Friday Five: 10/14 Edition
It's Friday! Catch up on the top infosec headlines with our weekly news roundup.
Emails stolen from Clinton campaign chairman John Podesta have been leaked. Just last week, a hacker released thousands of emails taken from Clinton insider, Capricia Penavic Marshall. Dumped onto WikiLeaks, this latest email trove is claimed to contain over 50,000 emails. Though the Clinton campaign hasn’t confirmed the legitimacy of this leak, WikiLeaks tweeted, “There is no denial and we have a 100% record for accuracy.” However, the Clinton campaign has confirmed Podesta’s Twitter was hacked, and new evidence suggests that his iCloud account may have been breached. Fingers are pointed towards the Russian government, whom the US government officially accused last week for the DNC hack. For more info on the latest political hack, read the full article.
With less than two months left in the year, 2016 has brought about yet another large data breach. Over 58 million users of Modern Business Solutions, which provides data storage and database hosting services, were affected. Information leaked includes names, IP addresses, birthdays, emails, vehicular data, and occupations. Twitter user @0x2Taylor, who uploaded the original data dump, posted an update claiming that they had discovered even more data. Have I Been Pwned?, a breach notification service, cites the official number of users breached at 58.8 million and 37,000 notifications were sent to users monitoring either their emails or domains. Read the full article on Ars Technica.
Newly discovered, CryPy, is a ransomware that uses a unique key for every file it encrypts. Like HolyCrype, Fs0ciety Locker and Zimbra, CryPy is written in Python. Because it encrypts every individual file with a fresh encryption key, CryPy stands out as particularly sophisticated. This ransomware is probably in the early stages of development, but if updates are continued, CryPy could prove to be quite a pain for those infected. As ransomware gets more sophisticated, be extra careful about phishing campaigns and suspicious sites. Get more details on ZDNet.
After the Krebs on Security DDoS attack and the release of the Mirai botnet source code, Akamai did some research and found that over 2 million devices from routers to DVRs, are compromised by weaknesses in the Secure Shell protocol (SSH). SSH is used to facilitate remote system access, and hackers use vulnerabilities in SSH to make unauthorized connections, or "tunnels", with IoT devices. They can then route malicious traffic from the device. Unfortunately, this vulnerability has been a longtime security flaw. Moving forward, both companies and customers need to develop better practices around SSH including changing default admin credentials and disabling SSH on devices unless it's absolutely necessary. For more, read the full article on Wired.
Verizon, set to buy Yahoo, is now claiming it has a reasonable basis to withdraw their deal with Yahoo following the massive data breach affecting over 500 million users. People are questioning why it took Yahoo so long to discover and disclose a breach that happened in 2014. No U.S. company has been successful in court invoking the material adverse clause, but Yahoo may be forced to renegotiate its price. Read more on Reuters.