The VAR Guy's Security Round-Up: Week Ending April 8
‘The Panama Papers’ Mark Biggest Whistleblower Data Leak in History
April 8, 2016
Certainly the biggest security story this week hands down was the leak of information via the so-called Panama Papers that has already led to one world leader stepping down and several others sitting in hot water. But the scandal wasn’t the only story making security news this week. Here’s a look at the top stories on the security front for the week ending April 8.
‘The Panama Papers’ Mark Biggest Whistleblower Data Leak in History
The world is still feeling the impact of by far this week’s biggest security story, the leak of nearly every document over a 40-year period from a Panamanian law firm called Mossack Fonseca. While that in and of itself may not seem particularly interesting, the documents show the firm appears to have specialized in creating shell companies that a number of high-profile people, including international soccer star Lionel Messi, Argentine President Maurio Macri, Russian President Vladmir Putin and Iceland’s Prime Minister Sigmundur David Gunnlaugsson—the last of who resigned over the news—used to hide what amounted to billions of dollars in assets. More than 100 media outlets around the world coordinated efforts to report stories on the leaked documents, which included more than 4.8 million emails, 3 million database files and 2.1 million PDFs.
Security Startups Continue to Rake In Funding
Security continues to be a hotbed of activity for investors, with two notable startups this week unveiling recent funding to grow their respective businesses. RiskRecon, out of Salt Lake City, raised $3 million in a seed funding round led by General Catalyst for its business to help companies make objective security assessments of third-party cloud vendors. Meanwhile, a Tel Aviv startup with a more specialized security business called Karamba Security raised $2.5 million in seed funding to bring cybersecurity solutions to the automotive industry to protect GPS navigation systems and other connected-car technologies from would-be hackers.
Microsoft Releases Cloud App Security to Protect Sensitive Data in the Cloud
To assuage security concerns that continue to plague customers when it comes to leveraging the cloud, Microsoft (MSFT) released its Cloud App Security offering as an addition to a security platform the company is developing. The new service allows IT and security teams to protect sensitive data stored in the cloud, allowing them to basically take control of a company’s network if need be. Capabilities the service gives these teams include allowing them to restrict the use of any files and to monitor any cloud apps being used so they can maintain visibility into how secure information the company stores on the cloud really is.
Google Rolls Out Biggest Android Security Update So Far
Showing just how critical mobile security is—and just how many device vulnerabilities are waiting to be exploited—Google (GOOG) this week rolled out its biggest update to the Android mobile platform to date. The company’s April Nexus Security Bulletin offers fixes for 39 vulnerabilities in Android–15 vulnerabilities rated as critical, 16 rated as high and eight as moderate—across 26 different components, including DHCPCD, Mediaserver, Bluetooth, Exchange ActiveSync, Wi-Fi, Telephony, media codec, video kernel driver and Debuggerd. Google began releasing security updates for the platform eight months ago.
Security Researchers Take IBM to Task Over Broken Security Fix
What happens when a security fix doesn’t really fix the vulnerability? That’s the dilemma IBM (IBM) was faced with this week when a Polish security firm called the vendor out on a security patch the company issued in July 2013 to correct improperly used protocols and code surrounding Java. Security Explorations CEO Adam Gowdiak revealed on Full Disclosure a full proof of concept example and code showing the patch did not address the issue properly, even though IBM was told about the problem nearly three years ago. Gowdiak said it was the sixth instance of a broken patch his company encountered from IBM, issues the company has yet to resolve.
About the Author
You May Also Like