Friday Five: 6/10 Edition
It’s Friday! Catch up on the top infosec headlines with our weekly news roundup.
1. Passwords for 32M Twitter accounts may have been hacked and leaked by Catherine Shu and Kate Conger
“[email protected]”, who gave LeakedSource hacked data from Russian Facebook VK, once again sent LeakedSource stolen account credentials…this time from Twitter. Though Twitter says it hasn’t been breached, more than 32 million passwords are being sold on the dark web. This adds to the recent string of social media hacks at LinkedIn and Myspace. LeakedSource “confirmed” the validity of the hack by asking 15 users to verify their passwords. However, experts are skeptical. Whether or not the accounts were actually hacked, Twitter users are advised to change their passwords just in case. Read the full article on TechCrunch for more on what could be one of the latest social media hacks.
The Investigatory Powers Bill has been going through British Parliament this week. Also known as Snooper’s Charter, this Bill will strengthen British security services’ power to hack into and bug its citizens’ phones and computers. The government will also be able to access people's web browsing data, which many will consider a significant invasion of privacy. This will lead to increased usage of Tor, which routes traffic across several points to mask user activity. However Tor can also pose a high risk for malicious attacks. Read the full article for more information from Digital Guardian's Thomas Fischer.
As mentioned above, Tessa88 has also provided LeakedSource with stolen records from VK.com, a Russian social networking site. The asking price is only about $580 USD in Bitcoins. Stolen data include names, login credentials, and phone numbers, and at least 100 million accounts have been compromised. The records are thought to have been stolen in 2012 and could span VK's entire membership. For more on VK's breach, read the full article.
Making the headlines every week, ransomware has struck again. This time hitting at least 10,000 Australians. This latest campaign sends a faux bill via email that seems to come from AGL, a local energy company. However, when recipients click to download their bill, a .zip file freezes their computer instead. In order to regain access, a ransom of $640 USD must be paid. A little caveat: as we've seen with the Kansas Heart Hospital ransomware hit, a paid ransom does not always equal an unlocked computer. Read the full article for more information.
As ransomware rises, so too does phishing. The Anti-Phishing Working Group, which published its Phishing Activity Trends Report for Q1 2016 has found that there's been a 250% increase in phishing sites between October 2015 and March 2016. In addition, the most targeted industry is the retail/service sector with over 42% of attacks and the United States continues to be the nation hosting the most phishing sites. Security awareness and training are important for reducing the threat. Go to Infosecurity Magazine for more on phishing activity trends.