Top 7 Cybersecurity Stories This Week 11-18-2016
A massive data breach targeting adult dating and entertainment company Friend Finder Network has exposed more than 412 million accounts. The hack includes 339 million accounts from AdultFriendFinder.com, which the company describes as the "world's largest sex and swinger community." That also includes over 15 million "deleted" accounts that weren’t purged from the databases. Read more.
In response to the success of the “Hack the Pentagon” program earlier this year, the military is launching a new bug bounty program called “Hack the Army”—partnering with HackerOne. Over a 24-day period, the Pentagon bug bounty program unearthed nearly 140 unique security vulnerabilities on some of the Pentagon's public websites. Read more.
The pattern of DDoS attacks is changing according to a new report from internet provider Akamai. The report suggests the overall number of DDoS attacks has not risen significantly in 2016, but that the force of these attacks is increasing. Akamai says it confronted 19 “mega attacks” in the third quarter of this year, including the two biggest it has ever encountered in history. Read more.
Security contractors recently discovered preinstalled software in some Android phones that monitors where users go, whom they talk to and what they write in text messages. The American authorities say it is not clear whether this represents secretive data mining for advertising purposes or a Chinese government effort to collect intelligence. Read more.
Security experts asked lawmakers for more action yesterday during a Congressional hearing on IoT security. On their wishlist: consequences to manufacturers for delivering insecure products, a federally funded independent lab for pre-market cybersecurity testing, and an entirely new federal agency devoted to cybersecurity. Read more.
One of the world’s most popular means of communication, WhatsApp, is adding fully encrypted video calling to its messaging app on Monday. The move comes as privacy advocates worry about the potential for stepped-up government surveillance under a Trump administration. The new video calling service will thus provide another means for people to communicate without fear of eavesdropping—though WhatsApp does retain other data such as an individual's list of contacts. Read more.
Kamkar released the schematics and code for a proof-of-concept device he calls PoisonTap: a tiny USB dongle that, whether plugged into a locked or unlocked PC, installs a set of web-based backdoors that in many cases allow an attacker to gain access to the victim’s online accounts, corporate intranet sites, or even their router. Read more.