This Week’s IT Top News Stories
This week several news stories broke from breaches to new malware variants to new contracts. Here are the five top news stories you may have missed out on:
- Sonic confirmed data breach – Last week, over five million credit and debit card numbers were dumped on the dark web. Initial reports believed some, if not all of, the data was directly from a breach of Sonic’s payment systems. It was not until this week that Sonic confirmed the data breach. Although many of the details remain unknown, including the Sonic locations impacted and how many credit/debit card numbers were leaked.
- Hewlett Packard Enterprise (HPE) released source codes – In order for HPE to sell its security software, ArcSight, in Russia, they were required to release the program’s source codes to the Russian defense agency. This creates a major concern for the Pentagon, as ArcSight is a defense tool used for the U.S. military to identify and notify officials of any suspicious activity. By releasing the source code, backdoor vulnerabilities could have been spotted by Russian officials. The risk is not directly the vulnerability itself. Often times vulnerabilities are found within programs, and patches are issued through updates. However, if the vulnerability is found by the wrong person – it could be used with malicious intent, instead of being disclosed to the software developers to be patched.
- Locky is back – The ransomware variant Locky has returned, using a new encryption extension, .ykcol. The ransomware is spread through malicious emails. The emails are disguised as an invoice, and have a malicious 7zip or 7z file attached. At this time, there is no free decryption tool available to retrieve lost files.
- Equifax wins IRS bid – After suffering the largest security breach of 2017, Equifax has locked down an IRS contract providing taxpayer and personal identity verification services. Ummm, wait – what?! Yes. Puzzling indeed. The contract is valued at 7.25 million dollars. Senator John Kennedy said it best,
“You realize to many Americans right now, that looks like we’re giving Lindsay Lohan the keys to the mini-bar.”
- Yahoo breach reported worse than reported, again – It’s unclear just how many times the total number of account impacted by the Yahoo breach has been changed, but it’s pretty safe to say it won’t be revised again. This week, CNN reported every single Yahoo account was breached in 2013. That is 3 billion accounts — or three times as many as what was reported in 2016. Can’t get much worse than that right?!