Google first discovered the bug in March 2018 and released a patch and a statement to say that there was no evidence of misuse or evidence of the vulnerability being exploited. However, Google felt that the effort involved in protecting user data on the social network outweighs the benefit of keeping the functionality running, when it hasn’t proven to be a very popular social network. They are set to close the consumer functionality of Google+ over a 10-month period.

After performing a code review of the Google+ APIs, they discovered a bug that could leak the personal information of Google+ account users. The bug allows a user to use installed apps to utilize the API and see personal information of that user’s friends. This personal information includes name, email address, occupation, gender and age.

Although Google has said they have seen no evidence the bug was exploited, it’s not possible for them to know if it has, or the extent, since they only keep two weeks of API logs for the Google+ service.

A report done by the Wall Street Journal stated that the bug existed between 2015 to March 2018 when it was patched. Google decided not to disclose the bug even though they weren’t sure it wasn’t exploited. The Wall Street Journal reported they have seen a memo by Google’s legal team advising not to disclose the data breach in case it attracts negative attention from government agencies around data protection.

A Google spokesperson has said they didn’t disclose the breach because it didn’t reach the necessary threshold to warrant informing users.

The post Google+ Shutting down after info from 500k Accounts is leaked appeared first on Hack Ware News.

So far as 2018 progresses, the year seems rather promising with the exception of recurrence of “Black Monday” on 5 February 2018 which witnessed the biggest Dow Jones drop of all time over the stock markets. Cryptocurrency also went with the dive since achieving historical high late last year.

For the cybersecurity sector, no boom and bust cycle yet as the year entered the second month. However, US-headquartered security technology firm, A10 Networks highlighted to Hackwarenews on the cyber threats trend ahead for 2018.

Bigger, bolder and costlier cyber-attacks expected in 2018

Song Tang Yih, vice president Asia Pacific of A10 Networks told Hackwarenews that cyber-attacks in 2018, will be bigger, bolder and much costlier for victims.

“For 2017, spending on cybersecurity reached USD86 billion which was a humongous amount,” said Song.

Furthermore, he noted that the average data breach cost in 2017 accounted to around USD 4 million, while the annual cyber-attack cost ballooned to USD 400 billion alone. Using these past data, Song expected an increasing volumes of cyber-attacks in 2018, as hackers used more sophisticated approaches such as “Reaper malware” to breach vulnerabilities in systems for financial benefits.

More state-sponsored attacks expected

Some of these cyber-attacks were believed to be state-sponsored in nature at a bid to obtain hard currency as voiced out by Jonathan Tan, regional vice president, ASEAN and Pakistan of A10 Networks.

“There is no good time or bad time, where the hackers will rest. In fact, more so during the bad time, hackers will hack for finance gains.” commented Tan.

Some of the cyber-attacks were believed by Tan to be inspired by regional tensions among countries which eventually conducted cyberwars to breach each other systems. To Tan, Singapore is in the forefront of this battle due to the connectivity among its various governmental services and its ambition of becoming an IT-savvy Smart Nation.

Telco Operators on the hit list

Beside government networks, Tan expected Telecommunication (telecom) operator to be next victims due to its role in serving as the conduit for businesses. In his opinion, the hackers will seek to exploit Internet Protocol version 6 (IPv6) or Internet of Things (IOT) vulnerabilities.

Cameras and surveillance system run via the telecom network will also be another vulnerable spots for attacks to compromises corporates securities or simply to bring the whole network down to the attackers’ advantages.

The Challenges of merging various Cloud platforms

In 2018, Song estimated more corporations and organisation to merge their private clouds with public clouds into multi-cloud environments for scalability purposes. The merging processes, however might provide more vulnerabilities for data breaches and the call for the protection of personal data online is more needed than ever.

The good news is that there are already some partnership and technology development set in motions to smooth out the merging of private and public cloud. For instance, software giants like Microsoft, Azure and Google have come together to provide uniform set of infrastructures and application program interface (API) for hybrid clouds to further improve efficiency.

Deceptive technology to act as sheepdog against cyber-attacks

Despite the various threats, security services providers like A10 Networks has something in their sleeves against cyber-attacks. One of the weapons will be using adaptive, deceptive and predictive security products to prevent cyber-attacks.

To certain extent, Tan even dubbed the deceptive and predictive technology into a “Top Five Technology” in 2018. As these know-hows give security operators the ability to predict a cyber-attack that is yet to happen.

“Deceptive and predictive technology allows the security firm to trick the hackers to stay ahead of them and protect systems,” concluded Tan.

In his opinion, the digital security will eventually become a basic human right issue as our world gets more interconnected and our dependence on safe communication become close to our needs for clean air, water and food.

The post Annus horribilis or Annus Mirabilis for cybersecurity in 2018 appeared first on Hack Ware News.