Thursday; November 28, 2019

Workplace Cybersecurity Newscast

A Security News Roundup for Financial Advisors 

S7.5 Million Adobe Accounts Exposed by Security Blunder
Gizmodo: The customer records of nearly 7.5 million Adobe Creative Cloud users were discovered by a security researcher this month in an inadvertently exposed database which has now been secured.

AWS hit by major DDoS attack
TechRadar: Amazon's cloud computing division AWS recently experienced a sustained DDoS attack on Oct. 22, that appears to have lasted for around eight hours. The attack itself affected the company's Router 53 DNS web service though other services also experienced outages as a result. AWS does offer its own DDoS mitigation service called Shield Advanced but it was unable to fully stop the attack.

These 17 iPhone apps have been removed from the Apple App Store for delivering malware
ZDNet: Researchers uncover malicious iPhone applications in Apple's official marketplace after apps bypassed security measures by hiding code behind a C&C server. Seventeen malicious iPhone apps from the same developer have been removed from the Apple App Store after being found to click on adverts secretly, generating income for cyber criminals.

New Android Warning: 40M Users Installed Video App Hiding Devious Malware—Delete Now
Forbes: Here we go again—another popular Android app caught defrauding users on a huge scale. This is familiar territory now, although the numbers get bigger and more onerous. The app this time is SnapTube, a video downloader that lets users select YouTube and Facebook videos to play offline. The app’s developers claim more than 40 million users, and it has been installed many more times that that. The problem, it seems, is that while users are enjoying those videos, the app’s software is busy doing other things in the background—essentially defrauding both users and advertisers to generate material financial returns.

Mozilla's Firefox 70 is out: Privacy reports reveal whose cookies are tracking you
ZDNet: Mozilla has released Firefox 70, introducing new security indicators for HTTP and HTTPS sites, and a new privacy report that shows how many times its Enhanced Tracking Protection has blocked third-party tracking cookies, fingerprinting, and browser-based cryptominers. Mozilla says Firefox has blocked over 450 billion third-party tracking requests since July, with the number rising sharply after Firefox 69 was released last month, which enabled tracking protection by default.

Surviving Security Alert Fatigue: 7 Tools and Techniques
DarkReading: Experts discuss why security teams are increasingly overwhelmed with alerts and share tactics for lightening the load. Dr. Anton Chuvakin, head of solution strategy at Chronicle Security, takes it a step further: Many businesses are overwhelmed by alerts because they have never needed to handle them.

One more thing...

How Email Became the Weakest Link in Cybersecurity
Hacker Noon: Email has become the weakest link, and it’s costing businesses big time.
The average employee received five phishing emails a week, and sometimes they can be very convincing. The most successful phishing emails contain subject lines designed to scare or jolt us into action. Phrases like ‘open enrollment’ and ‘grievance filed’ can make us believe something needs our immediate attention, which hackers rely on.

by OS33