A Busy Week for Cybersecurity
Over the past week, we’ve seen several stories about hackers, breaches and threats to your cybersecurity. We want to bring you the most current information so you can stay informed and safe.
The following incidents have all been brought to our attention or made public within the past two weeks.
BlueBorne Attack
A new attack was recently discovered by a research lab, Armis Labs, that could affect mobile, desktop and Internet of Things (IoT) devices. The researchers discovered a vulnerability in devices that could allow hackers to take control of a device and access private and corporate data. The attack uses the Bluetooth technology that many electronic devices have enabled. Because Bluetooth devices can be synced from larger distances, the attacks can also spread to devices that are not physically connected to the same network.
Here is a video from Armis explaining the attack:
It is important to note that Armis has been in contact with all of the major companies associated with the affected mobile and desktop operating systems. These companies have since created patches and updates to their software that should help protect against the issue. When in doubt, keep your Bluetooth turned off. This will keep your device secure and save battery power. Read more at the Armis website.
Hidden Malware in CCleaner
CCleaner, a reputable software used to organize and delete unnecessary files on your computer was compromised by hackers. Hackers were able to insert malware into the licensed software that would infect users machines. Avast, the maker of CCleaner says that the tainted version of the software had been installed 2.27 million times.
The infected version of the software was available and distributed for over a week. However, the company was quick to act and was able to send out an update to the software that disabled the malware from taking effect. Avast is reassuring their users that although it was a serious incident, there is no serious threat at this time.
We highlighted this news on our recent episode of Between the Bytes during our Frontline news section. Check it out.
Updates & Warnings From the Equifax Breach
You likely heard about the recent breach of the credit monitoring firm Equifax. Over 143 million users were compromised. This meant that social security numbers, birthdates and addresses were stolen from millions of people.
As if it couldn’t get any worse, the company is now saying they suspect that their network was hacked as early as March. They are unsure if any data was stolen at that time but clearly this was an early red flag. The US justice department has also opened a criminal investigation related to the selling of company stocks during this time frame.
Equifax Scam Warning
We wanted to specifically warn you about scams and threats that we’ve seen come about because of this breach. Criminals will try to use phishing scams and other tactics to lure people into subscribing to fake credit monitoring or data security. Be very wary of unfamiliar emails, posts and links related to this breach. Equifax has established a site where you can sign up for free credit monitoring. Please be careful as criminals may try to pattern fake sites to look like the Equifax site. Visit the Equifax site directly and then go to their dedicated page to take these steps.
White Hat Hackers Break Two-Factor Authentication
Researchers were recently able to use two-factor authentication as a way to gain access to a person’s bitcoin account. Two-factor authentication is meant to be an added security measure for account access. It is often created by sending a second message to a cell phone to confirm someone’s identity when they try to access or reset an account. This is not the only form of authentication, but it is the most commonly used and easy to set up. In this case, it was also the easiest to exploit.
With only the first and last name of a user and their mobile phone number, researchers were able to gain access to their gmail account and then reset the password to their bitcoin wallet and gain access. The research group from Positive Technologies was able to use a vulnerability in the cellular network itself to intercept incoming text messages. This allowed them to get the code necessary to learn someone’s full email address and change the password.
While two-factor authentication can still be a good security measure, it’s not perfect. Users can disable this feature in their Google accounts by changing their privacy settings.
Digital threats and cyber attacks are only increasing. Stay informed and protected by subscribing to our newsletter and get breaking news about digital attacks, cybersecurity, tech trends and business tips.
