Welcome back to ‘This Week in Getting Hacked’—the world’s greatest cybersecurity-related link dump! Each week, we bring you the best news stories from the cybersecurity field, letting you know who’s getting hacked, who’s hacking, what data is leaking, and about what you should take with caution. So strap in, change your password, and let’s find out who’s getting hacked this week!
On to the links…
OOOOOOoooooo boy—this one’s stupid. Remember the fake emergency broadcast that when out to all Hawaiians warning them of a ballistic missile and telling them it’s not a test when in reality there was no missile and everyone freaked out for no reason?
Well, we’re not saying this is the password, just that in this picture taken in July of 2017 from inside Hawaii’s Emergency Management Agency has a password written down on a sticky note.
A sticky note.
Why, Hawaii, why!? Hawaii claims the alert was sent because, “an employee pushed the wrong button,” but, come on. How much faith can you have in their cybersecurity when something like a sticky note taped (look, it’s taped even though it’s a sticky note) to a computer screen is how they manage their passwords.
Man, we could keep going on just this story alone, but we should move on to less infuriating cybersecurity stories like….
Just when you thought your iPhone battery was your biggest Apple problem, meet OSC/MaMi malware! It’s a nasty bit of malware which targets Macs and is designed to steal personal information.
Oh, and your current anti-virus will do no good against it. Here’s a quote from ex-NSA hackerman Patrick Wardle:
OSX/MaMi isn’t particular advanced – but does alter infected systems in rather nasty and persistent ways. By installing a new root certifcate and hijacking the DNS servers, the attackers can perform a variety of nefarious actions such as man-in-the-middle’ing traffic (perhaps to steal credentials, or inject ads)
To check your system, go to the System Preferences app to check your DNS settings and see if they’ve been changed to 184.108.40.206 and 220.127.116.11.
OnePlus claims that 40,000 people have been victim of a credit card hack. The attack was accomplished via a malicious script injected into the OnePlus.net payment page code which allowed the hackers to see credit card information and other personal details.
OnePlus sent a letter to their customers on the 19th of January to warn them of the attack and they say they are conducting a security audit.
Well, that’s it for this week. Don’t leave your passwords on sticky notes and while you’re at it, you better go ahead and change them real quick.