Stir Friday Recap - Security News From February 2019
Here’s a look back on the top cybersecurity stories from the month of February that were featured in our Stir Friday email newsletter. If you want to get more timely access to these stories, be sure to subscribeto receive our Friday emails with all the key stories from the week.
CYBERSECURITY STORIES FROM THE PAST MONTH
Google Play has been caught hosting a malicious app designed to steal cryptocurrency from unwitting end users. The malware worked by replacing the wallet addresses copied into the Android clipboard with the one belonging to the attackers.
Internet thieves have been hard at work for a couple of years trying to steal various forms of cryptocurrency, and their efforts will only increase over time.
The Bavarian Data Protection Authority audited major Bavarian websites for their use of tracking tools on Safer Internet Day and called its findings ‘desolate.’ The summary report showed that the audited websites used third-party tracking tools, but none implemented complied with the data protection law.
Major problems included limited or no information on tracking tools, such as cookies, as well as insufficient or lack of overt consent.
Some of Australia’s biggest banks are scrambling to contact 100,000 customers who may have been caught up in a major data breach at property valuation firm Landmark White.
The response from various banks has been pretty fast. Additionally, we’ve discussed the risks of third party associations many times, and this is yet another example.
Since the General Data Protection Regulation (GDPR) came into force, over 59,000 data breaches have been reported across Europe.
Failure to report a breach can lead to a significant fine; GDPR, however, includes language that factors in an organization’s good faith effort to report and cooperate with authorities.
54,000 mortgage borrowers recently had their financial data exposed to identity thieves trolling the internet. Loans acquired by Rocktop Partners were affected when they hired OpticsML and they allegedly made a ‘server configuration error’ that led to exposure of the documents.
Wow, that’s some error. How long have we been securing—or not securing—internet-facing servers? According to the report, the sensitive information wasn’t even password protected.
SUBSCRIBE FOR MORE INSIGHTS AND DETAILS
If you’d like to receive the full breakdown and commentary on the biggest cybersecurity stories in the news, subscribe to the Stir Friday newsletter, delivered straight to your mailbox.