Researchers show that the malware, dubbed "Industroyer" or "Crash Override" (someone likes their Hacker movies), actually causes physical damage to energy plants. That is something that only happened once before, with Stuxnet.
If you haven't yet, time to patch those Windows computers. The latest Patch Tuesday fixes no less than 95 vulnerabilities, including 27 remote executions and two vulnerabilities being currently exploited in the wild.
Estonia will essentially set up an 'offsite' backup facility of all their country-critical data, under similar protections as a regular embassy. The idea would be that in case of a massive cyberattack, military strike or natural disaster, the country doesn't lose all its records and can keep functioning digitally.
Google launched a program called "Be Internet Awesome". It's a game meant to teach kids about several aspects of online safety, like which information to share, how to deal with online bullies, and picking passwords.
You can check out the project here.
Quite original: this malware looks at the comments on an Instagram picture from Britney Spears. It finds a specific comment based on a hash and parses it into a bit.ly URL which leads to its command & control server.
Microsoft proposes to create a neutral party in the form of an NGO who's sole job it is to look at a cyber incident and say who did it. The chances for making this work are small but hey, at least it's an original idea.
Apparently there are quite a few scam apps abusing Apple's new ad program for the App Store. One app is described here as asking $99.99 per -week- in subscription. And it's right there in the list of top grossing productivity apps.
Interesting article looking at XSS trends and seeing a resurgence of this attack vector, even though many of us feel that it's a pretty 'old-school' thing.
I have to say this appeals to me: a pragmatic straight forward set of questions around seven topics to determine your security posture.
A nice cautionary tale. This junior developer was setting up his local dev environment on his first day. Using the credentials that were in the documentation, he accidentally wiped the production database, after which he got fired instantly.
Everyone reading this probably knows that that's insane, but it's a good wake-up call to separate dev and prod, have working backups, and don't put passwords in documentation.
Another cautionary tale, this time on having a solid off-boarding process. A Dutch hosting company had an ex-IT admin come in and delete all customer data and wipe all servers.