A roundup of the top news stories in information security this week, including consulting firm Accenture leaving servers containing personal information completely unprotected, Patch Tuesday addressing a zero-day vulnerability, and Equifax revealing that more UK consumers were affected by its breach than previously reported.



Smart City

IoT

Cybersecurity is Essential for Cities Looking to go ‘Smart’

There are plenty of security challenges that present themselves when it comes to the Internet of Things, but the dangers are that much greater when you scale up technology to the urban infrastructure level. The current potential market for smart cities is expected to reach $1 trillion by 2020, meaning security will have to play a major role as cities begin to roll out millions of interconnected devices and sensors. The Hill reports on a recent legislation that could further fund smart city infrastructure.

Click here for full article.




 

Social Engineer

ARREST

Malaysian Bank Robber Arrested Following Successful Heist

A social engineer that recently performed a successful heist that netted him $142,000 has been arrested. While he wasn’t the most technologically savvy robber, the suspect pretended to be a fire extinguisher maintenance technician, spoke with staff to convince them that he was there for an inspection, and within 20-minutes walked away with $142,000. CSO Online’s Salted Hash blog reports on the full story.

 

Click here for full article.

 


Accenture

DATA SECURITY

Accenture Leaves Customer Data Exposed on Servers

Cybersecurity firm UpGuard recently discovered a trove of corporate data left completely unprotected by consulting firm Accenture. The information was found on four cloud-based storage servers in mid-September that wasn’t password protected. The stored information included deception keys, passwords, and data on its customers, which range from Fortune 100 companies to three-quarters of the Fortune 500.



Click here for full article.



Microsoft

PATCH TUESDAY

Microsoft Addresses 62 Flaws, in Addition to a Zero-Day Vulnerability

October’s Patch Tuesday release once again featured a slew of fixes for vulnerabilities found in Microsoft’s products. In total, the tech-giant patched 62 security bugs in applications like Windows OS, Office, Internet Explorer, Microsoft Edge, and the Chackra Core browser engine. The most important vulnerability addressed was a zero-day flaw that was publicly disclosed and used in attacks on live targets before it was patched by Microsoft.

Click here for full article.

 





Ransomware Sales
CYBER THREAT

Ransomware Sales See Massive Spike on the Dark Web

Sales for ransomware are soaring on the dark web as cyber criminals continue to purchase do-it-yourself kits and ransomware-as-a-service packages. According to a new study, ransomware is a $6.2 million industry, with sales in the illicit marketplaces skyrocketing 2,502% in 2017 so far. The most popular sellers include do-it-yourself ransomware kits that can range anywhere from 50 cents to $3,000.


Click here for full article.





Equifax BreachDATA BREACH

Equifax Says 15.2 Million UK Accounts Affected in Data Breach

On Tuesday, credit reporting agency Equifax disclosed additional information regarding its recent data breach, sharing that 15.2 million client records in Britain were compromised. Of the total number of client records impacted, the personal information of roughly 700,000 consumers was included. A majority of the information compromised in the cyber attack, 145.5 million, mostly affected U.S. consumers.


Click here for full article.







Kaspersky Lab

ESPIONAGE

University of Nebraska ITS Information Security Office Issues Warning Regarding Kaspersky Labs

Just weeks following the headline-grabbing news tied to the Department of Homeland Security’s public warnings regarding Kaspersky Labs products, one university has released a similar report. The University of Nebraska Information Technology Services Information Security Office report also believes that the cybersecurity company’s software is involved in suspicious activity.

Click here for full article.

 





North Korean Hacker

NORTH KOREA

Threat Actors in North Korea Set Their Sights on U.S. Electric Companies

A spear-phishing campaign run by North Korean threat actors is targeting U.S. electric companies to gather intelligence. Experts at cybersecurity firm FireEye issued an alert earlier this week on the incident. “North Korea probably is attempting intrusions into U.S. energy companies to deter potential military action,” says Christopher Porter, chief intelligence strategist at FireEye.

Click here for full article.