Weekly News Roundup
Happy Friday everyone! There has been a lot of news involving breaches and their effects this week, so here’s our wrap of this week’s events!
It’s only June, and there have already been 189 breaches this year: “The Worst Data Breaches of 2012 (So Far)” by Ellen Messmer. This slideshow highlights the 15 most significant data breaches this year, with the list including breaches at Emory Healthcare, Thrift Savings Plan, and Global Payments, Inc.
The number of vulnerabilities in control systems continue to rise: “Cyber-Security Threats, Infrastructure Sabotage Rising: McAfee” by Nathan Eddy. Now, there is an increasing threat of IT Sabotage directed at IT infrastructure, says a new report. The added risk comes from the rising number of access points to devices and IT infrastructure due to expanding communications networks and increased automation. This poses a significant threat to the power grid, which was not designed to withstand cyber-security threats.
HTML5 was not designed with security in mind: “Magic Software: HTML5 is ‘very susceptible’ to SQL injection attacks” by Adrian Bridgwater. With the ever-growing importance of mobile security, application developers should be especially wary of the vulnerabilities of web applications. SQL injection has been placed at the top of the list of threats of web apps, and as it turns out, HTML5 is extremely susceptible to it. With the risk of SQL injection growing, and mobile devices being the new line of attack, developers should be more prepared.
LinkedIn Lawsuit: “LinkedIn slapped with $5 million class action lawsuit over leaked passwords” by Lisa Vaas. Turns out some LinkedIn users weren’t too happy with the recent password leak. After over 6 million passwords were stolen and posted online, a woman from Illinois filed a five million dollar class-action suit against the company, claiming that it deceived its 160 million users by failing to use basic industry standard security practices. A LinkedIn spokeswoman stated that, “No member account has been breached as a result of the incident, and we have no reason to believe that any LinkedIn member has been injured.”