Saturday Morning Security Spotlight: Jail Breaks and Cyberattacks
Published 12/29/2017
By Jacob Serpa, Product Marketing Manager, Bitglass
Here are the top cybersecurity stories of recent weeks:
— Man attempts prison break through cyberattacks
— Mailsploit allows for perfect phishing attacks
— 1.4 billion credentials found in dark web database
— Starbucks WiFi hijacks connected devices
— Hackers target cryptocurrency employees for bitcoins
Man attempts prison break through cyberattacks In an attempt to acquire an early release for his imprisoned friend, a man launched a thought-out cyberattack against his local prison. Through a combination of phishing and malware, the hacker successfully stole the credentials of over 1,000 of his local county's employees. While he was ultimately caught, he did gain access to the jail's computer system. Mailsploit allows for perfect phishing attacks By exploiting bugs in numerous email clients, a researcher demonstrated how to make an email appear as though it were sent from any email address. Affected clients include Outlook 2016, Thunderbird, Apple Mail, Microsoft Mail, and many more. While some were quick to patch their offerings, others are refusing to address their vulnerabilities. 1.4 billion credentials found in dark web database Dark web researchers have uncovered a massive database listing 1.4 billion unencrypted credentials. The database contains usernames and passwords from LinkedIn, Pastebin, RedBox, Minecraft, and much more. Individuals who reuse passwords across multiple accounts (and their employers) are put at massive risk by the discovery. Starbucks WiFi hijacks connected devices The WiFi of a Starbucks in Argentina was recently found to hijack connected devices to mine for cryptocurrency. The event highlights the dangers of connecting to public networks – even those that may appear trustworthy. Unfortunately, many individuals believe the desire for convenience to outweigh the need for security, putting their employers at risk. Hackers target cryptocurrency employees for bitcoins Hackers from what is believed to be the Lazarus Group are targeting high-level employees of cryptocurrency firms – presumably to steal bitcoins. Attacks begin with phishing email attachments that, when opened, launch malware in the targets' systems. To defend against phishing, account theft, malware, and other security threats, organizations must adopt complete security solutions. Learn how to achieve comprehensive visibility and control over data by reading the Definitive Guide to Cloud Access Security Brokers.