Zero Day Weekly: iOS Wi-Fi DoS, Aaron's Law, active Magento attacks, and more

A collection of notable security news items for the week ending April 24, 2015. Covers enterprise, controversies, application and mobile security, malware, reports and more.

Zero Day ZDNet RSA 2015

Welcome to Zero Day's Week In Security, our roundup of notable security news items for the week ending April 24, 2015. Covers enterprise, controversies, reports and more.

  • Intel Security teamed up with VMware, Ericsson and added a public cloud suite for McAfee. Intel brought a boatload of security software and data management upgrades to the annual RSA expo in San Francisco this week. The McAfee portfolio is being treated to a myriad of nips and tucks here and there from email management to advanced threat detection to next-gen firewalls for better user ID security.
  • Defense contractor Raytheon is forming a new joint venture with Vista Equity Partners' Websense in a move that aims to pitch defense-grade cybersecurity. The value of the new venture is about $2.3 billion; the joint venture will consist of Raytheon Cyber Products, a unit of the company's intelligence, information and services unit, and Websense, which has its Triton cybersecurity platform.
  • The House on Wednesday passed the first major cybersecurity bill since the calamitous hacks on Sony Entertainment, Home Depot and JPMorgan Chase. The Protecting Cyber Networks Act (PCNA) would give companies liability protections when sharing cyber threat data with government civilian agencies. Also this week, legislation that would reduce charges used against internet activist Aaron Swartz, "Aaron's Law" resurfaced in Congress, with bipartisan support.
  • Millions in China affected by compromised gov't data. More than 52 million pieces of personal information such as ID numbers, financial status, and property ownership have reportedly been compromised in various government-run systems across China.. High-risk vulns have been found in systems in more than 30 cities across China - and these are just the tip of the iceberg. A single loophole at the family planning department in Hubei province puts 70 million citizens' personal information at risk.
  • Attackers exploit Magento e-commerce vulnerability: Those using Magento's e-commerce platform should ensure they're using its latest software, as attackers are increasingly exploiting a flaw patched two months ago, security companies warned. An attacker could gain complete control over a store with administrator access, potentially allowing credit card theft. As many as 200,000 websites use Magento, which is owned by eBay.
  • Groupon refused to pay a security expert who found serious XSS site bugs. Having reported a series of security problems to Groupon, a security researcher was expecting a pay-out - but the site refuses to pony up. In all, more than 30 security issues with Groupon's site were found.
  • Microsoft unveiled plans for stronger encryption and tighter controls over Office 365 data. Microsoft announced its latest security moves at the RSA conference Monday: The biggest changes are improvements in encryption for Office 365. By the end of this year, Microsoft says, it will also implement content-level encryption, so that data will be protected even if someone gains access to the unencrypted disk contents.

Imagevia RSA Conference, used with permission.