Friday, October 2, 2015

A scary Friday

This is a frightening… Friday. The arrival of the weekend will suppose more than a disgust to many companies. Today we focus on data theft, but also this Friday we’re worried about an undetectable ransomware, XSS vulnerabilities in Wordpress and even an one minute ephemeral glory for someone who bought the domain of in a mistake of the great G. A day more than “complete” to delight the fans of security.

A horrible new for T-Mobile when they have the confirmation of a data robbery which affects more than 15 millions of clients. The confirmation was made by the company Experian, the victim and one of the outsource companies which makes the data management of their clients. Although there's no risk about the financial data, the hackers stole names, addresses, birth dates, ID numbers and social security numbers. A jewel to prepare more sophisticated attacks with this information.

Another terrible new concerns Patreon, a crowdfunding site whose mission is helping artists to find finantiation for their proyects. His CEO and co-founder, Jack Conte, has confirmed that his site has been hacked; although he guarantees no financial risk, because it's an encrypted data with RSA passwords of 2048 bits. Besides, in a public post he confirms that they have successfully blocked the unauthorized access taking the necessary steps for future incidents.

But among all the horrible news... What could be worse than discovering that your Google credentials have been stolen, where everybody (even the people who don’t believe it) has a big part in their lives? Well, the Panda Security company has just reported a very sophisticated attack which follows the most classic manuals of phishing but with a great finish, and this supposes a good scare for the careless users. The most part... in Google users, or in any other platform or provider of online services.

We can have future scares with all the devices connected to our daily life. The security guru Pierluigi Paganini tell us the story of a malware (“vigilant” or Wifatch) which infected thousands (at least 5 numbers: tens of thousands), with a curiosity: the creator doesn’t use yet this infection for any illegal activity. Entretaiment? Challenge? Strategy for a future big attack?

Even in the apparently most innocent attacks, our capability of safe about our personal data from cybercrime is at stake. Remember that you are the weakest link of the chain, and you’ll always be on the spotlight. Have a good weekend.


Post a Comment