TalkTalk breach could affect 4 million users
Another cellphone provider has hit the headlines with a breach; this time the UK provider TalkTalk. Following an attack which occurred in February, this latest breach happened last week and the company has admitted that not all stolen data was encrypted. Information stolen includes names, credit card details, postal address and telephone numbers. The company is advising customers to change their passwords as soon as possible and to closely monitor their bank accounts in the next few months. The Metropolitan Police have launched a full investigation and some arrests have already been made.
000webhost breach exposes 13 million passwords
Discovered by Troy Hunt, a breach of the free web hosting service 000webhost was caused by exploiting a vulnerability in an old version of PHP. 13.5 million passwords were leaked, which in very poor security standards were stored in plain text!
Joomla and Drupal patch latest vulnerabilities
Several high level vulnerabilities have now been patched in Joomla. The vulnerabilities affected versions 3.2 to 3.4.4 so by upgrading to the latest version of 3.4.5 and making sure all updates have been applied, users will be covered. The Joomla vulnerabilities could allow session hijacks and SQL injection attacks so now they’ve been disclosed, users should make sure to upgrade as soon as possible.
Drupal also rolled out a patch this week, which requires users to upgrade to version 7.41. Patching just one Open Redirect vulnerability, this update is less urgent but should also be applied as soon as possible to prevent exploits.
CISA bill passed
Last week the contentious CISA bill was passed by a majority vote of 74-21. Designed to allow private companies and corporations share information with each other and with the government, critics of the bill have slammed it for its potential to legitimise excessive information sharing, breaching the privacy of consumers. Supporters of the bill have dismissed concerns and state the bill is a necessary security measure in the current climate of cybercrime and cyber terrorism. It now remains to be seen how effective CISA will be and if its critics were justified.
Anonymous due to release names of 1000 KKK members
Despite what appears to be a false start the hacking group Anonymous announced their intention to release the names of 1000 KKK members this Thursday. In what has the potential to cause the biggest drama since the Ashley Madison hack, the group have said they have no qualms about releasing the data of KKK members, who they call ‘abhorrent’ and ‘criminal’. If it does indeed include the names of any political figures or celebrities or is followed by the violent backlash many anticipate then this hack will be big news.
It’s now legal to hack your own car
In a copyright exemption filed by the Electronic Frontier Foundation, it has now become legal to hack your own car ‘for the purpose of security research, maintenance, or repair.’ Following several high-profile hacks by security researchers, which this year caused embarrassment to some major automotive manufacturers and lead to some very expensive recalls, this move will no doubt be welcomed by security experts. Naturally, there are some possible negative ramifications to this move; should someone tinker with their car’s software they could actually do some damage. Unlike tampering with a smart phone or PC, messing with a car could cause problems such as disabled airbags or sensors. While it now can be done, we wouldn’t recommend that the majority of people should.
Get the latest content on web security
in your inbox each week.