EQUIFAX POST-BREACH RECOVERY COSTS SURPASS $1 BILLION01 June 2019
Equifax estimates it has spent around $1.4 billion recovering from a breach in 2017 consisting of data from 148 million customers.
The figure is based on current estimates, and includes a $690 million charge relating to outstanding litigation and fines but is expected to rise as the company incurs additional losses associated with further claims and litigation related to the incident.
VULNERABILITY IN WHATSAPP ALLOWS REMOTE CODE EXECUTION01 June 2019
WhatsApp has discovered and patched a serious buffer overflow vulnerability which allows for remote code execution with no user interaction. The vulnerability involves sending a specially crafted series of packets to a target phone meaning the user could be infected by simply receiving a phone call which does not have to be answered.
It has been reported that the vulnerability was initially discovered and monetised by Israeli firm NSO group who typically sell spyware software to government organisations.
DOCKER HUB EXPOSES 190 THOUSAND USERS15 May 2019
Cloud-based container repository Docker Hub experiences unauthorised access to its platform. The database in question is said to have contained a “subset of non-financial user data”. This includes usernames and hashed passwords, as well as Github and Bitbucket tokens for Docker auto builds.
The firm has contacted users informing them they should change their password for their accounts, and any others with a similar password. With access to this information the hackers cold theoretically add malware to live containers which would then be deployed. Docker Hub has previously been under scrutiny after a security vendor found malicious docker images which resulted in 5 million downloads enabling malware authors to make $90,000 from illegal crypto mining.