Weekly Security Roundup #72: Keeping Up With the Data Breaches
And protecting your data against the prying hands of cyber attackers
Another week has passed, an important one for us: we’ve been working on some important articles for quite a long time, and this week we finally got to publish them.
One of them is a cyber security roundup, with 15 top experts from companies like Bitdefender, ESET, Avira, RAPID7, Sticky Password and more. We invited them to explain why software patching is essential for our online security. It’s one of the easiest ways we can strengthen our online security, but also extremely neglected by users.
The other article is a mega-guide on smartphone security – we expose the easiest things you can do to keep your phone and data safe. We encourage a multi-layered security approach, based on education and creating healthy habits, rather than relying on technology and brands.
And now time for the security news from the past week (spoiler alert: lots of data breaches and zero day vulnerabilities).
Security articles of the week
One of the most important news was WhatsApp‘s announcement that they switched on full end-to-end encryption. For all their users. By default. All the time.
This means that more than 1 billion people communicating through WhatsApp have their messages encrypted (or whatever else form of communication they use – photos, audio, video and so on). Nobody else will see them, but the people or groups the sender wants them to be seen.
While this is not a bulletproof guarantee that nobody else will peek into your messages, it’s a great start and we salute the initiative.
We won’t get into the political and social implications of one of the biggest data breaches in the history, the Panama Papers – it’s not our job or field of expertise, there are plenty of others more suitable to do that.
What interests us is the way those documents were leaked, and it looks like unencrypted emails played a key factor.
A database about 50 million citizens from Turkey was leaked online in this past week. It has more than 6 GB of information and contains first and last names, ID numbers, city and date of birth, full address and many other info.
In order to prove that the database is legit, the hackers highlighted the data of Recep Tayyip Erdoğan, Turkey’s current President. Judging by their comments, the attack seems to be politically motivated.
Further details surrounding the FBI and Apple case were revealed: the tool bought by FBI to crack the iPhone of one of San Bernardino attackers only works on the 5c model.
Leave no patch behind!
Looks like the jQuery library has been used by cyber crooks to inject malicious code into websites powered by WordPress and Joomla. Since the end of last year, the company Avast registered more than 4.5 million users who encountered the infection.
Last week we just published an article on the new EU data protection law and what we should expect from it. Although it won’t come into full effect until 2018, companies like Dropbox are already starting to prepare for it.
Here’s a fun fact:
Before you buy virtual reality headsets, you should at least have a look over what you’re agreeing to.
Spoiler alert: You have the right to give away all the data about you. For ever and ever.
Technically, this is not cybersecurity news, it’s an opinion article, so you won’t find out anything new from it. But we loved the attitude and hope you’ll enjoy reading this article as much as we did.
If you want to be even more up to date with the security news, you can follow our Twitter account: @HeimdalSecurity . It’s the place where we share most of the articles from the weekly roundup – and more.