Welcome back to ‘This Week in Getting Hacked’—the world’s greatest cybersecurity-related link dump! Each week, we bring you the best news stories from the cybersecurity field, letting you know who’s getting hacked, who’s hacking, what data is leaking, and about what you should take with caution. So strap in, change your password, and let’s find out who’s getting hacked this week!
On to the links…
If you’re like many people, myself included, forced into using Skype, well, you can get hacked. The app I complain about the most is in headlines this week for a “nasty” security bug that allows low-level access to every corner of your operating system.
Skype’s updater client can allow attackers to infiltrate and access a user’s operating system. Here’s the kicker, Microsoft says they won’t immediately fix the bug because they would basically have to re-write Skype from the ground up (oh, no, because it works so well…).
So, until they fix it, every time the Skype updater runs to keep your software running at the levels of stink expected from the app, more and more malware gets put on your system. Yay! Hopefully Microsoft can just open up the API just a little bit so other, better, messaging apps can give you your Skype messages.
Until then, I’ll go back to using an app for business that barely notifies me I have messages.
Facebook, always thinking about your security, is imploring you to download a security app that’s literally just malware. That’s right—download Facebook’s Onavo Protect, a secure wireless networking app, and Facebook will then be able to track EVERYTHING you do on your phone.
Like they don’t know enough about you already, this is just a fancy (and perhaps misleading) way for the social-media giant to wriggle their way into collecting more data on you.
Just remember, typically when an app is free—YOU’RE the product, not the consumer. Now, I’m going to go back under my new Facebook VPN and try to get some work done in peace. Excuse me.
In one of the easiest “hacks” of all time, an unsecured Amazon server revealed over 119,000 Passports and Photo IDs of FedEx employees. The publicly accessible Amazon S3 server had IDs from all over the world and as of now there’s no indication that the information has been used maliciously.
Head of communications for Kromtech Security Center, Bob Diachenko, said on the matter:
“This case highlights just how important it is to audit digital assets when a company acquires another and to ensure that customer data is secured and properly stored before, during, and after the sale,” Kromtech said in a statement. “During the integration or migration phase is usually the best time to identify any security and data privacy risks.”
You know we couldn’t do one of these without talking about cryptocurrency these days: Hackers are using Government Websites to mine bitcoin. Thousands of .gov sites have been hacked in a cryptojacking scheme using malware called Coinhive.
Coinhive sits in a website’s code and infects visitor’s machines to use for the mining of cryptocurrency.
When are we going to learn?
That’s all for this week. Change your passwords folks.