Salted Hashed Rehashed: The weekly news recap for June 24, 2016

Today's recap is overshadowed by the Brexit meltdown.

Calendars and keys

Welcome to the weekly recap of news and other interesting items. Today's Rehashed is somewhat overshadowed by the Brexit meltdown in the United Kingdom. There were plenty of things happening in the security world this week, but the fallout from EU referendum is sure to dominate headlines for the rest of the month.

This week's recap will cover LinkedIn, YouTube defacements, Blizzard's authentication problems, banking malware, government contracts, Ransomware, and the fact that FBI doesn't need a warrant to hack you.

FBI doesn't need a warrant to hack your computer

A U.S. court in Virginia has ruled that the FBI can hack into a suspect's computer without a warrant, which stirred privacy advocates for obvious reasons. The case where the ruling was logged is a child pornography case. However, it's unlikely the ruling will hold up in appeal.

Comodo trying to commandeer Let's Encrypt's brand

Let's Encrypt, the organization stated by the Internet Security Research Group, and has helped millions of websites implement SSL protections is having to deal with a trademark problem.

In a blog post, Let's Encrypt revealed this week that Comodo was attempting to register trademarks with their Let's Encrypt brand. In their defense, Comodo's CEO justified their actions and bandwagon jumping by attempting to spin the conversation towards letting the courts deal with the situation, and accusing Let's Encrypt of stealing his company's business model.

Update: Late in the afternoon on Friday, a Comodo staffer posted to the company forums that they've resolved the dispute with Let's Encrypt.

"Comodo has filed for express abandonment of the trademark applications at this time instead of waiting and allowing them to lapse. Following collaboration between Let's Encrypt and Comodo, the trademark issue is now resolved and behind us and we'd like to thank the Let's Encrypt team for helping to bring it to a resolution." - Robin Alden, Comodo Staff

More voter records leaked

154 million people had personal information exposed, after a voter database was left exposed to the public. The database was discovered by Chris Vickery, a researcher with MacKeeper who has discovered similar records, including the two voter databases covered here on Salted Hash. The database contained data on a voter's stance with a number of topics, including abortion, gun ownership, marriage equality, and voting habits.

Ransomware infections are on the rise

Research from Kaspersky Labs shows that they number of Ransomware infections globally is climbing. According to their figures, 2.3 million users encountered ransomware between April 2015 and March, and thirteen percent of them were corporate users.

LinkedIn blamed for multiple secondary compromises

Remember that LinkedIn data breach a few years ago? When the full list of compromised accounts dropped recently, criminals didn't hesitate to use them in order to target organizations in a number of markets. Multiple industry sources have shared details on upwards of thirty instances where an organization has been compromised and sensitive information exfiltrated by the attackers.

The common thread in each case is the LinkedIn list, generic password policies, a lack of two-factor authentication, and remote access software from services such as GoToMyPC, LogMeIn, and TeamViewer.

Clearly, security professionals can spot the problem here, but the question is – how do you fix it?

YouTube fame comes with privacy risks

CSO's Editor-in-Chief, Joan Goodchild, went to VidCon this week. From her report:

"It seems a new YouTube star is born every day lately with thousands now making money and pursuing full-time careers in online video. But the popularity that comes with millions of viewers is not without its privacy challenges."

Other items of note:

AWS, Microsoft win government contracts

  • Three vendors, AWS GovCloud, Microsoft's Azure GovCloud, and CSRA's ARC-P IaaS, have won a key U.S. government authorization that allows federal agencies to put highly sensitive data on their cloud-computing services.

GozNym Trojan targeting U.S. banks

Blizzard authentication servers fall offline

That's all for this week. Have a great weekend!

Remember, if you have thoughts on something that should be added to Rehashed, email me and let me know. Such additions can include links to news items, blog posts, code samples, cool scripts, etc.

Copyright © 2016 IDG Communications, Inc.

Microsoft's very bad year for security: A timeline