Zero Day Weekly: LastPass, Samsung, baseball hacks, and the US Navy buying zero days

A collection of notable security news items for the week ending June 19, 2015. Covers enterprise, controversies, application and mobile security, malware, reports and more.
Written by Violet Blue, Contributor

Welcome to Zero Day's Week In Security, our roundup of notable security news items for the week ending June 19, 2015. Covers enterprise, controversies, reports and more.

  • Samsung is finally responding to a major security bug that affects the keyboards on its Galaxy smartphones and tablets. The security firm NowSecure revealed the exploit earlier this week, which gives hackers the ability to execute code on Samsung's mobile devices. Up to 600 million devices are affected.
  • Baseball hack attack: This week NYT reported that the FBI and the U.S. Justice Department are investigating whether St. Louis Cardinals officials hacked into the Houston Astros' internal networks. Investigators told the Times they uncovered evidence that Cardinals officials breached Astros databases containing information on trades, proprietary statistics and scouting information.
  • Federal auditors are blasting a decade-in-the-making government computer system that was supposed to simplify the immigration application process and improve national security. The so-called "Transformation Program" the Department of Homeland Security conceived in 2005 should have transformed paper-based transactions into online forms years ago. But because DHS has reversed course on software development strategies, the initial $536,000 effort faces a $3.1 billion price tag and a March 2019 rollout, according to a newly released Government Accountability Office report.
  • Rapid7, a Boston, Mass.-based provider of security analytics software and services, has filed an S-1 registration statement with the Securities and Exchange Commission (SEC) for a proposed initial public offering (IPO) of its common stock. The company is looking to raise roughly $80 million in an IPO.
  • What made Shylock so dangerous was the way it defied attempts to remove it, according to Adrian Nish, London-based head of cyberthreat intelligence at BAE Systems Applied Intelligence, who spent years studying it. "It was able to resurrect itself," he said. It was a banking Trojan, designed to sneak into a computer and drain your bank account; broken fragments of Shakespeare, from The Merchant of Venice, were buried in the program files.
  • The European Union faces a huge shortfall of qualified IT staff in Europe by 2020, prompting EU countries to redouble efforts to offer technology training. There are not enough IT specialists graduating in Europe to fill all jobs, creating a digital skills gap that could lead to 825,000 vacancies in the sector five years from now, according to figures released by the European Commission on Thursday.
  • Google on Tuesday added a new effort that pays when you find a security issue in Android. Every verifiable issue in the new Android Security Rewards program will pay a minimum of $500 with the total reward reaching $8,000 in some cases.
  • The Inverse Path USB armory ($130) is a little USB stick with an entire computer onboard (800MHz ARM processor, 512MB RAM), designed to be a portable platform for personal security applications. It stands to change personal information security as we know it: In its current state, it's pretty dreamy for most hackers and infosec pros (it's especially sexy for pentesters), but right now it's a bit challenging for non-technical people.
Editorial standards