Welcome to a weekly round-up of the most relevant and interesting happenings and events from across the Information Security industry.
High-profile breaches, interesting studies, patch tuesday announcements and more!
- More Businesses Accidentally Exposing Cloud Services
- Research Reports Stolen in Forrester Website Hack
- Microsoft Office 0-day headlines Patch Tuesday, update now!
- Ransomware Sales on the Dark Web Spike 2,502% in 2017
- Hacked Equifax Website Redirects Users to Adware, Scams
- Flaws in SmartVista Payment Platform Expose Sensitive Data
- Data Sample in Equifax Hack Scam Possibly From Third-Party Servers
- Hyatt Hotels Hit by Another Card Breach
“53% of businesses using cloud storage services unintentionally expose them to the public. More than half of organizations using cloud services like Amazon Simple Storage Service (S3) have inadvertently exposed at least one of these services to the public, up from 40% earlier this year.”
“Forrester, one of the world’s most influential market research and advisory firms, informed customers late on Friday that its main website had been breached.”
“The second Tuesday of the month means it’s Microsoft’s formerly-known-as Patch Tuesday, currently-known-as Security Update Tuesday, and this month’s update patches 61 vulnerabilities in all, with 23 rated as Critical and 35 as Important. We always urge that you apply patches as soon as possible, but if that’s not convincing enough, read the details below of what’s out there in the wild.”
“Ransomware is a $6.2 million industry, based on sales generated from a network of more than 6,300 Dark Web marketplaces that sell over 45,000 products, according to a report released Wednesday by Carbon Black.”
“A security researcher noticed recently that an Equifax service designed for obtaining free and discounted credit reports had been redirecting users to websites set up to serve adware and scams.”
“The SmartVista platform is used by major organizations around the world for online banking, e-commerce, ATM and card management, and fraud prevention. The core components of the SmartVista suite are the Front-End and Back-Office systems.”
“A data sample provided last month by scammers trying to make a profit by claiming to have breached U.S. credit reporting agency Equifax may have been obtained from unprotected Amazon Web Services (AWS) instances owned by a different company.”
“Chicago-based hotel operator Hyatt Hotels Corporation informed customers this week that their credit card information may have been stolen by cybercriminals. This is the second data breach discovered by the company within a period of two years.”