A roundup of the top news stories in information security this week, including a new Apache vulnerability that's similar to Heartbleed, iOS updates addressing a series of vulnerabilities, and a new study sheds light on the costs of data breaches for U.S. enterprises.


 

Equifax Executives

EQUIFAX BREACH

Equifax Security Executives Leave the Company

In a statement released late last week by Equifax, the company announced that its chief information officer and chief security officer are retiring. The changes are effective immediately, according to the company release, although the names of the executives were not featured in the announcement.



Click here for full article.

 


Retail Breaches

DATA BREACHES

Retailers Face Two Cyber Assaults a Week, Report Says

New research from Zynstra, an enterprise-grade IT software provider, indicates that retailers are responding to cyber attackers on average twice per week. While 64% of respondents in the survey indicated that they experienced one cyber attack per month, 16% shared they experienced an attempted attack every day, and 11% said they responded 2-3 times per week.



Click here for full article.



Undocumented MS Office

CYBER THREAT

Undocumented MS Office Feature Leveraged By Attackers to Gather Configuration Details

Security researchers at Kaspersky Lab discovered a spear phishing campaign featuring documents in the OLE2 format that contained no macros, exploits, or other active content. The documents featured several links to PHP scripts found in third-party web resources. If the files are opened, attackers can receive information on software installed on the targeted machine.

Click here for full article.

 




Fitbit
VULNERABILITY

Fitbit Bugs Allow Attackers to Access Personal Information

Vulnerabilities in the popular Fitbit devices could give cyber miscreants the ability to access the personal information and create false activity records. Researchers at the University of Edinburgh were able to exploit weaknesses in the device’s communication procedures to intercept messages transmitted between fitness trackers and cloud servers, bypassing end-to-end encryption.


Click here for full article.




 

Tuesday SpamRANSOMWARE

Report: $301 Million Paid to Cyber Attackers by SMBs

Small to medium-sized businesses have been hit hard by ransomware attackers, and a new study sheds light on just how much damage the malware has done. According to a survey released today of the 2016-2017 period, SMBs have paid out an estimated $301 million in ransom to attackers. The survey included responses from 1,700 managed service provides that have more than 100,000 SMB customers collectively.


Click here for full article.






Apache Vulnerability

VULNERABILITY

Apache Bug, Optionsbleed, Leaks Server Memory

Server memory can be leaked thanks to a vulnerability in Apache dubbed Optionsbleed. The flaw, CVE-2017-9798, was detailed this week by security researcher Hanno Böck, who said the flaw was similar to Heartbleed, seeing as attackers can query servers and fool Apache into responding with more data than usual.

Click here for full article.

 



iOS Update

PATCHES

iOS Update Addresses Eight Vulnerabilities

The iOS 11 update has been released, and along with a new look and feel that users can experience on the iPad, the update also addresses some significant vulnerabilities. A total of eight CVEs were patched in this week’s update, with more patches also released for Safari and the Xcode development framework.

Click here for full article.

 


 

Security Costs

SECURITY COSTS

Average Cyber Attack Costs Reach $1.3 Million for U.S. Enterprises

The average cost of a cyber attack on a North American enterprise or small to medium-sized business is increasing. According to a new report by Kaspersky Lab, the average cost of a data breach in North American is $1.3 million for enterprises and $117 million for SMBs.

Click here for full article.

 

 



Mobile Ransomware
RANSOMWARE

New Research Sheds Light on Ransomware Threat to Mobile Browsers

A new study by security firm SecureWorks’ Counter Threat Unit indicates that the mobile ransomware threat is only increasing. In 2016, their researchers discovered 200 new ransomware variants, an increase of 122% from the year prior. Given that most mobile ransomware threats are browser-based, it can infect nearly any device with a built-in browser, according to experts at SecureWorks CTU.

Click here for full article.