Salted Hash Rehashed: The weekly news recap for May 20, 2016

Welcome to this week’s edition of Rehashed, your weekly recap of news and other items of note. We’re going to start running these on Friday, mostly because it’s easier to produce this way.

This week, a trusted contact Phished me, there were issues with Pornhub, and once again LinkedIn users need to reset their passwords.

Before we start this week’s recap, let’s answer a question that came in on Twitter. Namely, how do I determine what goes into Rehashed?

The truth, it’s completely random. I look for interesting things or news items on the Web and I include them. Sometimes the source is all CSO, but I’ve no issues with adding things from any other news agency if they hold water.

PR agency sends Phishing email to journalism contacts

This was an interesting week, because for the first time in more than 10 years of journalism, I was Phished by a PR agency. The full story explains everything.

The TL;DR is that the PR agent fell for a Phishing scam, and the attackers used the stolen credentials to email the same scam to everyone in their address book. The kicker, the agent got the original Phishing email twice, from two different journalists.

Really, what this incident did was remind me that some jobs are more vulnerable to social-based attacks than others are. Journalism, HR, PR, recruiting, and sales positions are vulnerable to Phishing schemes, even sloppy ones.

Hacker claims to have shelled Pornhub, adult entertainment giant calls it a hoax

A hacker claimed to have uploaded a shell script to Pornhub. They were offering to sell shell or command injection access to the website for $1,000, and later claimed that three people took them up on that offer. The claim came with screenshots showing the shell in action. Twenty-four hours later, Pornhub said the incident was a hoax, but wouldn’t confirm if they paid the hacker for his assistance.

TeslaCrypt creators leave the game, release master decryption key

The creators of TeslaCrypt have stopped developing that family of Ransomware, offering an apology and the master decryption key to the public. Security firms and researchers wasted no time in developing a tool to assist TeslaCrypt victims decrypt their files.

LinkedIn issues password reset emails after 100 million+ accounts go up for sale

A hacker who goes by the name Peace is offering a list of 167 million LinkedIn accounts, which was obtained after the professional social network was compromised in 2012.

On Thursday, less than a day after word of the list hit the news, LinkedIn issued password reset emails to users, warning them of potential problems associated with the list.

While most people changed their password after the 2012 incident, the fear is centered on those who didn’t or those who used an easily guessed variation on their previously exposed password.

Symantec patches critical flaw

Symantec patched a flaw this week that could be triggered by simply sending an email with a malicious attachment. If exploited, an attacker would be able to completely compromise the victim’s system.

“On Windows, this results in kernel memory corruption, as the scan engine is loaded into the kernel, making this a remote ring0 memory corruption vulnerability — this is about as bad as it can possibly get,” said Tavis Ormandy, the researcher who discovered the flaw.

Skimmer malware puts physical ATM skimmers to shame

Researchers as Kaspersky have discovered a new version of Skimmer, a family of malware designed to target ATMs running on the Windows platform. The latest developments help the malware avoid detection. As mentioned in the story, Skimmer can record payment cards details after they’re inserted into the ATM, and it can force infected ATMs to dispense cash.

Other items of note:

• CSO’s Taylor Armerding went to SOURCE Boston this week and discovered that it isn’t the name of the threat, but how it behaves that will help defenders stop it

• PhishLabs discussed the techniques criminals are using to obfuscate the data they’re stealing with Phishing kits, and how to circumvent their protective layers.

As always, if you come across a blog post or news item next week, or perhaps just something amusing, and you it should be added to Rehashed, email me a link. General corporate news and product-based items are the only exemptions.

There’s no Rehashed next week, due to the holiday. So if you’re in the U.S. (and even if you’re not), have a safe Memorial Day weekend. See you in June!