Our security roundup series covers this week’s trending topics in the world of InfoSec. In this quick-read compilation, we’ll let you know of the latest news and controversies that the industry has been talking about.
Here’s what you don’t want to miss from the week of November 2, 2015:
- The same group of teenage hackers that broke into the personal email account of CIA Director John Brennan last month have now reportedly hacked into the private email account of FBI Deputy Director Mark Giuliano, according to a report by The Hacker News. A Twitter account allegedly ran by the hacktivist group posted links to more than 3,500 “Gov/Police/Military names, emails and phone numbers.” An FBI spokesman declined to neither deny or confirm the breach.
- UK telecommunications provider TalkTalk announced more details of the breach against its website, saying the attack was “much more limited than initially suspected.” The company said intruders accessed the personal information of nearly 157,000 customers; of those customers, more than 15,600 bank account numbers and sort codes were stolen, according to a report by BBC News. The firm noted affected customers would be notified “within the coming days.” Four arrests have been made in connection with the hack – all of which have been released on bail.
- A second British telecommunications company, Vodafone UK, announced a similar incident this week. The company released a statement saying it was “subject to an attempt to access some customers’ account details between midnight on Wednesday 28 October and midday on Thursday 29 October.” The statement reads:
“This incident was driven by criminals using email addresses and passwords acquired from an unknown source external to Vodafone. Vodafone’s systems were not compromised or breached in any way.”
The intrusion led to less than 2,000 customers having their accounts accessed, potentially giving criminals information regarding their name, mobile phone number, bank sort code and the last four digital of their account, said Vodafone.
- A team of hackers claimed a $1 million bug bounty prize for jailbreaking iOS 9.1 and 9.2 beta. The start-up company Zerodium was offering the reward to hackers that successfully developed a remote browser-based untethered jailbreak that worked on Apple’s latest operating system. Zerodium said it’s not planning to report the vulnerabilities to Apple just yet, but will likely disclose the technical details to its customers, whom it has described as “major corporations in defense, technology, finance and government organizations in need of specific and tailored cybersecurity capabilities.”
- ProtonMail, a Switzerland-based encrypted email service, suffered an “extremely powerful” distributed denial-of-service (DDoS) attack that intermittently knocked its networks offline – and those of some of its upstream providers – over the course of several days. Despite paying nearly a $6,000 ransom, ProtonMail said it continued to witness attacks, and turned to Swiss and European authorities as part of an ongoing investigation.
“The attack conducted against us was the most sophisticated attack ever seen in Switzerland and displayed capabilities more commonly possessed by state sponsored actors,” said the provider.
- XcodeGhost, the malware that infected hundreds – if not thousands – of legitimate Apple iOS apps offered on the Chinese app store, is back with another variant. Researchers at Symantec reported the malicious code was discovered in unofficial versions of Xcode 7, which allows developers to create applications for the latest iOS operating system. “[The malware] should serve as a reminder to app developers to use official, verified versions of Xcode,” warned the researchers.