Security Week-in-Review: Old software, new problems

Screen Shot 2016-05-13 at 4.13.48 PM

It’s hard to keep up with the hundreds of security-specific headlines published every week.

So, we’re rounding up the top news that affect you, your business, and the security and technology industry overall. This week we explore money-stealing malware, an SAP vulnerability from 2010, and patches. Check back every Friday to learn about the latest in security news.

US-CERT releases advisory on old SAP vuln causing trouble

The United States Computer Emergency Readiness Team released a warning this week about an old SAP vulnerability that attackers may be actively exploiting. The alert noted that 36 organizations worldwide are “affected” by the vulnerability. SAP patched the vulnerability in 2010, indicated that a number of organizations may still be running old SAP software on their machines, or, as Ars Technica suggests, may have overridden the default settings in order to make the software work with custom systems.

Read the alert here.

Tumblr reports 3-year-old breach

Tumblr reset its users passwords this week after the company identified “third party access” to user credentials, including emails and passwords, from 2013. The company released a short message regarding the breach on its website, specifically noting that the passwords were salted and hashed. “Our analysis gives us no reason to believe that this information was used to access Tumblr accounts,” the company explained in its post.

Read the message from Tumblr.

SWIFT, which enables financial transactions, sounds the alarm on malware attack

SWIFT, the Society for Worldwide Interbank Financial Telecommunication, has reportedly written a letter detailing a new malware attack impacting its “financial messaging system,” as reported by the New York Times. SWIFT is still investigating a similar attack in February against the central bank of Bangladesh. Attackers stole $81 million from the bank. The letter did not reveal the newly impacted bank’s identity. According to the letter obtained by the New York Times, SWIFT believes the attacks could be connected.

Get more information about the attack here.

Google releases Chrome security patches; pays over $20K in bounties

Google issued a security patch for its Chrome Browser Friday, addressing a number of vulnerabilities reported by bug bounty hunters. Google classified three of the vulnerabilities as “high”. The company paid over $20,000 to the researchers for their work. The patches are available from Chrome on Windows, Mac, and Linux.

Learn more about the patches from Google.

Webinar: Native Security Measures on iOS and Android

Lookout’s research team will walk through the native security measures used on iOS and Android. It will occur on May 25, 11am PST / 2pm EST. Attend this webinar to get a comprehensive understanding of the security models of both platforms and see three threat case studies.

Save your spot here.