The week in security: Facebook scores password own-goal, ASD may not share new vulnerabilities

Facebook was on the back foot after revelations that hundreds of millions of customer passwords were being stored in plaintext.

A new form of ransomware called LockerGoga proved crippling for Norsk Hydro’s global IT network, putting the company into response mode and forcing it into a major effort to plan a recovery from what was potentially wiper malware.

The incident was a reminder about the ongoing incidence of malware in its various forms – including malvertising, which is both extremely common and extremely hard to fight.

Meanwhile, a 0day in SoftNAS Cloud drew warnings that users should upgrade ASAP, and Cisco was reaching out to customers to patch high-priority vulnerabilities in its 7800 and 8800 series IP phones.

The Australian Signals Directorate admitted it might be less proactive about a discovered vulnerability – keeping quiet about its discoveries if it was in the national interest to do so – the organisation said in outlining ‘Responsible Release Principles’ that elucidate its decision-making processes.

That leaves users to manage their security exposure using the likes of Microsoft Defender ATP – which the company rebranded from its previous Windows-only assignation after delivering it for Mac users as well.

That does nothing, of course, to stop other threats like the re-emergence of the Magecart payment card skimmer gang.