Welcome to Zero Day's Week In Security, our roundup of notable security news items for the week ending November 7, 2014. Covers enterprise, controversies, reports and more.
This week, IBM announced what amounted to a pivot to embrace enterprise security services, Apple's OS X Yosemite took another security hit, Home Depot shared that a stunningly huge email address payload was snatched in its breach, and consumers officially got breach fatigue.
Researchers have uncovered a new and sophisticated form of malware which attacks iOS devices through USB connections from OS X systems.and say that "...this malware family heralds a new era in malware" and if the claims are true, the find is indeed significant.
about a serious vulnerability in Apple's OS X Yosemite, called "Rootpipe" which allows root access by attackers. The privilege escalation vulnerability was discovered by Swedish hacker Emil Kvarnhammar, who has been asked by Apple to withhold details until January 2015 — since Apple likely wouldn't allow details until they have a fix, this is probably when users can expect a patch.
Microsoft has released their. There will be a total of 16 updates issued next Tuesday, November 11, five of them rated critical. Nearly all of the updates affect Windows. Microsoft also to Microsoft Azure customers.
A bill which Ultrascan AGI report.has been approved by senators in Nigeria. The draft law, known as the Cybercrime Bill, had been debated and proposed in a variety of formats for a decade. It seeks to create legal frameworks that bring Nigerian laws into line with international standards for prosecuting a variety of digital offenses. The Nigerian scam (now expanded beyond the typical email campaigns) — alone cost $12.7 billion in global losses in 2013, according to an
Home Depot on Thursday said thatwhere 56 million credit card accounts were also compromised. For the home improvement retailer the security hits just keep coming.
- Breach fatigue sets in: A new report confirms that in the wake of mega breaches at retailers like Target and Home Depot, consumers are reaching a point of "breach fatigue." Conducted by Ponemon Institute on behalf of RSA, the report shows that consumers really do little to alter their shopping behavior following breaches at their favorite stores. However, they do have preferences about how online retailers handle security measures such as authentication.
- IBM doubled down on enterprise security this week, releasing under an umbrella it’s calling a "hybrid cloud model" for companies to manage security as they shift to the cloud. Gartner in June called IBM the largest vendor selling exclusively to enterprises.
- Google: Manual Account Hijacks Much More Dangerous Than Bot Takeovers. Targeted attacks are less common but cause more problems and financial losses for victims than nontargeted mass account takeovers, a new report from Google says. In the report the firm with hijackers that target not businesses, not governments, but you.
- Google this week also released by common configuration mistakes or known bugs. Called "nogotofail" and apparently named in honor of the "goto fail" bug that affected Mac and iOS systems earlier this year, the tool offers a way to confirm that Internet-connected devices and applications aren't vulnerable to transport layer security (TLS) and secure sockets layer (SSL) encryption issues, such as known bugs or misconfigurations.
Researchers found a VISA contactless payment card exploit that authorize transactions using VISA contactless payment cards beyond the pre-set spending limit. If the transaction is specified in a foreign currency, it will proceed at larger amounts.. Researchers from Newcastle University in the UK have discovered a way to