Top 7 Cybersecurity Stories This Week 01-13-2017
The badly configured Sanrio database was copied before it was fixed and it went unnoticed for a year. The database resurfaced online with over 3.3 million records. At the time, Sanrio speculated the exposure was due to maintenance conducted several weeks prior, on November 20, 2015. The database contained just over 3.3 million records from sanriotown.com, including 186,261 records assigned to people under the age of 18. Read More.
The WikiLeaks Task Force sparked alarm last week when it tweeted it was mulling building a digital database of verified Twitter users using personal information that included data on their jobs and families. "We are thinking of making an online database with all 'verified' twitter accounts & their family/job/financial/housing relationships," the task force said on Friday in one of a flurry of tweets, since removed. Read More.
An investigation into a Ukrainian power outage last month was confirmed as a cyberattack. This is the second hack to a Ukraine power facility – the first happened in December 2015 and affected about 230,000 people. Taken together, some are concerned that Ukraine’s critical infrastructure is being used as a testbed to refine attacks that could be used to target other countries in the future. Read More.
On Monday, the FDA affirmed that a variety of St. Jude medical devices were vulnerable to cyberattack. In response, St. Jude announced a set of patches for the Merlin remote monitoring system, which is used with implantable pacemakers and defibrillator devices. Previously, St. Jude denied that security flaws existed; however, they now claim the updates would "complement the company's existing measures and further reduce the extremely low cyber security risks." Read More.
A college in Los Angeles paid $28,000 as a ransomware demand after learning it had no alternative ways to gaining back its stolen files. Attackers encrypted hundreds of thousands of files on New Years Eve affecting the campus' 1,800 staff and 20,000 students. The $28,000 ransom stands as one of the largest ever publicly acknowledged. After paying the ransomware, the school was delivered a key to unlock the files. Read More.
A researcher discovered a vulnerability with several Internet browsers’ autofill features, which could leak personal information without users realizing it. The vulnerability affects Chrome, Safari, Opera and LastPass. Here’s how the scam works: When users begin to fill in one piece of information, the other information saved in the browser's autofill populates other text boxes, potentially handing that data over to the thief. Read More.
The malware known as Shamoon, or Disttrack, which is known for targeting Saudi Arabia's state-owned oil company in 2012, is back and was discovered to have a new ability to destroy virtual desktops, according to researchers from Palo Alto Networks. This family of malware is part of destructive programs known as disk wipers.The latest variant has been updated to include legitimate credentials to access virtual systems. Read More.