Friday Five: 7/29 Edition
It's Friday! Catch up on the top infosec headlines with our weekly news roundup.
The luxury hotel chain, Kimpton Hotels, is investigating a possible payment card data breach. The hotel chain said that it was “recently made aware of a report of unauthorized charges occurring on cards that were previously used legitimately at Kimpton properties.” This follows many other hotel chains that were recently breached including Omni Hotels and Hard Rock Hotels. For more information, read the full article on CSO.
The most recent hack of the DNC and the Wikileaks publication of emails deepened the divide between the supporters of Hillary Clinton and Bernie Sanders. As a result, the Obama administration, and the FBI, have started to publicly investigate this cyberattack, which many think is the result of Russian Intelligence. However, this is not the first political hack, and it will certainly not be the last. This article compiles a list of the most infamous political hacks in recent years, with the help of Digital Guardian’s new political hacks infographic. For more information on the most recent DNC hack, read the full article on Politico.
The cyber criminal gang that is behind the Petya and Mischa ransomware programs leaked 3,500 private keys from Chimera, another ransomware program. The developers of Mischa have claimed that they have gained access to the development systems used by Chimera’s creators. With this new access, they obtained the source code for Chimera and integrated it into their own ransomware. Chimera is different from other ransomware because it encrypts and threatens to leak user files on the internet. To learn more about this rivalry, read the entire article on IT World.
A newly discovered tactic allows hackers to record and control keystrokes on wireless keyboards within a 250-foot radius. A similar-style vulnerability was previously discovered in wireless mice, and keyboard attacks promise to be just as dangerous. Because the keystrokes are not encrypted when transmitted to the computer, cyber criminals are able to intercept the signal while remaining undetected. Although the attacks do not affect Bluetooth keyboards, trusted tech companies including GE, Kensington, HP, and Toshiba are producing wireless accessories that are vulnerable. Experts are calling the attacks Keysniffer. To learn more, read the full article on Wired.
5. Zero-day Hole Can Pwn Millions of LastPass Users, All that's Needed is a Malicious Site by Darren Pauli
Whitehat hacker Tavis Ormandy has found another gaping vulnerability, this time in LastPass. The bug would allow a hacker to trick LastPass’s Firefox add-on into running in the background if the user visited a malicious website. The hacker would essentially be able to read, change, and delete any information stored in the cloud-based password vault. As of July 28, the hole has been patched and an update has been sent to Firefox. The patch is also available for download on the LastPass website. To read more about this malicious bug, read the full article on the Register.