CNET: Company formerly known as Yahoo to pay $35M over massive breach. “Yahoo’s cybersecurity failures continue to haunt the company — now to the tune of $35 million. The US Securities and Exchange Commission said Tuesday that Altaba, the company formed from the ashes of Yahoo’s sale to Verizon, has agreed to pay a penalty of that amount to settle charges that Yahoo failed to disclose a massive data breach from December 2014.”
Lifehacker: How To Survive A Facebook Hack. “Here we go again. Radware’s threat research group recently announced that more than 40,000 Facebook users were duped into downloading a ‘Relieve Stress Paint’ application, via a crafty phishing email, that stole their login credentials and browser cookies while they pretend-painted in the app. Worse, the attack was clever enough to avoid being flagged by a typical antivirus app. So, how can you keep your data safe in these instances? Let’s review…”
Mashable: TaskRabbit notifies users of ‘cybersecurity incident,’ shuts down service. “On Monday, TaskRabbit notified users about a ‘cybersecurity incident,’ and advised users to change their passwords. The crowdsourced chore company also took its app and service totally offline while working out the issue.”
Ars Technica: Thousands of hacked websites are infecting visitors with malware. “Thousands of hacked websites have become unwitting participants in an advanced scheme that uses fake update notifications to install banking malware and remote access trojans on visitors’ computers, a computer researcher said Tuesday. The campaign, which has been running for at least four months, is able to compromise websites running a variety of content management systems, including WordPress, Joomla, and SquareSpace.”
Mashable: Hackers just took down YouTube’s most popular video. “On the internet, nothing is safe. Not even ‘Despacito.’ Early Tuesday morning, hackers defaced a number of music videos that were posted to YouTube by Vevo accounts. Among the affected videos was the world-famous music video by Luis Fonsi and Daddy Yankee, which was taken down. “
Engadget: Global cyberattack targets 200,000 network switches (updated) . “The past few days haven’t been great for the internet’s broader security. Iran’s Communication and Information Technology Ministry has reported that it was a victim in a global cyberattack that compromised about 200,000 Cisco switches that hadn’t yet received patches for exploits in the company’s legacy Smart Install protocol. The attackers displayed a US flag on at least some screens, complete with a “don’t mess with our elections” warning, but the attack wasn’t focused on Iran — only 3,500 switches fell to the exploit in the country. About 55,000 of the victim devices were in the US, IT Minister Mohammad Javad Azari Jahromi said, while 14,000 were in China. Other victims were located in Europe and India.”
Bleeping Computer: Over 1,000 Magento Stores Hacked to Steal Card Data, Run Cryptojacking Scripts. “Security researchers say they’ve identified at last 1,000 Magento sites that have been hacked by cybercriminals and infected with malicious scripts that steal payment card details or are used as staging points in the delivery of other malware.” Magento is an ecommerce platform.