The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
WannaCry Ransomware Tackles Globe
In the past week, organizations in over 150 different countries have been dealing with the WannaCry ransomware that spread like wildfire across at least 150,000 individual endpoint devices. By propagating like a worm, the infection was able to spread quickly, exploiting a largely unpatched vulnerability in several Windows operating systems. While a patch for un-updated systems has been publicly available since March, many organizations have struggled to roll it out to their endpoints, or can’t do so without rendering their proprietary software unusable.
Restaurant Listing Service Zamato Hacked
Researchers have discovered a Dark Web vendor with a listing for 17 million Zamato user accounts, along with samples of the data to prove its legitimacy. In response to the hack, Zamato has issued a forced password reset for all affected users, and strongly recommends a password change for the remaining users as added precaution. Fortunately, no credit card information was compromised, as it is stored in an alternate location.
Pirates Pirate “Pirates”
As the official release of the new Pirates of the Caribbean movie looms ever closer, hackers have threatened to leak five minutes of a stolen, unreleased film, followed by 20-minute chunks if Disney doesn’t pay their Bitcoin ransom demand. (It’s unclear if the stolen movie is truly the new PotC, but that’s the rumor.) Piracy is hardly new in the film industry, and a case much like this one happened last month with Netflix and episodes from the upcoming season of Orange Is the New Black. From the sound of it, most production companies agree that a few leaks to dodgy download sites so close to release aren’t significant enough to consider paying up.
Dangerous Flaw Found in the Google Chrome Browser
A recently discovered flaw in Google Chrome has allowed researchers to download a malicious shell command file to a user’s computer, which then executes when the user opens the folder where the file was saved. Upon execution, the file retrieves the user’s login credentials for accessing other network drives or local files. Fortunately, Google is aware of the issue and is working to resolve the vulnerability.
Bell Canada User Data Leaked
In their public statement earlier this week, Bell Canada revealed that a large number of users’ email addresses had been compromised, along with several thousand names and phone numbers. The breach is currently under investigation, and all affected users have been notified to be on the lookout for resulting email phishing scams.