By: Anthony Gil

Top 7 Cybersecurity Stories This Week 10-07-2016

Too busy working to keep up with cybersecurity news this week? Here’s a round-up of the top stories from the cyberscape.

Hacker releases code from IoT-botnet DDoS attack

The link to the malware code that powered an unprecedented DDoS attack against the website of cybersecurity reporter Brian Krebs has been posted online. A user named “Anna-senpai” dubbed the malware “Mirai”, which is designed to infect IoT devices that haven’t changed their default usernames and passwords. Once assembled, these massive armies of devices can be controlled from a central server, where they are typically leased out to hackers to launch DDoS attacks against target websites. Read more.

Over 400 instances of Dresscode malware found on Google Play store

Researchers at Trend Micro have warned over 400 instances of Dresscode malware are available for download from the Google Play store. This malware first appeared in April and once downloaded by a user it can be used by those controlling it to conduct cyber espionage, download sensitive data or recruit other devices into a botnet. Dresscode apps disguised as games, skins, themes, and phone optimization boosters have all been spotted in the store: the Trojan is only a small part of the app, making it much harder to spot. Read more.

New Mac OS malware secretly records you video chatting

Synack researcher Patrick Wardle has presented new findings that attackers can enable malware to monitor a Mac and only record the video sessions when the webcam is in use. Mac’s have a hard-wired light indicator that tells the user when it’s in use, however, this malware is able to piggyback when the camera is in use and record so there are no visible indications of malicious activity. Read more.

68 million hacked Dropbox accounts details free to download

While Dropbox had over 60 million account details stolen in August, yesterday the email addresses and hashed passwords associated with these accounts were uploaded online. Thomas White aka The Cthulu, uploaded the entire database on his website—a move that he claims is to help researchers examine the breach. Read more.

FBI arrests NSA contractor responsible for possible theft of secrets

The FBI secretly arrested a Booz Allen Hamilton contractor working for the NSA and is investigating whether he stole and disclosed highly classified computer codes developed to hack into the networks of foreign governments reports The New York Times. Read more.

Guccifer 2.0 posts Democratic Congressional Campaign Committee files

Wikileaks celebrated its tenth anniversary on Tuesday and founder Julian Assange teased the release of documents that could be damaging to presidential candidate Hillary Clinton. However, when he failed to release anything new, the hacker known as Guccifer 2.0 released new documents on his blog. Guccifer 2.0 stated he or she hacked the Clinton Foundation server and downloaded “hundreds of thousands of docs and donors’ databases. Read more.

OurMine hacking group targets BuzzFeed

A portion of BuzzFeed’s website was breached and a handful of articles were defaced by the hacking group OurMine on Wednesday morning. According to a Google search of cached Buzzfeed pages, at least three articles briefly have had their headline changed to “Hacked By OurMine,” or some variation of that. Read more.

 

Learn more about Zscaler.