Skip to main content

Friday Five: 8/18 Edition

by Ellen Zhang on Friday August 18, 2017

Contact Us
Free Demo

It's Friday! Catch up on the latest infosec news with this week's roundup.

1. HBO social media hacked in latest cyber security breach by BBC News

In the latest cyberattack on HBO, OurMine, the group that breached Mark Zuckerberg’s social media accounts last year, hacked HBO’s main corporate Facebook and Twitter accounts. This is following leaks of scripts, company documents, and full episodes of various HBO shows. In addition, four suspects related to the Game of Thrones episode leak have been arrested in India. Three of these suspects are current employees of Prime Focus, which stores and processes the Game of Thrones series for an Indian streaming site.

2. Petya ransomware: Cyberattack costs could hit $300m for shipping giant Maersk by Danny Palmer

The world’s largest container ship and supply vessel operator, Maersk, was one of the first high-profile organizations that had fallen victim to the most recent Petya ransomware attack. The attack impacted Maersk Line, APM Terminals and Damco, and they had to temporarily shut down services to prevent the ransomware’s spread. Though they claim no data breach or data loss occurred, they expect a total loss in revenue of $200-300 million according to their press release because of operational interruptions during the shutdown.

3. Hacker claims to have decrypted Apple's Secure Enclave, destroying key piece of iOS mobile security by Brandon Vigliarolo

This week, a hacker going by xerub, released a full decryption key for Apple’s Secure Enclave Processor (SEP). The SEP operates separately from the rest of the device and generates the device’s Unique ID. It also handles Apple’s Touch ID transactions. With the decryption key, the SEP firmware’s code will be exposed as well as its vulnerabilities. This could be a hit to Apple’s mobile security, though xerub claims his intention for releasing the key was to add to the security of SEP. It’s too early to tell what the effects will be but there is still a ton of work that would need to go into exploiting this decryption and being able to compromise customer data.

4. Och. Scottish Parliament under siege from brute-force cyber attack by John Leyden

This week, the Scottish Parliament experienced brute-force attacks on its systems similar to previous attacks on Westminster earlier in June, which were blamed on Russia. The attacks appear to be targeting IT accounts, resulting in account lockouts or failed logins. MSPs and staff have been informed to update their passwords with stronger strings of letters, numbers and special characters.

5. North Korean Cyberspies Target US Defense Contractors Following Nuclear Threats by Catalin Cimpanu

The Lazarus Group, a North Korean cyber-espionage group believed to be a division of the government’s state intelligence, recently switched its target from South Korean organizations to U.S. defense contractors. The Group has been sending spear-phishing emails containing Word documents disguised with job descriptions and internal policies. There were several similarities in this series of attacks to past Lazarus Group campaigns, and with Trump’s recent nuclear threats against North Korea, it’s not a far leap.

Tags:  Security News

Recommended Resources

The Definitive Guide to DLP

All the essential information you need about DLP in one eBook.

The Ultimate Guide to Data Protection

Everything you need to know about data protection but were afraid to ask.