500m users affected in giant Yahoo hack and lawsuits already filed
The latest breach to be dubbed ‘the biggest breach ever’ is the newly revealed theft of the data 500 million Yahoo users, which took place in 2014. Yahoo admitted this news just last week, revealing that the data includes names, telephone numbers, email addresses, hashed passwords and some security questions and answers. The rumours actually began in August but Yahoo have only just confirmed the authenticity of the data, which had been touted on the dark web. Interestingly, they have also already pointed the finger at a ‘state actor’, promising to contact all affected users and advising people to change their passwords. One class action has already been filed in San Diego and others are expected to follow, citing poor security and delayed notification as reasons to seek damages from Yahoo.
Krebs on Security suffers massive DDoS
It shouldn’t be any surprise that the world’s most famous whitehat security blog is a popular target for hackers and Brian Krebs is open about the attacks which occur. However, last week a massive DDoS attack reaching 620gbps finally managed to bring the site down completely, prompting Akamai to end their free support of the site. The attack was more than twice the strength of any previous attacks levied against the site and included flooding Brian Krebs’ inbox and spamming his Skype account. While the site was soon revived, the cost of such an attack has been enough for Akamai to withdraw their support, which is now being offered by Google. Krebs said of the attack ‘I don’t know what it will take to wake the larger Internet community out of its slumber to address this growing threat to free speech and e-commerce. My guess is it will take an attack that endangers human lives, shuts down critical national infrastructure systems, or disrupts national elections.’
Multiple Drupal vulnerabilities patched
Popular open source content management system Drupal have just released a security update for their core, patching several vulnerabilities which could affect all unpatched users. The most critical of the three is a Cross-site Scripting vulnerability which could be exploited to perform remote code execution. The other two concern user permissions, allowing external actors to perform tasks that should only be available to the owner of the site. Users are advised to upgrade to Drupal 8.1.10 as a matter of urgency. Tips to secure your Drupal installation.
UK ‘Cybersecurity Accelerator’ encourages start ups to get involved
A new project has been unveiled in the UK, as part of the National Cyber Security Plan, which was launched in 2011. This latest project is a ‘Cybersecurity Accelerator’, intended to encourage cybersecurity start ups by offering them the chance to work directly with GCHQ, the UK intelligence agency, helping the start ups to develop new products. They will also be given a grant towards their work and office space to use. The main aim here is an economical one, with the UK cybersecurity market exports being valued at £1.8bn in 2015. The two Accelerator centres will be based in Cheltenham, where GCHQs head office is also situated and in London.
Hackers reveal contents of White House contractor breach
Several documents have hit the internet, with claims of a breach of White House data. The documents include a scan of Michelle Obama’s passport and details of the itineraries of key figures including Joe Biden and candidate Hillary Clinton. The documents are rumoured to be the result of the hack of a Gmail account of a staff member from a minor White House contractor who assist with travel plans. The Department of Justice is reportedly investigating the breach, just the latest in a string of high profile US government leaks.
Safe Browsing failing as 16 thousand WordPress sites hacked
Chrome’s Safe Browsing feature is apparently only picking up on around half of malicious WordPress sites visited by users. When reaching a flagged site, users are usually presented with the ‘red screen of death’ warning them not to visit the site. The most popular Content Management System has reportedly had almost 16 thousand sites compromised in the last year, far exceeding the numbers of other CMS systems such as Joomla. A majority of the victim sites were backdoored, which makes it difficult for scans to detect the threat. Many attacks took advantage of insecure extensions but more than half of the WordPress sites affected were attacked because of their unpatched WordPress core. With so many sites being attacked and Safe Browsing failing to recognise around half of malicious sites, users are still very much at risk when running or visiting WordPress sites. Read more about securing your WordPress site.
Australian government continues to blame IBM for Census debacle
The Australian Bureau of Statistics, the department responsible for organising the national census which so disastrously fell prey to a DDoS attack last month, have submitted their report on the incident. The report was uploaded to the Senate Inquiry site and subsequently removed when someone realised it contained sensitive information. However, it was removed too late and is now available online. It details the tender requirements for the census site, as bid on by IBM, which did include the need to withstand DDoS attacks and resolve any faults within 30 minutes. Basically, the report squarely lays the blame on IBM. In the same week the report was submitted, PM Malcolm Turnbull was subject to criticism from opposition MPs for reducing the budget allocated to the project and having stalled the project for several months in an attempt to cut spending.