Happy New Year and welcome to the first 2019 edition of Bug Bytes.
In Australia, ABC News reported that 30,000 Victorian public servants had their work details stolen when the Victorian Government directory was downloaded by an unknown party.
According to Reuters, Germany’s Linke party was also affected by a “hacking incident” this week. While a spokesperson for the party confirmed the incident, adding that Dietmar Bartsch, leader of the party’s group in Germany’s lower house of parliament, was personally affected, they did not confirm an earlier report that hackers had posted personal data from hundreds of German politicians, including credit card and mobile phone numbers.
Back in the U.S., the L.A. Times reported that a malware attack had disrupted the delivery of L.A. Times and Tribune papers across the country. What first arose as a server outage was identified Saturday as a malware attack, which appears to have originated from outside the United States and hobbled computer systems and delayed weekend deliveries of the Los Angeles Times and other newspapers across the country.
News continues to trickle in on the November Marriott breach with CyberScoop reporting that 25 million passport numbers had been compromised. Marriott International said Friday that 383 million customer records were stolen in a data breach last month, down from the hotel chain’s original estimate of 500 million. According to company, hackers had spent roughly four years inside Starwood’s networks.
ZDNet reported that a slew of privilege escalation vulnerabilities had been uncovered (and patched) in the CleanMyMac X utility software. On Thursday, researchers from Cisco Talos disclosed a total of 13 vulnerabilities found in version 4.04 of the software. The good news: together MacPaw and Talos worked together to develop a patch prior to releasing the advisory was released. Users are recommended to update to version 4.2.0 of the software to avoid the risk of exploit.
Meanwhile, Politico covered the House Democrats proposal to improve election security. On Friday, January 4, the Democrats released their government ethics, voting access and election security legislation with one of its 10 sections devoted to election security, with provisions including voting machine vendor cybersecurity standards, paper ballot requirements, grants and a bug bounty program.
Finally, as 2018 wrapped, PYMNTS.com published a comprehensive report on 2018 data breaches – “the list no one wanted to make.”
That’s all for this week’s edition of Bug Bytes. Happy New Year!