The amount of good news and bad news from this past week was kind of even. On one hand, we had major announcements from tech giants on how they’re fighting the cybercriminals (long story short: they’re cutting the access to their favorite tools). On the other hand, there were plenty of data breaches.

The week debuted with an important Security Alert: my colleague Andra explained how thousands of small websites were compromised and used as a platform for malware distribution.

On Wednesday, I shared a painful story from my past, about the time I got hacked by a former employee and lost all my work. Take a glance over what I learned from that episode.

Last but not least, we published a mega-guide that will protect you against all scams carried on social networks – make sure you check it out before you head off into the weekend.

Here are the most important security articles of this week:

Security articles of the week

1. Google plans to ban Flash ads

Google just put another nail in the coffin of Adobe Flash. In an annoucement made on Google+, the company urges advertisers to drop Flash ads and move to HTML5.

– Starting June 30th, 2016, display ads built in Flash can no longer be uploaded into AdWords and DoubleClick Digital Marketing.
– Starting January 2nd, 2017, display ads in the Flash format can no longer run on the Google Display Network or through DoubleClick.

Because of its vulnerabilities, Flash is one of the tools preffered by cybercriminals to attack users worldwide.

2. Gmail on web is now safer

Here’s a step forward against phishers and unencrypted connections: on Safer Internet Day, Google announced that we’ll see two changes regarding Gmail on web:

1. If you receive a message from, or are about to send a message to, someone whose email service doesn’t support TLS encryption, you’ll see a broken lock icon in the message.
2. If you receive a message that can’t be authenticated, you’ll see a question mark in place of the sender’s profile photo, corporate logo, or avatar.

3. Oracle will retire Java browser plugin

We have even more good news: one year from now, our browsers will be Java free. Yeap, you heard that right: Oracle announced its plans to retire the highly insecure plugin.

4. Windows announces security patches

Microsoft resolved 41 security vulnerabilities this month. Leave no patch or update behind!

5. Malware attack on the IRS affects 101,000 Tax Returns

In a recent statement, the U.S. IRS (Internal Revenue System) declared that they were once again hacked. This time, the cybercrooks had access to electronic tax-return credentials for 101,000 social security numbers.

“Using personal data stolen elsewhere outside the IRS, identity thieves used malware in an attempt to generate E-file PINs for stolen social security numbers. An E-file pin is used in some instances to electronically file a tax return.”

6. 30.000 FBI & DHS employees had their info leaked

The hacker, who goes on Twitter by the username of @DotGovs, published the supposed data on an encrypted text-sharing website, including: names, job titles, phone numbers, email addresses

FBI and DHS were also hit with a major data breach. In the past week, information on 30.000 employees got leaked by a cybercriminal.

7. Taobao data breach: 100 million records used to hack 20 million users

Tired of all the data breach news? We’re not done yet. Taobao, a major Chinese e-commerce website, part of the Alibaba group, was also a target of a massive data breach that affected 20 million consumers.

8. The technology behind Hillary Clinton’s email scandal, explained

Good article from Greg Satell on the technology behind Hillary Clinton‘s email scandal.

9. How scams targeting Netflix users contribute to the rise of the black market

If you don’t pay attention to where you fill in your credentials, your Netflix account may end up for sale on the black market. Researchers at Symantec analysed how malware and phishing campaigns targeting Netflix users contribute to the rise of credentials sold on the black market.

By the way, your Uber log-in credentials are just as attractive.

10. Internet Archive released a Malware Museum

Thanks to the Internet Archive, we know have a Malware Museum where we can relive 65 examples of malware from the ’80s and ’90s.

We clicked around and had plenty of fun testing old-school malware. One was advocating for the legality of cannabis, while another displayed the Italian flag and the message “Italy is the best country in the world”.


Just this:

Human Error vs Data Security

Leave a Reply

Your email address will not be published. Required fields are marked *