A roundup of last week's security news from December 31, 2018 to January 6, 2019, including fresh breaches in the New Year, mobile malware, GandCrab, and how we remembered 2018.
Last week on Labs, we looked back at 2018 as the year of data breaches, homed in on pre-installed malware on mobile devices, and profiled a malicious duo, Vidar and GandCrab.
Other cybersecurity news
- 2019's first data breach: It took less than 24 hours. An unauthorized third-party downloaded 30,000 details of Australian public servants in Victoria. It was believed that a government employee was phished prior to the breach. (Source: CBR Online)
- Dark Overlord hackers release alleged 9/11 lawsuit documents. The hacker group known as The Dark Overlord (TDO) targeted law firms and banks related to the 9/11 attack. TDO has a history of releasing stolen information after receiving payment for its extortions. (Source: Sophos' Naked Security Blog)
- Data of 2.4 million Blur password manager users left exposed online. 2.4 million users of the password manager, Blur, were affected by a data breach that happened in mid-December of last year and publicly revealed on New Year's Eve. No passwords stored in the managers were exposed. (Source: ZDNet)
- Hacker leaked data on Angela Merkel and hundreds of German lawmakers. A hacker leaked sensitive information, which includes email addresses and phone numbers, of Angela Merkel, senior German lawmakers, and other political figures on Twitter. The account was suspended following this incident. (Source: TechCrunch)
- Hackers seize dormant Twitter accounts to push terrorist propaganda. Dormant Twitter accounts are being hacked and used to further push terrorist propaganda via the platform. It's easy for these hackers to guess the email addresses of these accounts since Twitter, by default, reveals partly-concealed addresses which clue them in. (Source: Engadget)
- MobSTSPY spyware weaseled its way into Google Play. Another spyware app made its way into Google Play and onto the mobile devices of thousands of users. The malware steals SMS messages, call logs, contact lists, and other files. (Source: SC Magazine UK)
- Apple phone phishing scams getting better. A new phone-based scam targeting iPhone users was perceived to likely fool many because the scammer's fake call is lumped together with a record of legitimate calls from Apple Support. (Source: KrebsOnSecurity)
- Staying relevant in an increasingly cyber world. Small- to medium-sized businesses may not have the upper hand when it comes to hiring people with talent in cybersecurity, but this shouldn't be an organization's main focus. Dr. Kevin Harris, program director of cybersecurity for the American Military University, advised that employers must focus on giving all their employees "cyber skills." (Source: Federal News Network)
- Adobe issues emergency patch following December miss. Adobe released an out-of-band patch to address critical vulnerabilities in Acrobat and Reader. (Source: Dark Reading)
Stay safe, everyone!