuri warned in a blog post. The attacks started on Saturday from a handful of IP addresses and by Sunday included hundreds of exploit attempts to sites monitored by Sucuri.
This Christmas, wearable tech is projected to be hackers’ next big target and there’s also more data at risk. Straight from the experts themselves, here are some ways to make sure you can have the best chance at keeping your connected device from turning on you.