Top 7 Cybersecurity Stories This Week 03-24-2017
WikiLeaks Plays Hard to Get with Its Zero-Day Info
Last week, WikiLeaks promised it would share the technical details and code of the hacking tools that the CIA has allegedly developed against Google, Apple, Microsoft and other tech companies. Now the secret-spilling site has finally made initial contact with the companies. Read more.
Star Trek-Themed Ransomware Demands New Crypto-Currency
A new kind of ransomware has a Star Trek-themed decoder and demands a new payment unit called Monero, rather than the most popular crypto-currency Bitcoin. Discovered by Jakub Kroustek of Avast, the "Kirk" ransomware comes in the guise of a legitimate Low Orbital Ion Cannon (LOIC) tool used for testing a website’s capacity to deal with traffic load. Read more.
McDonalds App Leaks Data in India
McDonalds' app McDelivery leaked the personal data of more than 2.2 million users in India. The leaked data, disclosed by payment security company Fallible.co, includes name, phone number, email address, home address and social profile links. Read more.
U.K. Mobile Operator Breached, Again
U.K. mobile operator Three experienced its second data breach in the past year. According to Information Age, customers who logged into their accounts saw the names, data usage, addresses, phone numbers and call histories of fellow Three users. The incident emerged as customers complained to Three via social media. Read more.
A hacker or group of hackers is apparently trying to extort Apple over alleged access to a large cache of iCloud and other Apple email accounts, reports Motherboard. The hackers, who identified themselves as 'Turkish Crime Family', demanded $75,000 in Bitcoin or Ethereum, another increasingly popular crypto-currency, or $100,000 worth of iTunes gift cards in exchange for deleting the alleged cache of data. Read more.
Security researchers have discovered a new attack called DoubleAgent that uses a Windows bug-fixing tool to turn antivirus into malware. The DoubleAgent attack is detailed by Israel-based security firm Cybellum, which claims to have confirmed it can compromise products by Avast, AVG, Avira, Bitdefender, Trend Micro, Comodo, ESET, F-Secure, Kaspersky, Malwarebytes, McAfee, Panda, Quick Heal, and Norton. The company says other antivirus products are also likely to be vulnerable, reports ZDNet. Read more.
Google and sister company Jigsaw are joining forces to defend election organizers and civic groups against cyber attacks free of charge as the broader tech industry seeks to fend off criticism that it is not doing enough to stop online efforts to distort elections, reports Reuters. Read more.