A roundup of the top news stories in information security this week, including an emergency security patch issued by Apple, a new variant of Mirai making the rounds, and a data breach impacting 1.7 million accounts.
ACQUISITION
Barracuda Networks Bought Out for $1.6 Billion by Private Equity Firm
Cloud email security and management firm Barracuda Networks has accepted a buyout offer from Thoma Bravo, a private equity firm with a history of investing in growing security companies. The $1.6 billion all-cash buyout offer is expected to close by Feb. 28, according to Barracuda. The company is expected to continue to focus on email security and management.
ESPIONAGE
FBI Failed to Notify U.S. Officials of Fancy Bear Threat
An investigation led by the Associated Press (AP) has revealed that although the FBI was aware that the Kremlin-linked hacking group Fancy Bear was attempting to breach email accounts of hundreds of U.S. officials, it failed to notify them. After accessing a SecureWorks list with 19,000 lines of targeting data, the AP identified more than 500-U.S.-based individuals on the list and interviewed 80 of them. Of those 80, the investigation determined that only two were notified.
IoT THREAT
Newly Published Exploit Code Results in Latest Mirai Variant
The nasty IoT malware that wreaked havoc across the globe is back on the radar thanks to newly published exploit code. A new strain of the Mirai IoT malware has been spotted by Chinese IT security firm Qihoo 360 Netlab. “We are quite confident to tell this is a new Mirai variant,” the researchers said in a blog post. The published exploit code targets networking equipment.
DATA BREACH
Image-Sharing Website Imgur Confirms Breach Impacting 1.7 Million
Popular image-sharing website Imgur has confirmed that the emails and passwords belonging to 1.7 million users were compromised during a security breach in 2014. The incident surfaced after it was discovered by security researcher Troy Hunt, who said he was impressed by the company’s quick response. “We apologize that this breach occurred and the inconvenience it has caused you,” Roy Sehgal, Chief Operating Office at Imgur, wrote in a blog post.
PATCHES
Apple Issues Security Patch Addressing Critical Security Flaw
An emergency security update was released by Apple to address a vulnerability that allowed anyone to log into a Mac without a password. The flaw affected all Macs running the latest version of High Sierra. By entering the root username and no password, anyone could bypass all security screens.
DATA LEAK
Security Firm Discovers Classified NSA Data Unprotected Online
Data belonging to the U.S. Army’s Intelligence and Security Command was discovered unprotected online. An analyst at cybersecurity company UpGuard discovered the unprotected data online on Sept. 28. He then notified the government about what he found, and was told that the data was secured on Oct. 10. The information included top secret files related to classified Army communications systems.
MALWARE
Boots Tizi Spyware Booted Off of Google Play
A new strain of Android spyware was detected by the Google Play Protect team this week. Dubbed Tizi, the malware dated back to 2015 and was found in several apps that were available via the Google Play marketplace. The spyware allowed attackers to root targeted devices and steal sensitive information from apps like Facebook, Twitter, WhatsApp, and LinkedIn.
ARREST
Chinese Nationals Indicted for Alleged Cyberattacks
An indictment was unsealed this week by Federal prosecutors in a U.S. District Court that accuses three Chinese nationals of hacking into multinational corporations over the past seven years. Wu Yingzhuo, Dong Hao, and Xia Lei are being accused of conspiracy to commit computer fraud and abuse, trade secret theft, wire fraud, and aggravated identify theft. The targets included Siemens AG, Moody’s Analytics, and geospatial technology firm, Trimble.
