June 17, Softpedia – (International) Retrospect clients patched to prevent exposure of backup files. Retrospect, Inc. released a patch addressing a password hashing vulnerability in its network backup utility for Apple, Linux, and Microsoft Windows operating systems (OS) in which an attacker with access to networked clients could gain access to users’ backup files. Source
June 17, Softpedia – (International) Over 600 million Samsung devices vulnerable to keyboard security risk. Security researchers at NowSecure discovered a remote code execution vulnerability in the SwiftKey Android app in which an attacker could access device sensors, pictures, and text messages, alter or install apps, or listen to voice-calls. The vulnerability was patched in early 2015. Source
June 16, SC Magazine – (International) Study: 15-30 percent of eCommerce site visitors infected with CSIM. A report released by Namogoo revealed that 15-30 percent of eCommerce site visitors are infected with client-side injected malware (CSIM), and that attacks have increased by 20 percent in the last 6 months, among other findings. Source
June 17, Threatpost – (National) Plaintext credentials threaten RLE wind turbine HMI. The DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued an advisory after a security researcher discovered a vulnerability in the Nova-Wind Turbine human-machine interface (HMI) for turbines manufactured by RLE International GmbH in which an attacker could leverage credentials stored in plaintext to perform actions on the device, resulting in a possible loss of power for all attached systems. Source
June 16, SC Magazine – (North Dakota) North Dakota Workforce Safety Institute experiences a breach. Authorities reported that about 43,000 incident reports and 13,000 payroll reports containing Social Security, names, employer, and medical information for employee and worker reports filled online between 2006 – 2013 were compromised in a breach of the North Dakota Workforce and Safety Institute (WSI) servers. The WSI became aware of the breach June 10 and is offering free identity repair services to affected individuals. Source
June 16, Bloomberg – (National) U.S. jobs agency thwarts 10 million hacks a month, director says. The director of the U.S. Office of Personnel Management claimed June 16 in a U.S. House of Representatives committee hearing that the agency fends off an average of 10 million hacking attempts per month, and that the number of attacks will increase. Officials reported that the June breach may have compromised personal information of up to 14 million current and former Federal employees and their associates. Source