A massive memory leak which has been linked to a tiny bug in Cloudflare’s code may have exposed user data, including passwords, personal information, messages, cookies, and more for thousands of sites. Time to change your passwords, this vulnerability is pretty scary.
Last week we found out that Yahoo had a data breach of over 1 billion of it’s email accounts to hackers that the company only released news of after Verizon planned on buying the company. This week, reports have been released that Yahoo might have provided your personal information to the NSA or FBI without your permission.
Adblock Plus is launching a new service where it allows paid ads through the blocker and the internet is not happy. Instead of blocking all ads, the company has started an ad marketplace to sell those spaces to acceptable ads. We can’t fret too much here at cat.man.du however, because since all ads are monitored and all malicious pop up ads are still blocked, you stay safe (even if it’s a little annoying).
The occurrence of phishing emails rose 789% in the first quarter of 2016, according to a new report by PhishMe. To learn more about what phishing emails are and the profound affect they can have on businesses, check out this blog. In it, we give our tips for proactively combating phishing scams and one of those tips is to make sure that employees can easily understand what a phishing email looks like. When they are sitting in front of their computer, combing through their inbox, they need to be alerted of fishy activity. The only way for them to understand is to education them. The chart below explains what a malicious email might look like or contain.
The biggest news in security this week is surprisingly several years old. Recently, the stolen login credentials and passwords for 360 million Myspace users, 65 million Tumblr users, and 40 million Fling users has been put up for sale on the dark web by a hacker named “Peace”, the same individual who is selling 167 million LinkedIn users’ data, according to Fortune.
We all know the story: hospital gets hacked, their files are encrypted, they must pay a ransom to get the files back, so they pay the ransom, and everything turns out alright (except for the loss of thousands of dollars). Well, everything didn’t turn out alright for one hospital in Wichita, Kansas. Despite paying the required ransom, the hackers did not decrypt Kansas Heart Hospital’s files. Instead, they only got partial access to files and the hackers asked for more money, according to Extreme Tech.
2016 has already been called “The Year of Ransomware” by many IT security professionals. The FBI’s Internet Crime Complaint Center has released their annual survey of cybercrime. They found that the 2,453 ransomware complaints they received last year cost individuals and businesses $1.6 million - and this is only reported instances. Thousands of ransomware attacks go unreported each year.
In 2012, 6.5 million login credentials were stolen for LinkedIn accounts and leaked online. However, the data breach was found to be much worse than originally thought when a hacker named “Peace” decided to sell the credentials of 117 million LinkedIn users for $2,200 on the dark web. Peace told tech site Motherboard that the credentials were stolen during the 2012 breach.
Last week we reported about a new type of ransomware affecting businesses and individuals. It’s called Petya and unlike ordinary ransomware, it has the ability to encrypt an entire hard drive - not just individual files - making a victim’s computer unusable until a ransom is paid. However, Petya had a flaw. In order for Petya to take control of a hard drive, it had to be granted access administrative privileges. If the victim does not allow access, the installation of Petya is cancelled and the files are not encrypted.
Here’s another reason to be careful of what you click online. There’s a new Facebook scam circulating around the world’s largest social network and thousands of people have fallen for it.