Another Day, Another Breach (Again)

In yet another case of another day, another breach, a hosting company Hostinger has had a breach. As a result it has reset the passwords of all its customers, which amounted to 29 million customers. It appears that the breached happened via internal API which the attackers managed to  get access to.

The data which was compromised were hashed passwords, email address and customer usernames. It was estimated that up to 14 million accounts could have been affected by the breach.

You can read more at https://www.infosecurity-magazine.com/news/hostinger-breach-prompts-mass/

Hosting also provided a statement which is available at https://www.hostinger.com/blog/security-incident-what-you-need-to-know/

Facebook has publicly released emails which related to the Cambridge Analytica scandal. This happened late last week, due to an agreement between Facebook and the District of Columbia attorney general's office.

You can read more at https://www.scmagazine.com/home/security-news/data-breach/facebook-publicly-releases-emails-related-to-data-scraping-cambridge-analytica/

The official announcement from Facebook can be found at https://newsroom.fb.com/news/2019/08/document-holds-the-potential-for-confusion/

MFA FTW

Microsoft has stated that by using MFA (Multi-Factor Authentication) on user accounts will end up blocking 99.9% of automated attacks against their account. This does not only stand for Microsoft accounts, but any website or online service.

Microsoft as a result recommends enabling MFA on accounts where it is possible.

You can read more at https://www.zdnet.com/article/microsoft-using-multi-factor-authentication-blocks-99-9-of-account-hacks/

FYI, there is a really useful table in the article which helps to summarize the different type of attacks.

Apple Fixes Jailbreaking bug

The recent release of iOS 12.4 last month re-introduced a jailbreaking bug. This obviously wasn't great and re-introduced a vulnerability into iOS (granted the complexity of successfully exploiting it is pretty high). Well Apple has now fixed this issue in version 12.4.1 of iOS.

Further details can be found at https://www.zdnet.com/article/apple-patches-iphone-jailbreaking-bug/

Microsoft Offering Additional Year of Patching

Microsoft is offering 12 months free patching of Windows 7. This will only apply to companies running Windows 10 Enterprise E5, Microsoft 365 E5, Microsoft 365 E5 Security and Government E5 plans. This is to allow companies more time to plan their migration off of Windows 7 (and most likely to Windows 10). Windows 7 officially reaches End Of Life (EOL) on January 14th 2020. This will no doubt come as a sigh of relief to some companies who have yet to migrate off of Windows 7.

You can read more at https://www.theregister.co.uk/2019/08/27/windows7_free_updates/