Security Briefing – 12.19.2017
A robbery at gunpoint last month involved getting the password for a cryptocurrency wallet, according to the Manhatten DA’s office. A man with a gun demanded a 24-word passphrase from the victim at gunpoint and later broke into their apartment and stole $1,800,000 in Ether coins with the passphrase from the cryptocurrency wallet.
Once again, the top two worst and most popular passwords of the year were “123456” and “Password.” But one of the newest most commonly found compromised passwords this year was “starwars” at #16.
The Trump administration has publicly blamed North Korea for unleashing the so-called WannaCry cyberattack that crippled hospitals, banks and other companies across the globe earlier this year.
There were nearly 7.2 million complaints about violations to the U.S. “Do Not Call” registry this year, a big surge from the more than 5.3 million complaints in 2016. The figure is almost double the nearly 3.6 million complaints in 2015.
The new name for Google’s self-driving car project, Waymo, has sued Uber and is suing self-driving trucking startup Otto over claims of patent infringement. In a Medium post published Thursday afternoon, Waymo accused Anthony Levandowski—a former Google engineer now working for Uber—of having downloaded “over 14,000 highly confidential and proprietary design files for Waymo’s various hardware systems.”
MICROSOFT AND ‘WINDOWS’ WILL NEVER SEEK YOU OUT VIA PHONE CALL FOR TECHNICAL SUPPORT, MUCH IN THE SAME WAY THAT THE IRS DOES NOT CALL PEOPLE DIRECTLY. Microsoft will reach out to you IF you put in a support request and request a phone call, but they will NEVER contact you directly otherwise. Anyone claiming to do this is a scammer.
One of the latest December 2017 updates from Microsoft update a security flaw in Microsoft Word that allows remote code to be ran from inside of Office. Typically, this was used to get data from, for example, a spreadsheet to a word document or email. Well, it can run powershell and command prompts. Keep your systems up to date!
With the rise in cryptocurrency prices, everyone wants a piece. Legitimate website administrators are increasingly using JavaScript-based cryptocurrency miners to monetize by levying the CPU power of your PC to mine Bitcoin or other cryptocurrencies. AND your Android phone! There’s a new Trojan that can physically damage your phone after just two days of mining, Loapi. Loapi failed to make its ways to Google Play Store, so users who stick to downloads from the official app store are not affected by the malware.