Posted April 19, 2016
This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.
“An anonymous hacker has pointed out an SQL injection vulnerability in the IT systems of notorious Panamanian law firm Mossack Fonseca, hinting at sub-standard IT security at the firm which likely contributed to the major data breach there last week.
The “underground researcher,” who goes by the Twitter handle “1X0123,” posted a screenshot to the micro-blog to prove the flaw, which appears to be in the firm”s CMS.”
Legal and Regulation
“Following the publication by the European Commission of the draft adequacy decision on the EU-U.S. Privacy Shield and related documents, the Article 29 Working Party has conducted its assessment in light of the applicable EU data protection legal framework as set out in Directive 95/46/EC, as well as the fundamental rights to private life and data protection as enshrined in Article 8 of the European Convention on Human Rights and Articles 7 and 8 of the Charter of Fundamental rights of the European Union.”
“The e-commerce platform provider has issued patches for Magento Commerce and removed an extension as a precaution to fend off content management system malware. E-commerce platform provider Magento Commerce hopes incidents of locked files and bitcoin ransoms are over now that it has taken action to halt a malicious software attack on merchants whose websites run on Magento”s content management system.”
“Microsoft Corp has sued the U.S. government for the right to tell its customers when a federal agency is looking at their emails, the latest in a series of clashes over privacy between the technology industry and Washington.
The lawsuit, filed on Wednesday in federal court in the Western District of Washington, argues that the government is violating the U.S. Constitution by preventing Microsoft from notifying thousands of customers about government requests for their emails and other documents.”
“Team System DZ, an Algeria-based hacking team hacked and defaced several Wisconsin”s Richland County Government websites and left a deface page along a message in support of the so-called Islamic State aka Daesh terrorist group.
The targeted websites include the official website of Richland County Government, Richland County Sheriff’s Department, Richland County Ambulance Service, Veterans Services, Recycling Committee, Health and Human Services, County Fair, Land Conservation Department, Parks Commission and Richland County Emergency Management.”
“Sweden’s military has told a newswire that its servers were used in a 2012/2013 attack on American banks. The report from Agence France Presse (AFP) quotes military spokesperson Mikael Abramsson, who told the agency, “The hacking attack was a kind of wake-up call for us and forced us to take very specific security steps to prevent such a thing from happening again.” The military has since taken unspecified measures to improve the security of its machines.”