WP This Week in Application Security News, March 31-April 6, 2018 | Imperva

This Week in Application Security News, March 31-April 6, 2018

This Week in Application Security News, March 31-April 6, 2018

News highlights this week: Panera Bread customer data breach, Mirai-style botnet is targeting financial institutions and Microsoft patches malware protection engine.

Panera Bread data leak

Over the last eight months, Panera Bread exposed millions of customer records all in plain text, accessible to anyone with a casual search. The breach included names, email addresses, home addresses, birthdays, and the last four digits of any cards used on panerabread.com.

Read more…

Panerabread.com Leaks Millions of Customer Records (Krebs on Security, April 2)

For Months, Panera Bread Website Reportedly Exposed Millions Of Customer Records (NPR, April 3)

Panera Bread Leaves Millions of Customer Records Exposed Online (Dark Reading, April 3)

Panera Bread Exposed Data On Millions Of Customers For 8 Long Months (Forbes, April 4)

Mirai-style botnet, Microsoft RCE vulnerability

It was revealed that a botnet based on Mirai was used to attack at least three European financial institutions in January.

Read more…

Mirai Variant Botnet Takes Aim at Financials (Dark Reading, April 5)

A new Mirai-style botnet is targeting the financial sector (ZDNet, April 5)

Mirai variant botnet launches IoT DDoS attacks on financial sector (Tech Republic, April 5)

Microsoft has rolled-out security updates to fix a critical remote code execution flaw affecting Windows Defender and other anti-malware products.

Read more…

Windows 10 security: Microsoft patches critical flaw in Windows Defender (ZDNet, April 4)

Microsoft patches Malware Protection Engine to protect against devastating memory corruption attack (Tech Republic, April 4)

Microsoft Patches Critical Flaw in Malware Protection Engine (Dark Reading, April 4)

In other news…

7 Deadly Security Sins of Web Applications (Dark Reading, April 4)

100% of Web Apps Contain Vulnerabilities (Info Security, April 5)

Define DevOps’ Role in Application Security (Information Week, April 2)