My TechDecisions

Network Security

Who Got Hacked This Week? Nov. 25 Edition

Who and what was hacked this week, November 25th, 2016? Read on to find out.

1 Comment

Who Got Hacked

Note: Each week we bring you the latest hacking news on the internet. Read on to find out who and what was hacked this week.

 

6 Million Three Mobile Customers’ Personal Data at Risk

One of Britain’s largest mobile phone companies was recently victim of an attack that used an employee login to access its customer upgrade database.

Data accessed includes names, phone numbers, addresses and date of birth, but it is not believed that financial data has been compromised.

Three Mobile is working with authorities to catch the criminals. So far three people have been arrested, but little is known about their involvement. Three Mobile believes that the hackers were accessing the upgrade database, upgrading phones, and intercepting them, possibly in order to then sell them.

 

412 Million Adult Friend Finder and Affiliate Accounts Exposed

Adult Friend Finder, a website that lets users connect in order to “find sex” according to the site, suffered another massive data breach this month. This comes after last year’s data breach on the same site.

Over 300 Million Adult Friend Finder accounts were exposed in the breach, and over 100 million more accounts from its corporate holdings were exposed. The exposed accounts represent over 20 years of customer data, including deleted accounts.

It has been revealed that Friend Finder Network did not properly encrypt user data.

 

New Hack Lets You Bypass iPhone Passcode to Access Photos and Messages

A security flaw in iOS allows anyone to bypass an iPhone’s passcode using Siri. It doesn’t matter whether or not you have Touch ID enabled. The bypass lets someone check your photos and messages. There is a way to protect against it, however. From HackerNews:

Until Apple fixes this issue, iOS users can protect themselves by disabling Siri on the lock screen, though it will cripple your iOS 10 experience.

To do so, Go to the Settings → Touch ID & Passcode and Disable Siri on the Lockscreen by toggling the switch to disable.

Once disabled, you will only be able to use Siri after you have unlocked your iOS device using the passcode or your fingerprint.

Alternatively, you can just remove Photos access from Siri. To do so, just go to Settings → Privacy → Photos and then prevent Siri from accessing pictures.

 

ATM Hackers Use Malware to Steal from European ATMs

ATM hacking is nothing new, but recently a string of ATM hacks have occurred throughout Europe.

The hacking uses a malware to spit money out of ATMs at a certain point in time. The criminal must be physically at the ATM when the malware strikes in order to collect the cash. Because of this, hacks have been small and scattered.

ATMs in Armenia, Bulgaria, Estonia, Georgia, Belarus, Kyrgyzstan, Moldova, Spain, Poland, the Netherlands, Romania, the United Kingdom, Russia, and Malaysia have been attacked.

It is believed that criminal group Cobalt is behind the hacks, using a malicious software developed by the Russion ATM gang Buhtrap.

 

$5 Device Can Hack Your Computer in One Minute

Hardware hacker Samy Kamkar has devised an exploit tool that can install a privacy-invading backdoor into computers that are locked.

Called PoisonTap, the exploit runs software on a $5 Raspberry pi Zero microcomputer attached to a USB adapter. Once plugged in, the device impersonated an Ethernet connection, prioritizes its network connection, intercepts unencrypted web traffic and steals HTTP authentication cookies used to log into private accounts and sessions from the victim’s browser. It then sends that data to a server controlled by the attacker.

All it takes is for a web browser to be open in the background. Once accessed, the attacker can remotely control the computer.

 

Facebook Messages Could Hold Locky Ransomware

Spammers have been using Facebook Message to spread ransomware.

If you get a Facebook message from a friend with an image file in the .SVG file format, don’t open it. A spam campaign is spreading a malware downloader called Nemucod using .SVG files.

The malware will push you to a fake site made to look like YouTube, then a pop up will prompt you to download an extension. Definitely don’t download the extension, but best to not click on the file at all.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Reader Interactions

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Latest Downloads

Practical Design Guide for Office Spaces
Practical Design Guide for Office Spaces

Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-fa...

New Camera Can Transform Your Live Production Workflow
New Camera System Can Transform Your Live Production Workflow

Sony's HXC-FZ90 studio camera system combines flexibility and exceptional image quality with entry-level pricing.

Creating Great User Experience and Ultimate Flexibility with Clickshare

Working and collaborating in any office environment today should be meaningful, as workers today go to office for very specific reasons. When desig...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ