Disney’s not so happily ever after | This week in cybersecurity
United Airlines Cockpit Codes Accidentally Leaked
The confidential codes required to access United Airlines' cockpits have been accidentally leaked to the public in what the airline calls a mistake, rather than a data breach. The airline sent out a blast alert to employees over the weekend warning them of the inadvertent code leak, caused by a flight attendant who posted the information online, reports ZDNet. Read more.
Aftermath of WannaCry Global Ransomware Attack
Since its discovery on Friday afternoon, the WannaCry ransomware attack continued to spread this weekend. As of this morning, Europol estimates that more than 200,000 computers in over 150 countries were impacted, including FedEx, NHS, Nissan (a plant in the UK), Russia's Interior Ministry, Germany's Deutsche Bahn rail system, Telefonica, Sky News, Bank of Times ATMs, The Japan Times. Read more.
Hackers Hold Disney Movie Ransom
A hacker or hackers claim to have stolen an unreleased film from Disney and threatened to release it online unless the company pays a ransom, Chief Executive Robert Iger told employees. Speaking at a town hall for Disney’s ABC News division Monday, Iger did not specify how much bitcoin was being demanded but said Disney wouldn’t pay the ransom. Read more.
Breach at DocuSign Led to Targeted Email Malware Campaign
DocuSign, a major provider of electronic signature technology, acknowledged today that a series of recent malware phishing attacks targeting its customers and users was the result of a data breach at one of its computer systems, reports Krebs on Security. The company stresses that the data stolen was limited to customer and user email addresses, but the incident is especially dangerous because it allows attackers to target users who may already be expecting to click on links in emails from DocuSign. Read more.
Indian Restaurant App Zomato Targeted by Hackers
The restaurant app Zomato said early Thursday that hackers have stolen users' data, reports Fortune. The hackers were able to get users' email addresses and passwords but not any payment or credit card information, according to a release from the Indian startup. The company said the breach was caused by an employee's development account being compromised. Read more.
Hacking Into Mar-a-Lago is Apparently Pretty Easy
An investigation by ProPublica and Gizmodo found that the Wi-Fi networks at President Donald Trump’s properties are actually rather easy to hack into. Piloting a boat within 800 feet of Mar-a-Lago, Trump’s private Palm Beach resort, reporters used a wireless antenna to identify Wi-Fi networks with weak encryption within the “Winter White House.” The lack of strong cyber-security at Trump’s properties could present a national-security threat, the reporters argue. Read more.
TrapX Discovers Rare Iranian-Russian Link in Cyber Attack
For 18 days last month, a team of security experts at TrapX found themselves engaged in digital combat with a group of hackers determined to break into the network of a military contractor, reports The New York Times. Every time the hackers, believed to be Iranian, gained a toehold in one server, the defenders shut down their access. A few days later, the hackers would come in through another digital door, and again the defenders would block them. Read more.
A French regulator has fined Facebook €150,000 for breaching data protection laws in the social network’s latest spat with European authorities over privacy, reports Financial Times. The Commission Nationale de l’Informatique et des Libertés imposed the sanction after finding that Facebook was collecting information on users for advertising “without having a legal basis.” The regulator also accused Facebook of “unfair” tracking of people as they browse the web, without offering users sufficient warnings. Read more.