ICYMI: Facebook flaw; Verizon report; 5 Cisco alerts; TalkTalk arrest; Crime up
ICYMI: Facebook flaw; Verizon report; 5 Cisco alerts; TalkTalk arrest; Crime up

Bug hunter finds backdoor in Facebook left by another bug hunter

A security researcher has managed to gain access to one of Facebook's corporate servers only to discover a backdoor left by another security researcher.

According to Orange Tsai, a penetration tester at Devcore, a security consultancy in Taiwan, the backdoor was discovered after he started mapping out Facebook's infrastructure beyond its social media services. Tsai found a few flaws in a secure file sharing software application produced by Accellion (which he reported to Accellion). The vulnerabilities were then exploited to gain access to Facebook's corporate servers in order to gather information from 300 logged staff credentials and write up a report for Facebook's security team. More

Verizon report: Ransomware and phishing attacks are up, once again

Verizon's new data breach investigation report shows phishing and ransomware attacks are up. According to the report, 30 percent of phishing messages were opened, up seven percent on last year. A further 13 percent of those who opened the message, also opened the attachment leading to malware deployment. Most attacks (89 percent) come from cyber-criminals and, predictably, for financial gain.

The report brings together data from 2,260 breaches and 100,000 incidents in 82 countries, collecting information from 67 partners.  More

Cisco flags five product vulnerabilities that could trigger denial of service

Cisco has published five security alerts, issuing software updates to patch a series of vulnerabilities in three products, any of which could potentially trigger a low-grade, denial of service attack against a company using minimal bandwidth, without even needing an army of bots. “A broader internet-based distributed denial of service (DDoS) attack wouldn't even be needed if a DoS vulnerability was exploited within a particular application,” Terrence Gareau, chief scientist at network security firm Nexusguard, told SCMagazine.com.

Cisco has since created patches for all of these vulnerabilities. More

Sixth teen arrested in breach of UK ISP TalkTalk

An unnamed 19-year-old turned himself in to police in Staffordshire, UK, where he was arrested on charges stemming from a breach of internet services provider TalkTalk last October which impacted more than 150,000 customers. All six of those arrested are under 21.

The attack cost the company £60 million and led to the loss of more than 100,000 customers. Research from Kantar Worldpanel ComTech revealed that seven percent of TalkTalk's broadband base moved to a different provider in Q4 2015, but TalkTalk had a 3.2 percent increase in new customers during Q1 2016. More

Cyber-crime as a business rampant, new study

Attacks are getting fiercer and attackers more sophisticated and organised, according to the "2016 Trustwave Global Security Report," released this week, adding: "The biggest cyber-crime operations are essentially computer software and services companies, albeit illicit ones".

The 90-page study examined top cyber-crime and data breach activity from 2015 and detected some alarming security threat trends, particularly how miscreants employ malware-as-a-service, the most commonly used exploits, the data they go after and their top attack methods. It also examined the consequences, such as how companies respond.  In terms of targets, retail made up nearly a quarter of investigations, the hospitality industry followed at 14 percent and food and beverage at 10 percent. More