Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
PwC Weekly
Security Report
This is a weekly digest of security news and events from around the world. Excerpts
from news items are presented and web links are provided for further information.
Malware
Windows botnet spreads Mirai malware
Top story
Crypto specialists break SHA-1 security
standard
Threats and Threats and
Malware vulnerabilities vulnerabilities
Top story
Source:
https://betanews.com/2017/02/23/windows
-botnet-spreads-mirai-malware
Malware
Threat and Threats and
Top story
vulnerabilities vulnerabilities
Multiple high-profile apps including Uber and FitBit The researchers said the impact of the vulnerability
have been leaking customer data for months due to is potentially wide-reaching due to the massive
the Cloudbleed vulnerability discovered by Google customer base of Cloudflare.
researchers last week.
“I didn't realise how much of the internet was sitting
The bug in the source code of internet services behind a Cloudflare CDN until this incident,” the
company Cloudflare caused sensitive data to be researcher said.
cached by search engines, potentially allowing
hackers to pose as legitimate customers. The The Google team said that Cloudflare has responded
compromised data includes private messages and to the issue promptly but advises users to change
authentication cookies. their passwords and switch to two-factor
authentication where possible.
“We've discovered (and purged) cached pages that
contain private messages from well-known services, “With the haemorrhaging from Cloudbleed first
PII from major sites that use Cloudflare, and even reported on Friday, new data from Skyhigh
plaintext API requests from a popular password Networks indicates the wounds to IT are
manager that were sent over http,” said a cyber- widespread,” commented Kaushik Narayan, CTO of
security researcher from Google’s Project Zero team. cloud access security broker Skyhigh Networks.
“The examples we're finding are so bad, I cancelled
“After analysing more than 30 million enterprise
some weekend plans to go into the office on Sunday
users across the globe, Skyhigh found 99.7 per cent
to help build some tools to clean-up.”
of companies have at least one employee that used a
Cloudbleed vulnerable cloud application.”
Malware
Threat and Threats and
Top story
vulnerabilities vulnerabilities
Source:
https://eandt.theiet.org/content/articles/20
17/02/internet-users-advised-to-change-
passwords-after-cloudbleed-vulnerability-
discovered/
Our perspective
Cloudflare Inc. handles traffic for many
popular services, including Uber and Fitbit. It
also helps customers to protect and defend
themselves from denial-of-service attacks and
configure SSL encryption for their websites.
It is quite possible for an attacker to have
access to private web data along with
encryption keys, if the password is
compromised. After studying the
vulnerabilities and the impact of the exploit,
all readers are strongly advised to change
their password quickly to avoid any security
risks.
Threats and Threats and
Malware Top story
vulnerabilities vulnerabilities
In India, PwC has offices in these cities: Ahmedabad, Bengaluru, Chennai, Delhi NCR, Hyderabad, Kolkata,
Mumbai and Pune. For more information about PwC India's service offerings, visit www.pwc.com/in
PwC refers to the PwC International network and/or one or more of its member firms, each of which is a
separate, independent and distinct legal entity. Please see www.pwc.com/structure for further details.
Amol Bhat
amol.bhat@in.pwc.com
All images in this presentation are protected by copyright, trademark, patent, trade secret and other intellectual property laws and
treaties. Any unauthorised use of these images may violate such laws and shall be punishable under appropriate laws. Our sharing
of this presentation along with such protected images with you does not authorise you to copy, republish, frame, link to, download,
transmit, modify, adapt, create derivative works based on, rent, lease, loan, sell, assign, distribute, display, perform, license, sub-
license or reverse engineer the images. In addition, you should desist from employing any data mining, robots or similar data and/or
image gathering and extraction methods in connection with the presentation.
© 2017 PricewaterhouseCoopers Private Limited. All rights reserved. In this document, “PwC” refers to PricewaterhouseCoopers
Private Limited (a limited liability company in India having Corporate Identity Number or CIN : U74140WB1983PTC036093), which
is a member firm of PricewaterhouseCoopers International Limited (PwCIL), each member firm of which is a separate legal entity.
MB/March2017-8840