December 2016 Internet Security Report


Merry Christmas and a Happy New Year! December 2016 was full of the usual Phishing, Malvertising, weak security of IoT devices and large breaches of user accounts that the rest of the year had delivered. If you have a Yahoo email account or an email service that is run through Yahoo’s mail service, please change your passwords for those accounts and consider moving to another provider as Yahoo has had two major publicly disclosed breaches in 2016 alone.

If you are still thinking of a new year’s resolution, please consider “changing your passwords to passphrases”.

Threats

Breaches

  • Yahoo released in December that there was another breach, separate from the previously disclosed breach earlier in the year. In this newly disclosed breach, the thieves stole more than a billion user accounts’ data. Yahoo states that “potentially affected accounts, the stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or un-encrypted security questions and answers.”
    If you have a Yahoo account please change your password for this account. If you have used your Yahoo account password for anything else, please change that password too.
    https://krebsonsecurity.com/2016/12/yahoo-one-billion-more-accounts-hacked/

Patches and Updates