A Russian cyber-criminal group has stolen more than 1.2 billion usernames and passwords according to Hold Security. The group, dubbed “CyberVors,” accomplished this by comprising more than 400,000 servers and websites using a common class of software flaw, known as an SQL injection vulnerability. Initially, CyberVors bought a database of stolen credentials and used that to broadly attack other users via phishing, but had only moderate success. Then the group changed its attack strategy and used a rented botnet to search out vulnerable servers and use SQL injection attacks to compromise the systems. Target has revealed additional details about the impact of its 2013 data breach, which affected more than 70 million consumers. In a recent statement regarding Target’s second-quarter fiscal 2014 earnings, the company revealed that it will be taking a charge of $148 million in expenses related to this data breach. Target explained that the $148 million of breach-related expenses will be partially offset by an insurance receivable of $38 million. Margaret L. Johnson has been named executive vice president of Business Development at Microsoft, an appointment that provides more evidence that the company is taking a “mobile-first” approach to the technology market. Johnson was an executive with Qualcomm for 24 years, where she helped shape the company into one of the leading mobile component providers. Microsoft CEO Satya Nadella explained that Johnson’s experience qualifies her to lead Microsoft’s business development efforts. It appears that the U.S. Department of Transportation is preparing to collect formal public comments on whether or not to allow cell phone calls on commercial airliners in flight to and from the United States. In a “Report on Significant Rulemakings” released in July, the DOT unveiled a proposed timeline that could result in public comments being collected from Dec. 4, 2014, through Feb. 4, 2015.
Home Cybersecurity