It’s hard to keep up with the hundreds of security-specific headlines published every week.
So, we’re rounding up the top news that affect you, your business, and the security and technology industry overall. This week we explore money-stealing malware, an SAP vulnerability from 2010, and patches. Check back every Friday to learn about the latest in security news.
US-CERT releases advisory on old SAP vuln causing trouble
The United States Computer Emergency Readiness Team released a warning this week about an old SAP vulnerability that attackers may be actively exploiting. The alert noted that 36 organizations worldwide are “affected” by the vulnerability. SAP patched the vulnerability in 2010, indicated that a number of organizations may still be running old SAP software on their machines, or, as Ars Technica suggests, may have overridden the default settings in order to make the software work with custom systems.
Tumblr reports 3-year-old breach
Tumblr reset its users passwords this week after the company identified “third party access” to user credentials, including emails and passwords, from 2013. The company released a short message regarding the breach on its website, specifically noting that the passwords were salted and hashed. “Our analysis gives us no reason to believe that this information was used to access Tumblr accounts,” the company explained in its post.
SWIFT, which enables financial transactions, sounds the alarm on malware attack
SWIFT, the Society for Worldwide Interbank Financial Telecommunication, has reportedly written a letter detailing a new malware attack impacting its “financial messaging system,” as reported by the New York Times. SWIFT is still investigating a similar attack in February against the central bank of Bangladesh. Attackers stole $81 million from the bank. The letter did not reveal the newly impacted bank’s identity. According to the letter obtained by the New York Times, SWIFT believes the attacks could be connected.
Google releases Chrome security patches; pays over $20K in bounties
Google issued a security patch for its Chrome Browser Friday, addressing a number of vulnerabilities reported by bug bounty hunters. Google classified three of the vulnerabilities as “high”. The company paid over $20,000 to the researchers for their work. The patches are available from Chrome on Windows, Mac, and Linux.
Webinar: Native Security Measures on iOS and Android
Lookout’s research team will walk through the native security measures used on iOS and Android. It will occur on May 25, 11am PST / 2pm EST. Attend this webinar to get a comprehensive understanding of the security models of both platforms and see three threat case studies.