Skip to main content

Friday Five: 3/17 Edition

by Ellen Zhang on Tuesday September 15, 2020

Contact Us
Free Demo

It's Friday! Catch up on the latest infosec headlines with our weekly news roundup.

1. U.S. authorities charge Russian spies, hackers in huge Yahoo hack by Dustin Volz

One of the largest data breaches in history, the hack on Yahoo devastated hundreds of millions of user accounts. This past Wednesday, U.S. authorities charged two Russian intelligence agents and two hackers for the cyberattack. The Justice Department’s indictment includes 47 charges of conspiracy, economic espionage, theft of trade secrets, aggravated identity theft and more. This is the first time the US has criminally charged Russian spies for cyber offences. Russian authorities deny any official involvement in the Yahoo hack, though even since last September, Yahoo has pointed its finger at state-sponsored hackers. For more info on the indictment, read the full article.

2. Millions of records leaked from huge US corporate database by Zack Whittaker

Once again, millions of records have been breached. The database contains over 33 million email addresses and contact information of thousands of corporate employees including those working in the Department of Defense, the US Postal Service, AT&T, IBM and Boeing. The database is owned by Dun & Bradstreet and is used by marketers. Unfortunately it’s not known how the data was breached or who to blame, but 14% of the email addresses in the database already existed in the Have I Been Pwned database. Though Dun & Bradstreet is downplaying the risk this breach poses, the database contains PII that can be used in phishing scams. Head to ZDNet for the full scoop.

3. Suspected Hack Attack Snagging Cell Phone Data Across D.C. by Adam Kredo

A spike in suspicious cellphone activity in the D.C. area is being investigated by the Department of Homeland Security. Officials are concerned that hackers may be surveying the communications of U.S. government officials and foreign diplomats. Based on information gathered, it seems that a third-party, likely a nation-state because of the level of sophistication, is tracking a large number of cellphones, which could allow a hacker to pinpoint which ones are being used by government entities. This could result in those phones being wiretapped and hacked. A spokesperson for one government official said that his office had received a tip that it was T-Mobile’s network that had been compromised. T-Mobile has also been faced recently with problematic 911 “ghost calls” linked to two deaths in Dallas. Read the full article on the Washington Free Beacon.

4. Twitter accounts tweet swastikas and pro-Erdoğan support in massive hack by Alex Hern

If you logged onto Twitter Wednesday morning, you probably saw some high profile accounts tweeting pro- Erdoğan, Turkey’s current president, propaganda and Nazi swastikas. Hacked accounts included Forbes, Amnesty International, BBC, Unicef and more. They were compromised via Twitter Counter, a third-party analytics service that was hacked in November of last year when other high profile accounts like Playstation and The New Yorker sent out spam tweets. Twitter Counter has started an investigation and blocked all ability to post tweets using their system. The hack is in anticipation of Turkey’s April 16th referendum on granting President Erdoğan stronger power. Read the full article on The Guardian.

5. 'Anonymous' Joins Hacker Army Targeting Central Banks for Cash by Chiara Albanese, Daniele Lepido, and Giles Turner

Last year saw a surge in cyber attacks against global monetary authorities, including the high profile Swift breach where hackers stole $81 million from the Bangladeshi central bank. Insiders have confirmed that Anonymous has renewed its attack against central banks starting in February of this year. Last year, Anonymous had attacked at least eight banks, including Dutch Central Bank, the Bank of Greece, and the Bank of Mexico. Successful hacking of central banks is incredibly lucrative. Over the course of 2016, hackers stole $21 million from the Bank of Russia. Though the Anonymous insiders did not reveal which banks were being targeted, they did say that the hacktivist group is actively recruiting new hackers to join their efforts. Read the full article on Bloomberg.

Tags:  Security News

Recommended Resources

The Definitive Guide to DLP

All the essential information you need about DLP in one eBook.

The Ultimate Guide to Data Protection

Everything you need to know about data protection but were afraid to ask.