Wednesday, December 16, 2015

Blackmails by postal mail against Ashley Madison users

Today we talk about a big data robbery, the robbery on Ashley Madison, an important security failure in Joomla and another one in FireEye.

A security breach it's a big thing. Ask to users of the Ashley Madison web, which suffered the data robbery of thousand clients in summer. Given the sensible nature of the data stolen, which contains data about preferences and sexual contacts, some users have been blackmailed. The last thing are the blackmails by postal mail: they send a letter to their home asking thousand dollars in exchange of not revealing this information..

Danger: Joomla

The majority of these breaches with large data robberies start by security holes like the case we talk about today: Joomla, the system of content management used by million websites, among them Peugeot, Barnes and Noble, eBay or the United Nationshas a serious failure that allows the remote execution of code. To top of that, the failure was 8 years latent. Yesterday a patch and was published and, at the same time, an attack wave started as did the creation of exploits to automate them. Time to patch!

666 Failure 

We finish with another hole, which made some security experts laughing. It's a very important hole in FireEye products, one of the main security companies in the world. The hole, discovered by the Google initiative Project Zero, allows to take the control of the FireEye device and the whole network only sending a mail to an user and without even reading of the email. In the network you can't trust even in your father! (we are now in "Star Wars" mode).


Post a Comment