Uber concealed a 2016 data breach that exposed data on 57 million users

Security Digest Information security news and advice from TechTarget's network |November 29, 2017 FEATURED STORY Uber breach affected 57 million users, covered up for a year by Michael Heller, Senior Reporter A 2016 Uber breach affecting data for 57 million users was covered up by the company, including a $100,000 payment to the attackers to keep the incident quiet. (SearchSecurity.com) Advertisement NEWS   Scarab ransomware joins with Necurs botnet for faster spread The Scarab ransomware received an upgrade and researchers have seen it being spread via the Necurs botnet, meaning the malware can spread to millions in a handful of hours. (SearchSecurity.com)   Uber data breach raises unsettling questions for infosec The Uber data breach episode is another black eye for the ride sharing company, but the cover up raises troubling implications for the infosec community. (SearchSecurity.com)   DOD exposed data stored in massive AWS buckets A security researcher at UpGuard found exposed data in Amazon Web Services' cloud storage buckets. And once again, the data belongs to the Department of Defense.  (SearchSecurity.com)   Multiple Intel firmware vulnerabilities in Management Engine Security researchers tested the controversial Intel Management Engine and other products, finding multiple Intel firmware vulnerabilities. (SearchSecurity.com)   Risk & Repeat: Vulnerabilities Equities Process gets an update In this week's Risk & Repeat podcast, SearchSecurity editors discuss the new charter for the Vulnerabilities Equities Process and what it means for the infosec community. (SearchSecurity.com)   Researchers bypass iPhone X security feature Face ID News roundup: In under a week after its release, researchers were able to bypass the main iPhone X security feature, Face ID. Plus, Microsoft patched a 17-year-old flaw, and more.  (SearchSecurity.com) EXPERT ADVICE   How to add HTTP security headers to various types of servers Expert Judith Myerson outlines the different types of HTTP security headers and how to add them to different servers, including Apache, Ngnix and Microsoft IIS Manager. (SearchSecurity.com)   How to use the NIST Cybersecurity Framework for the cloud Aligning the NIST Cybersecurity Framework with cloud services like AWS and Azure can improve cloud security. Expert Ed Moyle explains how to best use the framework for the cloud. (SearchCloudSecurity.com)   How a technology advisory group can benefit organizations A technology advisory group can have an irreplaceable impact on an organization. Kevin McDonald explains how volunteer advisors can aid law enforcement and other organizations. (SearchSecurity.com)   How does the Stack Clash vulnerability target Unix-based OSes? A privilege escalation vulnerability known as Stack Clash affects Unix-based OSes. Expert Michael Cobb explains the flaw and how to protect systems from being exploited. (SearchSecurity.com) About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Security Digest, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget Security Media Group, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2017 TechTarget. All rights reserved.