Our security roundup series covers the week’s trending topics in the world of InfoSec. In this quick-read compilation, we’ll let you know of the latest news and controversies that the industry has been talking about recently.
Here’s what you don’t want to miss from the week of October 19, 2015:
- UK-based telecommunications provider TalkTalk announced it was hit by a “significant and sustained cyber attack,” which may have led to the theft of personal and financial information from its four million customers. According to reports, a TalkTalk spokesperson said on Friday that the company had received a ransom demand from an unidentified party for the attack. Although investigations are ongoing, the firm stated it believed the financial information that was potentially accessed to be “materially lower than initially believed, and would on its own not enable a criminal to take money from [a customer’s account].” The incident marks the third time this year that the company has been targeted.
- The U.S. Senate voted in favor of advancing the Cybersecurity Information Sharing Act (CISA), which could allow companies and the government to share information about hacking attacks amongst each other, without fear of lawsuits. Reuters reported the White House said in a statement that it supports the bill but wants the Department of Homeland Security to be charged with running the information-sharing system, and would “strongly oppose” any amendments to the bill to expand exceptions. Major tech companies, including Apple, Google, Facebook and Twitter, have showed strong disapproval of the bill, saying it fails to protect users’ privacy.
- French Prime Minister Manuel Valls announced the launch of the country’s new digital security strategy, which it says will help establish a collaborative and coordinated effort to better protect its citizens, and address cyber threats. The national strategy is comprised of five objectives outlining the country’s fundamental interests; defense and security of critical infrastructures; digital trust and privacy; awareness and education, among other aspects.
- A teenage hacker claimed to have broken into the personal email account of CIA Director John Brennan, which reportedly included sensitive documents, such as Social Security numbers and personal information of more than a dozen top American intelligence officials. The alleged hacker posted several screenshots of sensitive information on Twitter, including Brennan’s alleged contact list and cell phone bill. Federal law enforcement is investigating the issue.
- A security researcher claimed to have found a way to exploit a vulnerability in Fitbit fitness trackers and subsequently deliver malware to a target device – such as a laptop or PC – in less than 10 seconds. Axelle Apvrille of Fortinet described the scenario, saying:
“An attacker sends an infected packet to a fitness tracker nearby at Bluetooth distance then the rest of the attack occurs by itself, without any special need for the attacker being near.”
Fitbit has disputed the findings, however, stating that users remain safe to use their devices.
- Facebook said it will begin notifying users if it believes their accounts has been targeted or compromised by an attacker suspected of working on behalf of a nation-state. Alex Stamos, Facebook’s Chief Security Officer, announced the move in a post. “We do this because these types of attacks tend to be more advanced and dangerous than others, and we strongly encourage affected people to take the actions necessary to secure all of their online accounts,” said Stamos.