News this week ranged from a mobile gaming craze to a new international privacy agreement. Pokemon Go attracted gamers of all ages, but in the rush to begin playing many users overlooked the game’s application permissions, and variations of the game with malware quickly appeared on third-party sites. The Panama Papers happened a few months ago, but just this week the CMS vendor Drupal distributed a fix to the vulnerability likely responsible for the data breach of historic proportions. Microsoft and Adobe also issued significant security patches. On the international stage, the EU approved a new framework to govern the transfer of data overseas – a key aspect of transatlantic commerce in the digital age.
The EU takes a rigorous approach to ensuring its citizens’ privacy. The exchange of data between the EU and the US is integral to commerce, and can occur with a simple click as personal data travels to an overseas data center through the internet. The EU declared the previous data exchange framework, Safe Harbor, invalid because of surveillance concerns. Now, both parties have agreed to a new framework, Privacy Shield. Do not close the book on this case yet. Experts predict EU courts will challenge Privacy Shield. In the meantime, EU companies cover their bases by encrypting data sent to American cloud providers.
Don’t Doubt It, Privacy Shield Is Going to Be Challenged in Court | Alexander Martin, The Register
Zero-Days, the Gifts That Keep Giving
Gartner predicts 99% of vulnerabilities exploited through 2020 will be known by security and IT professionals for at least one year. With this in mind, the vulnerabilities patched by Drupal, Adobe, and Microsoft this week may serve hackers for years to come. Far from trivial, software vulnerabilities can serve as the unlocked door that enables hackers to conduct a catastrophic breach. One of the vulnerabilities Drupal announced this week likely provided a backdoor to the perpetrator of the Panama Papers data breach a few months ago. If Gartner’s prediction holds true, we may revisit this week’s patches in the news months or years from now.
Drupal Framework Patches Could Fix Flaw That Exposed Panama Papers | Dan Worth, The Inquirer
Adobe, Microsoft Patch Critical Security Bugs | Brian Krebs, Krebs on Security
Pokemon Go – Not So Fast
The average internet user rarely reads the terms of service or permissions requests for applications. This oversight resulted in unintended privacy concerns for Pokemon Go iOS users this week. Signing in to the game using your Google account (rather than creating a unique login) granted the application access to a user’s entire Google account, including email. The game’s designer, Niantic, quickly fixed the issue when the provision came to light. Hackers are eager to take advantage of pop culture or news events to target unsuspecting victims. Pokemon Go has so far only released in the US, Australia, and New Zealand. Hackers took advantage of gamers’ impatience in other countries to implant malware in an illegally distributed version of the game.
Update Pokemon Go Now! | Mark Prigg, Daily Mail
Pokemon Go Malware Targets Impatient Mobile Gamer | Paul Wagenseil, Yahoo! Tech
By the numbers
The number of cybersecurity job openings by 2019, up from 1 million in 2016
The number of months a Chinese businessman will spend in prison for his role in a cyberespionage conspiracy
Of Black Hat attendees expect to be hit by major data breach in the next year