The Friday Tech Takeaway - 13.10.17
Tracking friends and strangers using WhatsApp: What seems to be a useful feature within WhatsApp can easily be used to understand your friends and their behaviour in a whole new light. This does involve some investment from yourself and checking your phone constantly. You might also want to question whether your friends are tracking you..! https://robertheaton.com/2017/10/09/tracking-friends-and-strangers-using-whatsapp/
Kaspersky Lab and the AV security hole: With Moscow-based Kaspersky Lab under the gun for its software reportedly helping Russian cyber-spies steal classified US data, some security experts say the same thing could have been pulled off using any other antivirus software, and without any vendor participation.
Equifax now faces potential breach of customer help page: The embattled credit-monitoring company has a credit report assistance link on its help page that will direct users to download a bogus Adobe Flash software update, according to an Ars Technica post.
Olympic Games face greater cybersecurity risks: The Olympic Games is likely to face far more serious and complex cyberattacks in the coming years according to a report released this week by the UC Berkeley Center for Long-Term Cybersecurity (CLTC).
iOS Privacy: steal.password – want a user's Apple ID password? Just ask! Do you want the user's Apple ID password, to get access to their Apple account, or to try the same email/password combination on different web services? Just ask your users politely, they'll probably hand over their credentials, as they're trained to do.
Forrester says hackers stole sensitive reports: Forrester, one of the world's leading market research and investment advisory firms, has admitted to a security breach that took place during the past week. The company says that a yet to be identified attacker (or attackers) has gained access to the infrastructure hosting its website — Forrester.com.
Hyatt Hotels suffers second payment card breach in two years: According to Hyatt, crooks planted malware on payment systems at certain hotels to harvest credit card data from guests that physically entered or swiped at some hotel front desks between March 18, 2017 and July 2, 2017.
Akamai shared a detailed analysis of a Fast Flux Botnet composed of 14K IPs: Experts at Akamai have identified a running botnet of over 14,000 compromised systems used to spread malware. The botmasters implemented a technique dubbed Fast Flux to make the infrastructure hard to take down.
ASD revealed hacker stole 30GB of sensitive data on Australia’s military capabilities: The Australia’s foreign intelligence agency, the Australian Signals Directorate (ASD), admitted a hacker has stolen over 30 GB of military documents. Stolen data includes details on fighter jets, military aircraft, and naval ships.
DDoS attacks cause train delays across Sweden: The first attack hit the Sweden Transport Administration (Trafikverket) on Wednesday. According to local press, the attack brought down the IT system that manages train orders. The agency had to stop or delay trains during the attack.
Unpatched exploit lets you clone key fobs and open Subarus: Tom Wimmenhove, a Dutch electronics designer, has discovered a flaw in the key fob system used by several Subaru models; a vulnerability the vendor has not patched which could be abused to hijack cars. The issue is that key fobs for some Subaru cars use sequential codes for locking and unlocking the vehicle, and other operations.
New Facebook scam in the wild: If you receive a message from any of your Facebook Friends asking for urgent help to recover their Facebook account, since they've added you as one of their 'Trusted Contacts'—just don’t blindly believe it. https://www.accessnow.org/public-security-alert-new-facebook-attack/
Accenture leaks data in public Amazon S3 bucket: Another Tech giant has fallen victim of an embarrassing data leak, this time the leading global professional services company Accenture exposed its business data in a public Amazon S3 bucket. The incident exposed internal Accenture private keys, secret API data, and other information, a gift for attackers that want to target the firm or its clients. http://securityaffairs.co/wordpress/64150/data-breach/accenture-data-leak.html