By: Anthony Gil

Amazon accounts hacked! | This week in cybersecurity

Too busy working to keep up with cybersecurity news this week? Here’s a round-up of the top stories from the cyberscape.

Amazon’s Third-Party Sellers Hit by Hackers

Hackers are targeting the growing population of third-party sellers on Amazon, using stolen credentials to “post fake deals and steal cash.” Hackers have gone into active seller accounts and changed the bank-deposit information to steal tens of thousands of dollars from each.  They have also posted fake listings at high prices with big discounts in order to pocket the cash. The fraud was made possible largely due to email and password credentials that were stolen from previously hacked accounts and were then sold on the dark web. Read more.

The Shadow Brokers are Back

According to SCMedia, Despite claiming earlier this year that they were going silent, the Shadow Brokers hacking group that leaked cyber tools stolen from the U.S. National Security Agency resurfaced on Saturday, publishing the password to an encrypted collection of files that appear to contain even more exploits and operational details. Read more.

Hackers Breach Dallas Emergency Alarm System

Hackers reportedly turned on 156 of Dallas’ emergency alarm systems at once on Friday, despite the fact that there was no sign of any natural emergency. The mayor of Dallas noted that “this is another serious example of the need for us to upgrade and better safeguard our city’s technology infrastructure,” and highlights how critical infrastructure systems are vulnerable to attack. Read more.

Microsoft Word Zero-Day Used for Dridex

“Booby-trapped documents exploiting a critical zero-day vulnerability in Microsoft Word have been sent to millions of people around the world in a blitz aimed at installing Dridex, currently one of the most dangerous bank fraud threats on the Internet,” reports Ars Technica. Read more.

Feds Deliver Fatal Blow to Kelihos Botnet

Federal prosecutors say they’ve dealt a fatal blow to Kelihos, a network of more than 10,000 infected computers that was used to deliver spam, steal login passwords and deliver ransomware and other types of malware since 2010. Reuters reported that the takedown was announced on Monday, one day after authorities in Spain reportedly arrested alleged Kelihos operator Pyotr Levashov. Read more.

Hackers Can Use Your Phone’s Sensors to Steal your PIN Number

According to Mashable, hackers might be able to steal your PIN number just based on the way you tilt your phone. Researchers say that embedded JavaScript code can compromise user’s sensitive information by, “listening to the side channel data provided by the motion and orientation sensors without user permission.” Read more.

Vulnerabilities in Travel Routers

According to ZDNet, several popular travel routers are at risk of a number of vulnerabilities including easily exploitable flaws. One of the routers studied could be tricked into turning over its plaintext admin credentials and wireless network address, which run as root, with a text message containing a simple line of code. Read more.

Learn more about Zscaler.