A lot happens in the security world and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.
TeslaCrypt Closing It’s Doors
Here’s a bit of good ransomware news, for once. This week, it was brought to the attention of the security world that TeslaCrypt, one of the largest ransomware creators/distributors, was shutting down their operation for good. Researchers from ESET contacted TeslaCrypt via their support chat function and requested the master decryption key, which was provided freely, along with an instruction guide on how to use it.
https://www.helpnetsecurity.com/2016/05/19/end-of-teslacrypt/
New World Hackers Group Continues With University Hack
The New World Hackers (NWH), a hacktivist group participating in the OpAfrica Anonymous campaign, have targeted Limpopo University in South Africa in response to the ongoing human rights violations that are occurring in the country. Along with replacing the university’s main webpage, the group was able to gain access to both alumni and faculty personal information, which was then released publicly online.
http://news.softpedia.com/news/anonymous-leaks-data-from-south-african-university-504081.shtml
LinkedIn User Data On Sale
Recently, it was reported that the user account information of nearly 167 million LinkedIn users was available on the dark web 5 bitcoins, a small price. The leaked data likely comes from the 2012 hack of LinkedIn, in which over 6 million user accounts were made available, and resulting in hackers working to successfully crack a majority of the hashed passwords. While this breach doesn’t affect all of LinkedIn’s customers, it is advisable that all users change their passwords to avoid any potential future attacks on personal accounts.
Apple Pushes Out High Volume of Security Updates
This week, Apple started sending out security updates for all platform versions of its operating systems, with iOS alone receiving 39 different patches. These updates come just months after Apple participated in Pwn2Own, a hacking event focused on finding security vulnerabilities in the products of several industry leaders. Many of the patches are around the ways Apple product users view web content, with the goal being to keep them safe from any malicious attachments or redirects that may be lurking around.
http://www.eweek.com/security/apple-makes-security-improvements-to-ios-and-os-x.html
Germany Blames Russia for Cyber Attacks
German intelligence officials are pointing their fingers at Russia in regards to attacks dating back to 2015 on the German parliament, as well as the the more recent attacks on Chancellor Angela Merkel. In the past year, attacks originating in Russia have become increasingly common and have a wide spread of targets, including Ukraine’s power grid, TV stations in France, and computer system in the Netherlands. While it’s impossible to know for sure, many of the victims believe it to be the work of the Russian government rather than individual hackers.
http://www.securityweek.com/evidence-russia-behind-cyber-attacks-germany-secret-service?
Hacker Selling Pornhub Shell Access was a False Claim
In the past week, a hacker claimed to be selling shell access to Pornhub’s site, though this information later proved to be false. When contacted by Pornhub in regards to the vulnerability, the hacker was unable to provide any evidence of his capability to gain access or execute any injected code on the site. Pornhub has an ongoing bug bounty program, which will pay out up to $25,000 USD for the discovery of vulnerabilities on their sites.
