November Web Security News
During the last few weeks we have seen many web security news items that should be of concern. As the end of November comes closer, let’s take a few minutes to look back at the many web security news topics we might have missed.
- US Navy suffers data breach – The US Navy announced today that the personal data of 130,000 of its enlisted men was accessed after a contractor’s laptop was breached. https://nakedsecurity.sophos.com/2016/11/24/compromised-laptop-implicated-in-us-navy-breach-of-130000-records/
- Your car will be recalled in 2017 thanks to poor open-source security – Security experts believe yet another open-source software security catastrophe is on the horizon — but this time, your car is the target. Car companies are taking a closer look at the software they use to develope features such as cameras, wi-fi and computer within your cars. Potential breach points could occur as car are now offering wifi and direct cellular connections. http://www.zdnet.com/article/2017-the-year-hacking-will-force-your-car-to-be-recalled/
- WordPress Security reaches dismal levels – Internet Security Mindset – Anyone Bothering To Secure Their Sites?
- Uber Portal Leaked Names, Phone Numbers, Email Addresses, Unique Identifiers – series of vulnerabilities in UberCENTRAL, a portal Uber started during the summer to help businesses facilitate rides for customers, could have leaked the names, phone numbers, email addresses, and unique ID of all Uber users. https://wp.me/p3AjUX-vLO
- Microsoft Releases 14 Security Advisories – Powerhouse software giant Micrsoft release no less then 14 security updates during the month of November 2016. Several of these were critical updates and affect either the Windows core kernal or boot manager. Make sure you are processing your Windows software updates as regularly as your WordPress sites.
- Hacker group Cobalt hits ATMs across Europe – A hacker group called Cobalt targeted ATMs across Europe in “smash and grab” operations. The hackers are reported to have remotely attacked ATMs using malicious software, which manipulated the systems to dispense cash. http://bit.ly/2gAWlFJ
- InPage Zero Day Used in Attacks Against Banks- A zero-day vulnerability in InPage publishing software used primarily in Urdu, Pashto and Arabic-speaking nations has been publicly exploited in attacks against financial institutions and government agencies in the region. https://wp.me/p3AjUX-vLy
- XSS security vulnerability could lead to millions of unprotected Wix websites – By far one of the largest website hosting / creation services on the web with over 87 million users who could all now have corrupted administrator access. Wix.com security flaw places millions of websites at risk
- Early November saw a rash of sites banning accounts that had listed “hacked” versions of WordPress Security. Anyone likely downloading these could have potentially opened up their websites to a host of security issues. Simply Put, DON’T TRUST HACKED VERSIONS. You are running the risk that the person who hacked it doesn’t only care about screwing the company out of some money. Don’t let greed get the better of you.