Onapsis has found that at least thirty-six enterprises are vulnerable to exploitation of their SAP business applications.
Pawn Storm's back, and according to Trend Micro is going after critics of the Russian Government. The current target is Germany’s Christian Democratic Union, Chancellor Merkel’s political party.
“Getting the common people’s data is as easy as buying cabbage,” tweeted someone using the (now-frozen) handle Shenfenzheng. Shenfenzheng (roughly, “Personal Data”) was also able to get, and tweet, the data of some uncommon people in China, including Communist Party bigwigs and industrial leaders. The leaker’s declared motive is to show up lax security practices.
Anonymous persists in its campaign to bring down the world financial system—LIFARS has a summary (and suggests in a cartoon that the world’s common people wouldn’t necessarily benefit from such a crash).
Turkish hacktivists who leaked data from QNB and InvestBank move on to banks in Nepal and Bangladesh. (Some of their leaks, however, may be old and recycled.)
Recently discovered Flash and IE zero-days are being exploited in the wild.
Cyber criminals increasingly profit from business disruption. Proofpoint says Locky’s got an update, IBM looks at interaction-free ransomware infections, and Palo Alto Networks describes criminals’ business models.
In industry news, Thoma Bravo is rumored to have offered to buy out Infoblox.
Cybersecurity Hall-of-Famers weigh in on the crypto wars.
The FBI says it would buy the iPhone exploit again, and Mozilla sues to have the Bureau tell it about any Firefox zero-days it may have up its sleeve.