Friday Five: 8/24 Edition
Facebook suspends more data stealing apps, Microsoft thwarts Russian hackers, and more -- Catch up on the week's infosec news with this roundup!
1. Twitch Glitch Exposes Some Users’ Private Messages by Catalin Cimpanu
The video game streaming giant Twitch ran into some trouble earlier this year when they tried to get rid of a messages feature. After deciding to phase out the legacy feature, they allowed users the option to download an archive of all their old messages. While some people had no issues with this, others noticed messages in their archive folders that were not from them or sent to them. A bug that misplaced tons of user messages into other folders had many people worried as a number of people used this feature for giveaways and contests. Some messages had sensitive information including email addresses, home addresses and full names. Users were quick to let Twitch know of this and the problem was solved soon after.
2. Russian hacking of conservative groups sites thwarted: Microsoft by Brendan O’Brien
Microsoft discovered and removed six websites over the last week in an effort to stop Russian meddling in U.S. politics. These websites were linked to hacking group, Fancy Bear, which has ties with the Russian government. The hackers created websites to mimic U.S. Senate, conservative think-tanks, and Microsoft OneDrive sites to trick users into providing sensitive information or login credentials. At this point Microsoft is unaware if the hackers were able to get any information before the websites were taken down, however they continue to do as much as possible to continue their search for fake websites. Microsoft has also offered to give advanced security options for U.S. political parties or candidates to keep information safe.
3. Augusta University Health Reports Major Data Breach by DarkReading
Hundreds of thousands of patients’ data was compromised from Augusta University Health after a data breach that occurred September 2017. A phishing attack was launched on the company and several employees fell for the scam by giving out login credentials. For almost a full year hackers got away with invading the company and stealing sensitive patient data. It was not until July 2018 that a third party discovered and alerted the hospital about this.
4. This new ransomware campaign targets business and demands a massive bitcoin ransom by Danny Palmer
Researchers at Check Point recently discovered a new ransomware campaign that has already made Lazarus, a North Korean hacking group, over $640,000 in bitcoin in two weeks. The group is targeting companies which have a real need to pay off the bitcoin ransom to recover sensitive files. The message they are sending to companies advises them that they do not wish to destroy or steal any of the company IP however if the company does not comply with the request, the files may be irreversibly corrupt. The hackers then say that each day the targeted company does not fill the bitcoin request, the amount owed increases. The Ryuk ransomware hacks are similar to SamSam which means these hackers could be getting away with a lot more money if they are able to continue without being stopped.
5. Facebook has suspended hundreds of Cambridge Analytica-like apps by Hillary Grigonis
After investigating into one developer, Cambridge Analytica, and finding that they hijacked data from Facebook users, Facebook has been much more diligent on who they allow in their app store. Facebook has now suspended more than 400 apps due to concerns around how they are built and how they are asking users to share data. They will continue to investigate into each app and company that develops the iOS apps to try to ensure that Facebook users data is not mishandled and sensitive data is not shared.