Friday Five: 5/20 Edition
It's Friday! Catch up on this week's top infosec headlines with our news roundup.
1. Another Day, Another Hack: 117 Million LinkedIn Emails And Passwords by Lorenzo Franceschi-Bicchierai
A hacker going by the name of “Peace” is selling the account information of over 100 million LinkedIn users. There are about 167 million accounts in the hacked database, and about 117 million of those contain both the user’s email and password. The initial breach was in 2012 and only about 6.5 million passwords were released. LinkedIn confirmed Wednesday that the new data being released is in fact legitimate. Read the full article for more on this data breach.
Good news for everyone and especially gamers, who are often the target of this ransomware: TeslaCrypt’s master key has been released to the public. The developers of this ransomware, which is proliferated through malicious downloads, exploit kits, and phishing campaigns, were very active and would release newer, more sophisticated versions before the older ones were even cracked. A TeslaCrypt expert has confirmed that they were able to update the TeslaDecoder decryption software to unlock all versions of the ransomware. For more information on this latest update in ransomware news, read the full article.
Recent updates to the $81 million February heist at Bangladesh Bank shows that the same hackers struck a second bank in Asia and maybe more. Rather than targeting bank account holders, these hackers targeted the banks’ SWIFT accounts and obtained valid credentials. SWIFT is the system banks around the world use to move billions of dollars daily between themselves. In addition to these attacks, Tien Phong Bank in Vietnam told Reuters over the weekend that they had managed to stop a similar SWIFT attack in Q4 of last year. Read the full article for more information.
The FDA has issued an alert describing an incident during which antivirus software caused a crucial computer system to pause and require a reboot before the doctors could continue using it. This happened as a heart patient was undergoing a cardiac catheterization and put this patient's life at risk. The alert states that the incident was caused by human error resulting from not following guidelines. This points to the need for proper security training for healthcare professionals so they understand how security software/hardware works with their medical devices. Read the full article for more on this story.
This past Thursday, May 19, was Ransomware Info Day to raise awareness about this malware. Microsoft Malware Protection Center reveals a few stats and tips. The United States, with nearly 321,000 infected systems, is the top ransomware target, with Italy and Canada following. To help protect yourself from ransomware, disable macros, back-up your data externally, and update your OS and antivirus software. Read the full article for more information.