Friday Five: 5/4 Edition
Facebook phishing, hospital malware, and GDPR scams - catch up on the week's infosec news with this roundup!
1. Facebook Is Helping Website Owners Sniff Out Phishing Scams by David Cohen
It’s obviously been a trying couple of weeks for Facebook so it’s refreshing to actually see the company share some good news for a change. At its annual developers conference in San Jose this week the social network announced that its Certificate Transparency Monitoring tool would soon be able to inform site owners when their sites have been spoofed, either by a homograph attack, combo squatting, typosquatting, or other means. The attack methods aren’t new but they are still successful. A Chinese researchers warned how several browsers – Chrome, Firefox, and Opera – were vulnerable to the attack vector, last year. If you’re still confused try following this seemingly benign link for more: https://аррӏе.com/ Facebook developers said this week that going forward the site would determine whether new domains could be used for phishing and notify subscribers.
2. Shhlack Lets You Encrypt Slack Messages So Your Boss Can't See Private Conversations by AJ Dellinger
3. Malware may have compromised some Florida Hospital patient information by Naseem Miller
Officials at several Florida hospitals are warning patients their information may have been impacted by a recent malware attack. Details are scant unfortunately but according to the Orlando Sentinel hospital sites like FloridaBariatric.com, FHOrthoInstitute.com and FHExecutiveHealth.com were all taken offline recently. Patients belonging to the first hospital, Florida Bariatric, may have had their names, email addresses, phone numbers, birth dates, height, weight, insurance carriers and the last four digits of Social Security numbers leaked. It's unclear whether the malware the newspaper is referring to is ransomware but given the rash of healthcare facilities hit by the threat lately, it's probably a safe bet.
Don’t Get Hooked: How to Recognize and Avoid Phishing Attacks (Infographic)
4. Phishing alert: GDPR-themed scam wants you to hand over passwords, credit card details by Danny Palmer
5. Australia's Largest Bank Lost The Personal Financial Histories Of 12 Million Customers by Paul Farrell
Some fairly damning data loss news out of Australia this week via BuzzFeed: The Commonwealth Bank, the continent's largest bank, lost the banking statements of 12 million customers from 2004 to 2014 after one of its subcontractors lost track of the backup magnetic tape drives. The site's Paul Farrell, a reporter based in Sydney, recaps what exactly happened in detail. Spoiler: “One possibility … is that the drives weren’t secured properly and fell from a truck in transit that was carrying the data for destruction,” so there’s that.