How Businesses Can Utilise Penetration Testing

Understand your security vulnerabilities

Article by Beau Peters

The basic approaches like phishing simulations are good, but they tend to have limited reach. This is why more agile methods, penetration testing among them, have been getting increasing attention. In essence, this sees experts with a background in ethical hacking utilizing the techniques of cybercriminals to breach a business’ systems. This also receives a certain amount of hesitancy — business owners are often unsure about the idea of letting somebody hack their systems in the name of cybersecurity.

As always, there is more to this issue. So, let’s explore what penetration testing is, why businesses should engage with it and how they can do so to get the most impact.

What are the Benefits?
Penetration testing requires a significant amount of trust. Therefore, it’s important to look at what the payoffs of this approach are as opposed to ostensibly safer techniques.

Some of the key benefits include:

• Ascertaining Vulnerabilities

Penetration testing tends to be the most direct and reliable approach to identifying what parts of a company’s systems are vulnerable to attack. In general, testers will go through each aspect of the network architecture, the website and software code, applications, and hardware to identify where weaknesses lie. This doesn’t just apply to external threats but internal issues, too.

These experts are also approaching their review of a business’ systems with the creative, outside-of-the-box thinking cybercriminals are likely to use. As such, companies benefit from perspectives not usually offered by in-house information technology staff. Once points of vulnerability have been identified, the tester will often provide information about what issues are the highest priority to handle based on the severity of the risk and the consequences. 

• Maintaining Trust

Perhaps above all else, the benefit of penetration testing is the opportunity to maintain and strengthen trust between a business, its customers, and its supply chain. This is vital given the amount of consumer and partner data companies are gathering and storing. Security is particularly vital in cases when companies are undergoing data democratization — where important data is not just accessible to analysts and leadership but to all members of the organization.

This can be an empowering use of data, helping workers to understand how best to use and protect such information. However, alongside practical obstacles like deficient tools and siloed data, there is a need to prevent breaches. Penetration testing identifies where risks are throughout democratization practices, giving businesses the tools to strengthen their approaches. In turn, consumers and suppliers are assured their data is used to its best purpose and kept safe.

Understand the Needs
While penetration testing utilizes curious, creative ethical hackers, businesses shouldn’t be mistaken in thinking this means it’s a simple process. It requires technological experts who usually go through at least five stages of protocols — from planning the right approach for the goals of the test to analyzing the data they’ve received and compiling a detailed report. The testing methodologies, too, can vary depending on the circumstances. As such, to make the most out of the process, businesses need to have a clear idea of what their needs are.

Some of the common tests and the relevant needs they serve include:

• Application Testing

Many brands are producing their own apps to improve customer engagement. However, consistent data security can be difficult to achieve, particularly when working across multiple operating systems. Application penetration testing is used to spot flaws in the current security systems, as well as how they interact with user’s devices and represent vulnerabilities to consumers.

• Physical Testing

Businesses often think cybersecurity attacks will originate remotely. But when a company keeps its servers and equipment on-site, there is potential for criminals to break into the premises and cause a breach. Hacks may even come from staff. Physical penetration testing should, therefore, be sought to understand whether the equipment is vulnerable to the types of tools and methods in-person hackers may use.

• Wireless Testing

Businesses are increasingly utilizing wireless tools for integral parts of operations. This includes capturing sensitive data, through contactless payment machines or sensors on devices in the Internet of Things (IoT) that track and control the supply chain. Wireless penetration testing can be used to understand how easy it is to illicitly collect data or even disrupt operations through the connected ecosystem. They’ll also confirm where stricter measures need to be in place to prevent access.

Finding the Right Expert
Having established what pen testing is and how it can fit in with a business, how can companies find the right people for the job? After all, one of the key concerns companies have in this area is that they are essentially hiring hackers — there’s a lot of social and legal baggage accompanying this activity.

When bringing on a consultant or hiring an in-house tester, the best approach is to look for relevant certification. Some of the most recognized examples here include the Certified Ethical Hacker licenses issued by the International Council of E-Commerce Consultants (EC-Council), and the Certified Penetration Tester course offered by the Information Assurance Certification Review Board (IACRB). Global Information Assurance Certification (GIAC) also provides various specialized qualifications that are considered to be reliable. These courses are designed to provide knowledge not just about the technical skills to positively impact a business, but also the ethical standards to help make sure testers are staying on the right moral and legal track throughout their activities.

Conclusion
Penetration testing is an agile tool offering various benefits for businesses, including maintaining trust and highlighting points of vulnerability. However, it’s important to remember that getting the most out of the process requires clarity on the company’s challenges and goals for testing, alongside sourcing the relevant certified tester to collaborate with.

Why Freelancers Should Prioritise Cybersecurity

Article by Beau Peters

As a freelancer in any industry, you are likely more susceptible to hackers and cybercrime than many other professions. Not only are you pulling in a constant stream of customer data, but as a worker on the go, you likely work exclusively in the digital realm with all of your information in the online space. That means that you are basically presenting data on a silver platter for cybercriminals to find and use for malicious purposes.

If you take your business seriously, then cybersecurity needs to be your top priority, not only for your clients but also for the stability of your own enterprise. Luckily, you can stay out of the way of cybercriminals by implementing a few basic security features along with an understanding of common threats. We’ll explain both solutions below.

Protect Client Data
It is important to remember that just about any piece of client data can be used by cybercriminals to cause havoc. Credit card and social security numbers are especially dangerous, as they can be used to take out fraudulent loans and commit identity fraud that could lead to financial and emotional issues as your customers frantically try to get their life back together.

Keep in mind that it is not only the data you acquire from customers that need to be protected. As a freelancer, you are likely working on many different websites with many different companies, and the cookies and browsing breadcrumbs you leave behind are also loaded with customer data as well as your own. If you don’t protect your systems, that data can be easily extracted by hackers.

If you think you are safer because you have a smaller business, think again. Hackers tend to go after smaller targets often because they know that freelancers and new organizations often don’t have the resources or security procedures in place to protect their data, and even if the hackers only get away with a small amount of private customer data, that information is just as valuable to hackers and dangerous on the black market.

If you do have a client who becomes the victim of cybercrime and it is connected back to you, it could mean a hit to your reputation that you may not be able to come back from, and as a smaller business, you may not want that type of heat. Recent statistics show that the cost of a breach could be as much as £285k ($200k) in penalties and repairs, so if you don’t bring in that kind of money, caution is of the utmost importance.

Avoid Common Scams and Sketchy Characters
Since you are likely a one-person company that doesn’t have an IT team to detect issues and solve problems, you will need to be extra cautious of the companies and clients with which you interact. Part of that is being aware of common scams that could spell big trouble. Phishing emails are often sent by a hacker and they continue to be a constant threat. If you are contacted by a freelance client that seems too good to be true or asks for private information upfront, you may be dealing with a hacker.

You must complete your due diligence when it comes to finding and accepting freelance clients. Before you start sharing with them, get their contact information and look them up online to see if they have a digital footprint. A first step in determining if they are legitimate is by searching online with the keywords “company’s name + scam” or “company’s name + lawsuit,” and see what comes up. Also, use your network of writers and on LinkedIn to ask if your associates have heard of the company and if they have a good reputation.

Another common scam that you should be aware of has little to do with who you work with, but instead, where you do your work. The man-in-the-middle attack is when a hacker sets up a fake Wi-Fi network in a public place and tries to gain the victim’s attention by saying that it is free or by attempting to mimic the real Wi-Fi at the establishment. When you connect to this fake network, you are really connecting directly to the hacker’s computer, and from there, they can take any data they want from your machine. To avoid this scam, always take the time to ask the proprietor of the establishment for the correct Wi-Fi, so you know it is legitimate.

Securing Your Work at All Times
To have the best chance of avoiding these issues now and in the future, you will want to build your computer network like a fortress. Not only will taking the proper precautions keep you out of financial trouble, but you could also advertise in your job pitches how secure your business really is. Start with smart passwords. Every program you use should have a strong password that utilises a combination of letters, numbers, and special characters, and every password you use should be unique.

The next step in setting up your security fortress is installing software that will keep cybercriminals at bay. Start by installing antivirus software and use it to scan your system every week for malware and viruses. Always make it a point to update your antivirus software whenever a new version is available so you get the latest protection. On top of that, you should install a virtual private network (VPN), which will disguise your location and encrypt all of your precious information.

Along with keeping your data secure, you will also want to keep all-important personal and client data stored on a dependable backup server. This will come in handy if you ever lose your computer or if you are the target of ransomware, which is an attack where hackers try to take control of your system until you pay them money to release it. If you have a backup, you can recover the data without playing into the hacker’s game.

You’ve worked hard to create your freelance business, so you should do everything in your power to protect it. Try the solutions described above and your business will remain strong and secure.

iPhone Hacks: What You Need to Know About Mobile Security

Guest Post by Jennifer Bell

Learn How Hackers Steal and Exploit Information to Ensure This Doesn’t Happen to You 

Cybersecurity is an important topic to know and understand in order to keep your information safe and secure. Even more specifically, it’s important to know and understand mobile security as well. Mobile security, especially with iPhones, is crucial as hackers are becoming smarter and more creative when it comes to iCloud hacks. Apple has partnered with network hardware and insurance companies such as Cisco and Aon to provide security against data breaches; but how can you ensure that even with these Apple partnerships that your iPhone is secure and protected against hackers? Here are the most common ways that hackers get into iPhones to steal or exploit personal information, keep these points in mind to best protect yourself from mobile security hacks.

Poor Passwords
Often, poor password choices or poor password management allows hackers to easily hack into iPhones and other Apple products. Hackers are skilled at obtaining Apple IDs and passwords using phishing scams which are attempts to obtain personal data and information by posing as credible and trustworthy electronic entities. Here are some tips to protect your password from hackers and phishing scams:

• Set up two-factor authentication for your Apple account 
• Choose passwords that have no significant personal meaning; such as birthdays or names of family or pets. Hackers can easily do their research and make educated guesses as to what a password maybe 
• Back up information in other places besides just the iCloud 
• Change all passwords if even just one account is hacked 

Untrustworthy Websites
One of the most common ways that hackers make their way into iPhones and other Apple products is by using websites that are not credible. These websites either have holes in the software that allows hackers to get into an iPhone or, they use websites to ask for personal information such as credit card information or contact information. How do you know if a website is credible?

• Ask yourself, does this website look trustworthy? Have I ever heard of it? Does it make sense for it to be asking me these questions? 
• Use a secure middle layer payment option for purchases. Using PayPal or Visa Checkout is a great way to make payments online because the payment is not directly connected to any of your bank information 
• Don’t open emails or any attachments that link you to a website if it comes from an untrusted sender 
• Look up websites if you haven't ever heard of them. If the website is untrustworthy, it’s likely that people have been scammed or hacked on there before and have shared/posted their story 

Public WiFi Networks
Hackers have been known to gain access to iPhones using WiFi spoofing which is creating a WiFi network that doesn’t require a password and seems like a trustworthy network. Computer forensic services have also discovered that if your iPhone is set up to automatically connect to WiFi, your iPhone will automatically sync up to a spoofed WiFi network and will open your phone up to hackers without you knowing. Avoiding public WiFi networks can potentially save your iPhone from hackers; similarly, avoid public hotspots for the same reason. 

Protect Your iPhone From Cyberattacks
Hackers are becoming more and more knowledgeable when it comes to stealing and exploiting people’s personal information found on their iPhones. Keep these points in mind and remember to keep your iPhone’s software up to date; these things can ultimately secure your personal information and save you from falling victim to hackers’ harsh motives.

About the Author 

Jennifer Bell is a freelance writer, blogger, dog-enthusiast and avid beachgoer operating out of Southern New Jersey

Cyber Security Roundup for April 2019

The UK government controversially gave a green light to Huawei get involved with the building of the UK's 5G networks, although the Chinese tech giant role will be limited to non-sensitive areas of the network, such as providing antennas. This decision made by Theresa May came days after US intelligence announced Huawei was Chinese state funded, and amidst reports historical backdoors in Huawei products, stoking up the Huawei political and security row even further this month, and has resulted in the UK Defence Secretary, Gavin Williamson, being sacked. 

• Defence Secretary Gavin Williamson sacked over Huawei leak
• Daily Telegraph publishes details of a meeting about using the Chinese telecoms firm to help build the UK's 5G network
• Huawei row: Inquiry to be held into National Security Council leak
• Is Huawei a Threat to UK National Security?
• What's the greater risk to UK 5G, Huawei backdoors or DDoS?
• Backdoors found in Huawei-supplied Vodafone equipment between 2011 and 2012
• Microsoft researchers find NSA-style backdoor in Huawei laptops
• 5G cyber-attack: What would be the effect on the UK?
• Huawei: Why UK is at odds with its cyber-allies
• NCSC: Huawei threat to national security

The National Cyber Security Centre (NCSC) launched a free online tool called "Exercise in a Box", designed by the UK cyber intelligence boffins to help organisations prepare in managing major cyber attacks.  The premise, is the tool will help UK organisations avoid scenarios such as the 2017’s Wannacry attacks, which devastated NHS IT systems and placed patient lives at risk.

 

German drug manufacturing giant, Beyer, found a malware infection, said to originate from a Chinese group called "Wicked Panda".  The malware in question was WINNIT, which is known in the security industry and allows remote access into networks, allowing hackers to deliver further malware and to conduct exploits. In my view, the presence of WINNIT is a sure sign a covert and sustained campaign by a sophisticated threat actor, likely focused on espionage given the company's sector.  Beyer stressed there was no evidence of data theft, but were are still investigating. 

 

Another manufacturing giant severely hit by a cyber attack this month was Aebi Schmidt. A ransomware outbreak impacted its business' operations globally, with most of the damage occurring at their European base. The ransomware wasn't named, but it left multiple Windows systems, on their presumably flat network infrastructure, paralyzed.

 

Facebook may have announced the dawn of their "privacy evolution" at the end of April, but their privacy woes still continue, after Upguard researchers found and reported 540 Million Facebook member records on an unsecured AWS S3 bucket. The "Cultura Colectiva" dataset contained 146GB of data with 540 million records showing comments, likes, reactions, account names, Facebook IDs and more. Looks like Facebook really have their work cut in restoring their consumer's faith in protecting their privacy.

 

UK businesses saw a significant increase in cyber attacks in 2019 according to a report by insurer Hiscox, with 55% of respondents reporting they had faced a cyber attack in 2019, up from 40% from last year.
 
A survey by the NCSC concluded most UK users are still using weak passwords. Released just before CyberUK 2019 conference in Glasgow, which I was unable attend due work commitments, said the most common password on breached accounts was"123456", used by 23.2 million accounts worldwide. Next on the list was "123456789" and "qwerty", "password" and "1111111".  Liverpool was the most common Premier League Football team used as a password, with Blink 182 the most common music act. The NCSC also published a separate analysis of the 100,000 most commonly re-occurring passwords that have been accessed by third parties in global cyber breaches. So password still remains the biggest Achilles' heel with our security.

The UK hacktivist threat came back to the fore this month, after the Anonymous Group took revenge on the UK government for arresting WikiLeaks founder Julian Assange, by attacking Yorkshire Councils. I am not sure what Yorkshire link with Assange actually is, but the website for Barnsley Council was taken down by a DDoS attack, a tweet from the group CyberGhost404 linked to the crashed Barnsley Council website and said "Free Assange or chaos is coming for you!". A tweet from an account called 'Anonymous Espana' with an image, suggested they had access to Bedale Council's confidential files, and were threatening to leak them. 

 

Microsoft Outlook.com, Hotmail and MSN users are reported as having their accounts compromised. TechCrunch revealed the breach was caused due to the hackers getting hold of a customer support tech's login credentials. Over two million WiFi passwords were found exposed on an open database by the developer of WiFi Finder. The WiFi Finder App helps to find and log into hotspots.  Two in every three hotel websites leak guest booking details and personal data according to a report. Over 1,500 hotels in 54 countries failed to protect user information.
 
Finally, but not lest, a great report by Recorded Future on the raise of the dark web business of credential stuffing, titled "The Economy of Credential Stuffing Attacks". The report explains how low-level criminals use automated 'checkers' tools to validate compromised credentials, before selling them on.

I am aware of school children getting sucked into this illicit world, typically starts with them seeking to take over better online game accounts after their own account is compromised, they quickly end up with more money than they can spend. Aside from keeping an eye on what your children are up to online as a parent, it goes to underline the importance of using unique complex passwords with every web account (use a password manager or vault to help you - see password security section on the Security Expert website). And always use Multi-Factor Authentication where available, and if you suspect or have are informed your account 'may' have compromised, change your password straight away.

BLOG

• How Business can address the Security Concerns of Online Shoppers
• Third Party Security Risks to Consider and Manage

 NEWS

• Huawei to be given limited access to UK 5G Network
• The NCSC launches Cyber Security tool for UK Businesses and Authorities
• German Drug Manufacturer Beyer hit by Malware Attack originating from China
• Aebi Schmidt latest Manufacturer dealing with Ransomware Cyberattack
• 540M Facebook Member Records exposed by an Unsecure AWS S3 Bucket
• Microsoft will drop Password Expiration Policies in Windows 10 and in Windows Server
• 'Assange Supporters’ Claim to Hack Yorkshire Councils
• Hackers beat University Cyber-Defences in Two Hours
• App leaves over 2 Million WiFi Network Passwords Exposed on Open Database
• Two in Three Hotel Websites Leak Guest Booking Details and Allow Access to Personal Data
• Yahoo to pay £90M in latest settlement of Massive Breach
• Hackers nab emails and more in Microsoft Outlook, Hotmail, and MSN Compromise
• 4 in 5 IT Chiefs are delaying Security Patches to avoid Business Disruption
• A Public Database Exposed the Medical Records of 150,000 Rehab Patients
• Amnesty Intl. says Cyberattack on Hong Kong office appears linked to known APT group
• Cyber-Attacks ‘Damage’ National Infrastructure
• Microsoft Patches 75 Vulnerabilities, including 14 Critical for Windows, IE\Edge, Chakra and Adobe Flash
• Adobe Releases fixes 21 Vulnerabilities in Acrobat and Acrobat Reader
• Machines running popular AV software go unresponsive after Microsoft Windows update
• Apache Tomcat Vulnerability Results in Remote Code Execution
• Adobe’s Patch Tuesday includes Security Updates for Flash Player and AIR
• Attackers Exploit WordPress Zero Day following Disclosure
• WinRAR Exploit used by MuddyWater APT phishing gang
• ISC Patches Three Vulnerabilities in BIND
• Flawed P2P technology Threatens Millions of IoT Devices

AWARENESS, EDUCATION AND THREAT INTELLIGENCE

• The Economy of Credential Stuffing Attacks
• ShadowHammer code Found in several Video Games
• Researchers uncover new ‘TajMahal’ APT framework, plus a new Gaza Cybergang malware campaign
• Baldr Stealer Malware Active in the Wild With ongoing Updates
• TA505 Targets Financial and Retail using 'Undetectable' Methods
• Lazarus Targets Mac Users With Malware
• Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure

REPORTS

• Hiscox Cyber Readiness Report 2019: UK Businesses Report Leap in Cyber Attacks
• NCSC UK Cyber Survey: Most Users still use weak Passwords 

Cyber Security Roundup for June 2018

Dixons Carphone said hackers attempted to compromise 5.9 million payment cards and accessed 1.2 million personal data records. The company, which was heavily criticised for poor security and fined £400,000 by the ICO in January after been hacked in 2015, said in a statement the hackers had attempted to gain access to one of the processing systems of Currys PC World and Dixons Travel stores. The statement confirmed 1.2 million personal records had been accessed by the attackers. No details were disclosed explaining how hackers were able to access such large quantities of personal data, just a typical cover statement of "the investigation is still ongoing".  It is likely this incident occurred before the GDPR law kicked in at the end of May, so the company could be spared the new more significant financial penalties and sanctions the GDPR gives the ICO, but it is certainly worth watching the ICO response to a repeat offender which had already received a record ICO fine this year. The ICO (statement) and the NCSC (statement) both have released statements about this breach.

Ticketmaster reported the data theft of up to 40,000 UK customers, which was caused by security weakness in a customer support app, hosted by Inbenta Technologies, an external third-party supplier to Ticketmaster. Ticketmaster informed affected customers to reset their passwords and has offered (to impacted customers) a free 12-month identity monitoring service with a leading provider. No details were released on how the hackers exploited the app to steal the data, likely to be a malware-based attack. However, there are questions on whether Ticketmaster disclosed and responded to the data breach quick enough, after digital banking company Monzo, claimed the Ticketmaster website showed up as a CPP (Common Point of Purchase) in an above-average number of recent fraud reports. The company noticed 70% of fraudulent transactions with stolen payment cards had used the Ticketmaster site between December 2017 and April 2018. The UK's National Cyber Security Centre said it was monitoring the situation.

TSB customers were targetted by fraudsters after major issues with their online banking systems was reported. The TSB technical issues were caused by a botched system upgrade rather than hackers. TSB bosses admitted 1,300 UK customers had lost money to cyber crooks during its IT meltdown, all were said to be fully reimbursed by the bank.

• Couple 'lose thousands' to TSB fraudsters
• TSB letter error 'may have broken law'
• TSB left man on hold as his wedding savings were stolen

The Information Commissioner's Office (ICO) issued Yahoo a £250,000 fine after an investigation into the company's 2014 breach, which is a pre-GDPR fine. Hackers were able to exfiltrate 191 server backup files from the internal Yahoo network. These backups held the personal details of 8.2 million Yahoo users, including names, email addresses, telephone numbers, dates of birth, hashed password and other security data. The breach only came to light as the company was being acquired by Verizon.

Facebook woes continue, this time a bug changed the default sharing setting of 14 million Facebook users to "public" between 18th and 22nd May.  Users who may have been affected were said to have been notified on the site’s newsfeed.

Chinese Hackers were reported as stealing secret US Navy missile plans. It was reported that Chinese Ministry of State Security hackers broke into the systems of a contractor working at the US Naval Undersea Warfare Center, lifting a massive 614GB of secret information, which included the plans for a supersonic anti-ship missile launched from a submarine. The hacks occurred in January and February this year according to a report in the Washington Post.

Elon Musk (Telsa CEO) claimed an insider sabotaged code and stole confidential company information.  According to CNBC, in an email to staff, Elon wrote “I was dismayed to learn this weekend about a Tesla employee who had conducted quite extensive and damaging sabotage to our operations. This included making direct code changes to the Tesla Manufacturing Operating System under false usernames and exporting large amounts of highly sensitive Tesla data to unknown third parties". Telsa has filed a lawsuit accusing a disgruntled former employee of hacking into the systems and passing confidential data to third parties. In the lawsuit, it said the stolen information included photographs and video of the firm's manufacturing systems, and the business had suffered "significant and continuing damages" as a result of the misconduct.

Elsewhere in the world, FastBooking had 124,000 customer account stolen after hackers took advantage of a web application vulnerability to install malware and exfiltrate data. Atlanta Police Dashcam footage was hit by Ransomware.  And US company HealthEquity had 23,000 customer data stolen after a staff member fell for a phishing email.

IoT Security

The Wi-Fi Alliance announced WPA3, the next generation of wireless security, which is more IoT device friendly, user-friendly, and more secure than WPA2, which recently had a security weakness reported (see Krack vulnerability). BSI announced they are developing a new standard for IoT devices and Apps called ISO 23485. A Swann Home Security camera system sent a private video to the wrong user, this was said to have been caused by a factory error.  For Guidance on IoT Security see my guidance, Combating IoT Cyber Threats.

As always, a busy month for security patching, Microsoft released 50 patches, 11 of which were rated as Critical. Adobe released their monthly fix for Flash Player and a critical patch for a zero-day bug being actively exploited. Cisco released patches to address 34 vulnerabilities, 5 critical, and a critical patch for their Access Control System. Mozilla issued a critical patch for the Firefox web browser.

NEWS

• Dixons Carphone Admits 5.9M Payment Cards and 1.2 M Personal Records Data Breach
• European Authority and the ICO both Fine Yahoo! and Optical Center £250,000
• Ticketmaster Discloses Data Theft of up to 40,000 UK Customers via Third-Party Customer Support App
• Wi-Fi Alliance issues WPA3 Standard to improve Wireless Security
• Chinese Hackers Steal Secret US Navy Missile plans in Contractor Breach
• Tesla Chief Elon Musk says an Insider Maliciously Changed Code and Exfiltrated Data
• HealthEquity Exposes PII of 23,000 Customers after Employee fell for Phishing Scam
• Privacy by Design  Standard being developed for IOT devices and apps
• TSB admits 1,300 accounts hit by Fraud amid IT Meltdown
• Facebook privacy bug 'affects 14 Million Users’
• Swann Home Security sends Video to Wrong User
• Hackers exploit FastBooking flaw to steal Customer Data from Hundreds of Hotels
• Ransomware hits Atlanta Police Dashcam Footage
• 27 Million Account Data Breach and Website Defacement Rock Ticketfly
• Australian Bank Mistakenly Sent Data on 10K Customers to Wrong Domain
• Watchdog org accuses HMRC of collecting 5.1 million audio signatures without consent
• Microsoft Patches 50 Vulnerabilities for Windows IE\Edge, Office, Chakra & Flash
• Adobe Releases Critical Fixes for Flash Player
• Adobe issues a critical patch after Flash zero-day bug actively exploited in Middle East
• Cisco Patches 34 vulnerabilities, 5 Critical
• Cisco patches Critical Secure Access Control System (ACS) Remote Code Execution Flaw
• Mozilla issues Critical patches for Firefox ESR 52.9, Firefox ESR 60.1, and Firefox 61

AWARENESS, EDUCATION AND THREAT INTELLIGENCE

• VPNFilter Malware Affects more Devices and Exploits Endpoints
• Sofacy rolls out Zebrocy Toolkit to hit Government Targets
• Olympic Destroyer Threat Group Switches Target Sectors
• TG-3390 deemed responsible for Watering Hole Attacks
• Scammers Abuse Multilingual Domain Names
• 539% uptick in Attacks Targeting Consumer-grade Routers Since, Report

REPORTS

• 539% uptick in Attacks Targeting Consumer-grade Routers Since, Report