Today’s topics include a ransomware attack that knocked San Francisco municipal railway fare terminals offline, Cisco’s decision to extend security vulnerability disclosure timelines, reports that the Microsoft-LinkedIn buyout deal is moving close to approval in Europe and Google’s new search feature that helps holiday shoppers dodge crowded retail outlets.
The San Francisco Municipal Transportation Agency (MUNI) was the victim of a ransomware attack on Nov. 25 and Nov. 26 with system terminals and fare payment machines throughout the MUNI fare payment network displaying the message “You Hacked, ALL Data Encrypted.”
In response to the attack, MUNI gates were left open and users were able to ride the transit system for free. There was no direct impact to the actual physical operations of the MUNI. Transit agency officials stated Monday they didn’t pay the $73,000 ransom that was demanded and that most systems were back online by Monday morning.
Cisco’s Talos security research group is changing its policies for responsible disclosure of security vulnerabilities, to give affected software and computer system vendors more time to fix issues.
Cisco had been working with a responsible disclosure timeline of 60 days before publicly announcing a vulnerability and it is now extending the public disclosure timeline to 90 days.
As to why Cisco is extending its responsible disclosure timeline now, Carter explained that over the past year, Cisco Talos’ own research has revealed that the overall average time to patch for vulnerabilities is 78 days.
Microsoft’s $26 billion bid to acquire LinkedIn is taking a big step closer toward winning regulatory approval. The European Union’s (EU) antitrust authority is set to give the merger its approval when it considers the matter on Dec. 6, Reuters reported Nov. 28, citing information from unnamed insiders.
EU regulators had originally set a Nov. 22 deadline, but extended its review after Microsoft proposed new concessions intended to ease concerns about how the deal could affect the competitive landscape.
Google announced this week that it has added a new real-time component to its Popular Times feature in Google Search and Maps that lets people check how busy a particular shopping location is at a particular moment.
To compute Popular Times Google uses anonymized data that is collected and aggregated from people who have opted-in to having their location history tracked and archived. Popular times and visit durations are shown for all businesses where Google determines there’s data from a sufficient number of people to make an estimate.