CyberSecurity Pulse 2016-11-17
|“Do not be afraid to take a big step, a precipice hopping is not passed.”|
Facebook Buys Passwords on the Black Market!
Sincerely, such a statement is really worrying considering the amount of personal information collected as it would imply being storing credentials and information even linked to users who might not be their customers. Apart from this, Facebook would be contributing to finance the malicious activities of several cybercriminal groups which would be gaining profit by buying and selling data breaches. If we feel that the real problem is password reuse, we should start considering once and for all the implementation of more modern authentication systems to prevent the use of passwords at all.
AdultFriendFinder Network Hack Exposes 412 Million Accounts
More than 412 million user accounts have been exposed thanks to the recent FriendFinder Networks hack. The breach included 20 years of historical customer data from six compromised databases: Adultfriendfinder.com, Cams.com, Penthouse.com, Stripshow.com. iCams.com, and another unknown domain. According to LeakedSource, this is the biggest data breach in 2016. The attack happened at around the same time as one security researcher known as Revolver, disclosed a local file inclusion flaw on the AdultFriendFinder site, which, if successfully exploited, could allow an attacker to remotely run malicious code on the web server. But it’s not known who carried out this hack. When asked, Revolver denied being behind the data breach and, instead, blamed users of an underground Russian hacking site.
The Secretly Installed Android App That Was Sending Your Information Without Permission
This week, the security firm Kryptowire has identified a firmware that would be collecting sensitive personal information from different smartphone models using Android. The failure, initially discovered in the BLU R1 HD device, was sending certain information to external servers related to the body of the text messages, the contact list, the call history and the IMSI and IMEI numbers. Blu Products, which blames for the incident to a third-party application, is providing on its website a guide that let users verify whether or not their devices are vulnerable. In this website, they also collect the list of affected models that include, in addition to the R1 HD others such as Energy X Plus 2, Studio Touch, Advance 4.0 L2, Neo XL, and Energy Diamond.
Rest of the Week´s News
US Post-Election: Phishing Emails Targeting NGOs and Think Tanks
Just a few hours after Donald Trump won the 2016 US Presidential Election, a hacking group known as Cozy Bear, APT29, and CozyDuke launched a wave of cyber attacks targeting policy think-tanks with a new spear phishing campaign designed to fool victims into installing PowerDuke malware.
The US Military Launches “Hack the Army”
Announced by outgoing secretary of the Army Eric Fanning, this new bugbounty program asks hackers to vet and find flaws in the Army’s digital recruiting infrastructure. “Hack the Army” is more focused on recruitment sites and databases of personal information about both new applicants and already existing army personnel.
This Hack Gives Linux Root Shell Just By Pressing Enter for 70 Seconds
A hacker with little more than a minute can bypass the authentication procedures on some Linux systems just by holding down the Enter key for around 70 seconds. The act grants the hacker a shell with root privileges, which allows them to gain complete remote control over encrypted Linux machine.