Welcome to Zero Day's Week In Security, our roundup of notable security news items for the week ending September 19, 2014. Covers enterprise, controversies, reports and more.
This week, Apple Inc. made security headlines on many fronts after suffering a black eye in the celebrity iCloud nudes scandal, news about the Home Depot attack worsened, and famous hacker / convicted felon Kevin Mitnick officially entered the exploit sales market.
- In addition to Apple Configurator. Many noticed that , while news of the week was that . fixed in iOS 8, Apple released new versions of many other products to fix many other vulnerabilities ( ), including
Tim Cook: Apple sells security. Google sells you. http://t.co/WeUEuovWCw— Chris Wysopal (@WeldPond) September 18, 2014
- CloudFlare made a game-changing announcement Thursday in Announcing Keyless SSL™: All the Benefits of CloudFlare Without Having to Turn Over Your Private SSL Keys.
- Infosec is abuzz that Kevin Mitnick is now selling 0day and exploits.
- HP announced the release of its Internet of Things State of the Union Study, revealing 70 percent of the most commonly used Internet of Things (IoT) devices contain serious vulnerabilities.
- Security Intelligence reported that "Salesforce.com is warning its customers that the Dyre Trojan might be used to target their login credentials. The Dyre banking Trojan, which typically targets customers of large financial institutions, was recently used in a large-scale, credential-phishing campaign targeting Bank of America, Citigroup, Royal Bank of Scotland and JPMorgan Chase customers."
- A Senate Armed Services Committee investigation released info on an investigation finding Chinese intrusions into key defense contractors: hackers associated with the Chinese government successfully penetrated the computer systems of U.S. Transportation Command contractors at least 20 times in a single year, intrusions that show vulnerabilities in the military’s system to deploy troops and equipment in a crisis.
- Many were upset when The New South Wales Police force was named as a user of the FinFisher malware and spyware toolkit used by governments worldwide to capture user data, as part of a Wikileaks data release of the product.
- An eBay attack was reported by BBC, where an iPhone 5S listing sent users to a fake eBay clone page to steal user credentials; eBay only removed the listings only after a follow-up call from the BBC more than 12 hours later.
- Google announced that told The Washington Post that it plans to make data encryption the default setting for the Android L operating system, set to be released next month. Google also released its latest transparency report, described in Google Report Shows Governments’ Increasing Demands for Users’ Data. . Although Google is yet to provide details, or even an official statement, a spokesperson for the company has
- Home Depot's cyber attack was worse than we thought: In a statement, Home Depot said that it completed its investigation and added enhanced encryption will be complete in early 2015. .
Thanks to Larry Seltzer for contributing to this roundup.