Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.
Big items to consider: Security researchers at Sophos say that the Myspace hack could be the largest data breach of all time, easily topping the whopping 117 million LinkedIn emails and passwords that recently surfaced online from a 2012 hack. Cyber sleuths at security firm Trustwave have uncovered chatter on a Russian underground malware forum discussing a zero-day vulnerability in “every version” of Windows that is being openly sold for $90,000. A congressional committee has launched an investigation into the Federal Reserve Bank of New York’s handling of the heist of more than $80 million from accounts it maintains for the central bank of Bangladesh. Amazon and Goldman Sachs have become the latest investors to back Ionic Security, as the cyber security start-up looks to expand its reach beyond large companies.
Recently confirmed Myspace hack could be the largest yet – Publication: TechCrunch – Reporter name: Sarah Perez
“We take the security and privacy of customer data and information extremely seriously—especially in an age when malicious hackers are increasingly sophisticated and breaches across all industries have become all too common,” said Myspace’s CFO Jeff Bairstow, in a statement. “Our information security and privacy teams are doing everything we can to support the Myspace team.” However, while the hack itself and the resulting data set may be old, there could still be repercussions. Because so many online users simply reuse their same passwords on multiple sites, a hacker who is able to associate a given username or email with a password could crack users’ current accounts on other sites.
Windows zero-day flaw that impacts ‘every version’ being sold on Russian forum for $90,000 – Publication: International Business Times – Reporter name: Jason Murdock
According to analysis released by researchers with SpiderLabs, a team of penetration testers and ethical hackers at Trustwave, the security flaw being sold allows attackers to upgrade any Windows user level account to an administrator account, giving them access to install malicious software, gain access to other machines and change user settings. In hacking circles, zero-day vulnerabilities are much sought-after pieces of code previously unknown to anyone that can be exploited to infiltrate or attack a computer system without warning. Previously, a number of these bugs were uncovered in Adobe Flash software after the now-infamous breach at Hacking Team.
Congress launches probe of NY Fed over handling of $80M cyberheist – Publication: CNBC- Reporter name: Eamon Javers
In a letter to New York Fed President William Dudley on Tuesday, House Science Committee Chairman Lamar Smith, R-Texas, asked for “all documents and communications” related to the cyberheist from the Bank of Bangladesh account. The committee also wants to know what oversight the Fed has conducted of the SWIFT system, an international electronic messaging system used by banks worldwide to authorize billions of dollars a day in money transfers.
Goldman and Amazon back cyber security start-up Ionic Security – Publication: Financial Times – Reporter name: Hannah Kuchler
Amazon is becoming an equity holder via a partnership that will also allow customers of Amazon Web Services, its fast-growing cloud data center business, to use Ionic’s technology to secure data in the cloud and on their own on-premise servers. Adam Ghetti, chief executive of Ionic Security, said the company had already seen “tremendous interest” in its partnership with AWS in Europe. Companies on the continent have become increasingly nervous about which country has sovereignty over their data since leaks by Edward Snowden, a former contractor to the US National Security Agency, exposed a mass surveillance program in 2013.