Friday Five: 8/10 Edition
A vulnerability in WhatsApp, data leaking flaws on Comcast's website, and more -- catch up with the week's infosec news with this roundup!
1. WhatsApp Vulnerability Allows Attackers to Alter Messages in Chats by Lawrence Abrams
With the huge number of users on WhatsApp and the billions of messages sent every day, the platform has faced some serious backlash for being linked to a rash of what some call "fake news." Researchers from CheckPoint have apparently figured out how to manipulate messages to change messages that have already been sent, as well as change who the sender appears to be. The app's vulnerabilities app could be detrimental because WhatsApp is widely used to share messages not only in family groups but also in businesses to customers and other colleges. The range of information shared can get very classified, yet people still do it. This provides hackers with a great opportunity to hack and manipulate or steal sensitive information.
2. You can buy Bitcoin ATM malware for $25,000 in the Dark Web by Charlie Osborne
Traditional ATMs, which connect banks to bank cards, have long been a target for hacking. Whether it was malware or physical tampering with devices, people found a way into systems to steal money. Now, virtual cryptocurrency ATMs have come into play, and hackers are wasting no time trying to penetrate the software. Researchers found malware going for around $25,000 on the dark web that's specifically intended to be use on these next-generation cryptocurrency ATMs. The malware developers were able to take advantage of the fact that many companies and types of currencies are popping up with little standardization to the industry. Hopefully the high price of the malware will deter many people from purchasing it.
3. Security Flaws On Comcast’s Login Page Exposed Customers’ Personal Information by Nicole Nguyen
Comcast is apparently reviewing claims that the company accidentally exposed details belonging to 26.5 million customers, including their partial home addresses and Social Security numbers. A researcher, Ryan Stevenson, discovered the data leaking from the company's site but it wasn't until it was prompted by BuzzFeed, who reported the news on Wednesday, it fixed the issues. "We quickly investigated these issues and within hours we blocked both vulnerabilities, eliminating the ability to conduct the actions described by these researchers. We take our customers’ security very seriously, and we have no reason to believe these vulnerabilities were ever used against Comcast customers outside of the research described in this report," the company told reporters this week.
Building a Data-Centric Security Architecture from the Ground Up: A Customer Story
4. New genre of artificial intelligence programs take computer hacking to another level by Joseph Menn
A team at IBM recently developed an AI program that uses machine learning to create hacks that bypass even the toughest security measures. The team did a demonstration and spoke at the Black Hat security conference in Las Vegas on Wednesday about the experiment. Up to this point in time, no one has caught any malicious software that was configured using artificial intelligence, but that could be because it is so difficult to detect, not because it hasn’t been created yet.
5. The PGA Possibly Infected with the BitPaymer Ransomware by Lawrence Abrams
According to GolfWeek, the Professional Golf Association discovered on Tuesday that they had been attacked by ransomware hackers when ransom notes began popping up on computer screens in several offices. The culprit of the attack is believed to be BitPaymer, ransomware that has been attacking machines more frequently recently. Unfortunately for the PGA, the BitPaymer ransomware is a very secure software that has been known to charge huge amounts of Bitcoin as payment to decrypt the files they invaded.