Hundreds of stories about security and account compromise hit the web each month. Here’s the TL;DR on a few we found interesting this past month:
1. Your Information Isn’t Safe: This quick story on CNN reveals that Experian, the company that Target referred victims of its massive data leak to for credit monitoring, was itself the victim of large-scale account compromise some time before the Target compromise occurred. (CNN Money, July 25)
2. Hackers Outwit Tough Banking Site Security: A new attack called ‘Emmental’ revealed vulnerabilities in bank security in Austria, Japan, Sweden and Switzerland. The attack began with a phishing scam and, after prompting victims to enter sensitive information, prompted them to download an app available in the Android App store. With the app installed, the bad guys had complete control over the victims’ accounts--passwords, funds, everything. (New York Times, July 22)
3. Don't Let Your Business Pay The Price For Bank Fraud: Businesses handle most of their banking using online applications or web apps today. When problems come up, businesses expect vendors to fix them somehow. Take note: if your online bank accounts are hacked, resulting in the loss of data or funds, don’t count on your bank to make everything good again. The burden is largely on the small business owner today to protect their companies from attack and utter destruction by cyber criminals. (Forbes, July 15)
4. The Year So Far in Security Snafus: CIO has compiled some of the most notable security breaches so far this year. Click to read about everything from a security firm’s tweet that accidentally exposed the World Cup’s security center’s internal WiFi password to anyone on Twitter to a medical company that found out that one of its employees had pilfered sensitive patient information. (CIO.com, July 15)
5. A Recently Uncovered Attack Has Been Going on For Five Years: Dark Reading reports that security firm Cyphort has uncovered an attack that has been quietly stealing credentials from users of Facebook, Dropbox and other popular applications for the past five years. It’s unclear what the attackers will do with the information. They may be stockpiling it and mining it with the aim of mounting future targeted attacks against high net worth individuals. The attack is a phishing scam with some interesting technical elements; check out the article for the details. (Dark Reading, July 11)
Although Silo can’t protect against all of these attacks, stories like these serve as a constant reminder of the need not just for strong security measures, but also for awareness. When we put our information online, we are entrusting it to third parties that sometimes are not fully equipped to protect it. Anything that we can do to minimize the risk -- like connecting to the internet and sensitive apps through Silo -- helps!