Week in review 5 September 2014
Most of this week was dominated by the publishing of photos of Jennifer Lawrence on the web; indeed, two of our updates this week related to this. Elsewhere, the Cryptowall malware has become a million dollar business. Chase bank attempts to undo the good work of many security personnel, and another data breach was reported, this time at Home Depot.
The pictures of Jennifer Lawrence posted on the web earlier this week naturally made us question how safe is iCloud? At this stage, Apple has denied that iCloud has a security flaw. It is possible that the data breach was a phishing attack. Phishing may be the lowest level of attack, but it can be very effective.
Why should business care about the Jennifer Lawrence hack? Kaspersky explains why in this article. Again, the use of a phishing attack is a common but effective tool. Instead of pictures, think corporate data. Instead of a celebrity, think an employee. In one fell swoop, Chase Bank could have undone the work of many security personnel and educators, by advising users to click on email links. We advise users never to click on suspect email links. One hopes Chase Bank will rectify their error. Another data breach made the news this week. This time it was Home Depot (a US retailing chain).
The story was broken by Brian Krebs. Several Banks noted that a new batch of credit card and debit card numbers had been published online, alerting them to a data breach. It is possible that all 2200 stores in the US are affected, making this a large (possibly the largest of 2014) data breach. CryptoWall is ransomware that has been around for roughly six months. It has now reached the one million dollar mark in terms of ransoms netted. Researchers into ransomware advise not to pay the ransom.