Stir Friday Recap – Security News from February 2019


Here’s a look back on the top cybersecurity stories from the month of February that were featured in our Stir Friday email newsletter. If you want to get more timely access to these stories, be sure to subscribe to receive our Friday emails with all the key stories from the week.

Stir Friday

Cybersecurity Stories from the Past Month

Google Play caught hosting an app that steals users’ cryptocurrency

Google Play has been caught hosting a malicious app designed to steal cryptocurrency from unwitting end users. The malware worked by replacing the wallet addresses copied into the Android clipboard with the one belonging to the attackers.

Internet thieves have been hard at work for a couple of years trying to steal various forms of cryptocurrency, and their efforts will only increase over time.

German supervisory authority audited 40 websites on the use of tracking tools – and none of them was compliant

The Bavarian Data Protection Authority audited major Bavarian websites for their use of tracking tools on Safer Internet Day and called its findings ‘desolate.’ The summary report showed that the audited websites used third-party tracking tools, but none implemented complied with the data protection law.

Major problems included limited or no information on tracking tools, such as cookies, as well as insufficient or lack of overt consent.

Home loan details of 100,000 customers hacked in major data breach

Some of Australia’s biggest banks are scrambling to contact 100,000 customers who may have been caught up in a major data breach at property valuation firm Landmark White.

The response from various banks has been pretty fast. Additionally, we’ve discussed the risks of third party associations many times, and this is yet another example.

Almost 60,000 data breaches reported since May

Since the General Data Protection Regulation (GDPR) came into force, over 59,000 data breaches have been reported across Europe.

Failure to report a breach can lead to a significant fine; GDPR, however, includes language that factors in an organization’s good faith effort to report and cooperate with authorities.

Large breach of mortgage borrowers’ data raises new concerns, questions

54,000 mortgage borrowers recently had their financial data exposed to identity thieves trolling the internet. Loans acquired by Rocktop Partners were affected when they hired OpticsML and they allegedly made a ‘server configuration error’ that led to exposure of the documents.

Wow, that’s some error. How long have we been securing—or not securing—internet-facing servers? According to the report, the sensitive information wasn’t even password protected.

Subscribe for More Insights and Details

If you’d like to receive the full breakdown and commentary on the biggest cybersecurity stories in the news, subscribe to the Stir Friday newsletter, delivered straight to your mailbox.

Security & Intelligence
Posted on February 28, 2019 by David Smith