Adobe Fined $1M in Multistate Suit Over 2013 Breach; No Jail for Spamhaus Attacker. From KrebsOnSecurity.
Adobe will pay just $1 million to settle a lawsuit filed by 15 state attorneys general over its huge 2013 data breach that exposed payment records on approximately 38 million people. In other news, the 39-year-old Dutchman responsible for coordinating an epic, weeks-long distributed denial-of-service attack against anti-spam provider Spamhaus in 2013 will avoid any jail time for his crimes thanks to a court ruling in Amsterdam this week.
On Oct. 3, 2013, KrebsOnSecurity broke the story that Adobe had just suffered a breach in which hackers siphoned usernames, passwords and payment card data on 38 million customers. The intruders also made off with digital truckloads of source code for some of Adobe’s most valuable software properties — including Adobe Acrobat and Reader, Photoshop and ColdFusion.
Adobe Flings Flash Fix for Fresh APT Target. From BankInfoSecurity. Security experts are once again warning enterprises to immediately update – or delete – all instances of the Adobe Flash Player they may have installed on any system in the wake of reports that a zero-day flaw in the web browser plug-in is being targeted by an advanced persistent threat group.
- Detailed account of the Hacking Team data breach by FinFisher. From Softpedia. Hacking Team is a Milan-based IT company that sells offensive intrusion and surveillance capabilities to governments, law enforcement agencies and corporations. On July 5, 2015, the Twitter account of the company was compromised by an unknown individual who leaked links to over 400 gigabytes of data, including alleged internal e-mails, invoices, and source code. This article explains how that breach was conducted.
- Dump Adobe QuickTime, Department Of Homeland Security tells Windows users. From Krebs On Security. Apple is deprecating QuickTime for Microsoft Windows. They will no longer be issuing security updates for the product on the Windows Platform and recommend users uninstall it. Furthermore, there are two new, unpatched vulnerabilities which could be used to remotely compromise Windows computers.
- More US commandos, choppers and bases are hacking ISIS. From Daily Beast. Three U.S. officials told The Daily Beast that US cyber operations against ISIS have moved beyond mere disruption and are entering a new, more aggressive phase that is targeted at individuals and is gleaning intelligence that could help capture and kill more ISIS fighters.
- The National Institute of Standards and Technology is poised to deliver new cybersecurity guidance, according to NIST fellow Ronald Ross. From HealthcareITNews. “We can build and deploy systems that we can trust, too, in a hospital environment, so the systems can better withstand cyberattacks, are more penetration-resistant, and limit the damage an adversary can do if an attack comes through the perimeter,” Ross said.
- Indian political party accused of hacking Facebook. From Economic Times. An internal email communique allegedly from the AIADMK IT Wing president to his team informing that they have hacked Facebook for making posts about their party “go viral” has leaked and the mail itself has gone viral.