Security Alerts & News
by Tymoteusz A. Góral

History
#1806 IBM finds most businesses pay ransomware remands
IBM Security report reveals that 70 percent of businesses impacted by Ransomware pay attackers, but there is hope in sight, as IBM's Resilient Incident Response Platform adds a new Dynamic Playbook to help organizations respond to attacks.

There has been a chorus line of vendors in 2016 proclaiming an increase in ransomware threats. IBM is now adding to the mix with a security study released on Dec. 14, reporting that 70 percent of businesses impacted by ransomware end up paying the ransom. IBM is going a step beyond just reporting on ransomware, with a new Dynamic Playbook for Ransomware capabilities in its Resilient Incident Response platform.

The 23-page IBM Security study surveyed 600 business leaders and 1,021 consumers in the U.S. 46 percent of business respondents reported that they had experienced ransomware in their organizations. Of the 46 percent that have been impacted by ransomware, 70 percent admitted that their organization paid the ransom.
#1805 Flash will become click-to-run in Edge, Chrome in 2017
The Windows 10 Creators Update, due in spring next year, is going to make almost all Flash content click-to-run in the Edge browser.

The Windows 10 Anniversary Update already applied click-to-run to most online advertising, following in the steps of Safari and Chrome. In the next major update, Microsoft will extend the restrictions on Flash. By default, Flash will not be loaded or offered to sites, and users will have to opt to enable it on a site-by-site basis. A handful of popular, Flash-dependent sites will see the plugin enabled automatically, with Microsoft intending to cut down this whitelist as more and more sites switch their interactive content to be native HTML5.

Earlier this year, Google announced a similar plan for Chrome. Currently, 1 percent of users of the stable Chrome 55 release have click-to-run enabled by default, along with 50 percent of users of the Chrome 56 beta release. When the stable Chrome 56 release is made in February, Flash click-to-run will be enabled by default for everyone. Google also intends to whitelist the ten most popular flash-dependent sites, though it says that this whitelist will only be in place for a year.
#1804 'One billion' affected by Yahoo hack
Yahoo has said more than one billion user accounts may have been affected in a hacking attack dating back to 2013.

The internet giant said it appeared separate from a 2014 breach disclosed in September, when Yahoo revealed 500 million accounts had been accessed.

Yahoo said names, phone numbers, passwords and email addresses were stolen, but not bank and payment data.

The company, which is being taken over by Verizon, said it was working closely with the police and authorities.

Yahoo said in a statement that it "believes an unauthorized third party, in August 2013, stole data associated with more than one billion user accounts."

The breach "is likely distinct from the incident the company disclosed on September 22, 2016".

However, the three-year-old hack was uncovered as part of continuing investigations by authorities and security experts into the 2014 breach, Yahoo said.

Account users were urged to change their passwords and security questions.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12