Weekly Tech Roundup — March 20
Don’t get left in the dust — new innovations in the technical sphere could leave your data more vulnerable than before. Whether it’s because of third-party access to your accounts, outdated operating systems, or lax data storage, your information is just waiting to be hacked or leaked. Do you know what’s in store for your data? Find out in the stories below.
33 million affected by information leak
Personal information from more than 33 million people in US-based organizations and governmental institutions has been leaked, Help Net Security reports.
The data released includes first and last names, job titles, functions, email, phone numbers, employer information and company contact details. Some of the affected organizations include the Department of Defense, the US Postal Service, AT&T, Wal-Mart, Citigroup, Ohio State University, FedEx, Boeing, and more.
This leak originated from NetProspex — a service provided by Dun and Bradstreet.
“In terms of where this data specifically came from, D&B don’t believe it was directly from one of their systems and with thousands of customers purchasing this information, we may well never know who lost it,” said researcher Troy Hunt.
Dun and Bradstreet sells this data to its customers, who then sell it to their customers so it’s hard to say if it was taken directly from their servers, or was leaked somewhere down the chain. What’s most likely is that this data was leaked by accident, those who bought the data storing it without a secure data protection solution.
While the data leaked isn’t necessarily secret or compromising information, this leak makes it easier for fraudsters to use it to their advantage going forward—putting your digital life in jeopardy. Leaks like this increase the necessity for data protection and internet safety. Be careful where you put your personal information, and make sure you’re keeping the data on your own devices safely backed up.
Competition among ransomware creators rising
A new ransomware family is stealing features from its competitors.
PetrWrap is the name of this new ransomware variant, and it’s been caught copying specific features from Petya, according to Dark Reading. The new malware modifies the original ransomware script as it executes so that the original creators can’t take control of it.
"The modification and repurposing of malware code is not a new phenomenon; exploit kits are often created and sold on the Dark Web. However, the blatant hijacking of another author's ransomware and replacing function calls to make it seem like a new ransomware version altogether has not been a common trend for ransomware,” said Bishop Fox security analyst Gerben Kleijn.
Petya was first spotted nearly a year ago, and it has gotten increasingly advanced—its creators focused not only on making sure their victims are forced to pay ransom, but also that their malware can’t be stolen and used by others.
Experts believe this is the beginning of a trend of cybercriminals targeting and stealing from one another. The hopeful outlook is that this could mean the decline of ransomware, as hackers turn their focus to tearing each other down. More likely, however, is that it could lead to more precise and focused attacks on enterprises.
In order to defend against these increasingly devious ransomware attacks, businesses can implement backup and endpoint protection technologies like Acronis Active Protection.
Danish shipping company using blockchain to track cargo
Blockchain is being put to use by the world’s largest shipping company.
Maersk, the Danish shopping giant, has completed its first blockchain trial, Coin Desk reports. The trial used IBM’s Fabric blockchain to ship goods across the globe. The goods were shipped from Schneider Electric, a French energy management and automation company, to Newark, New Jersey. The shipment took two weeks.
During this test, only Maersk and IBM were able to see this process, but they believe that going forward, each company will manage it own “nodes” and be afforded that same transparency and safety with customized credentials.
The experiment began as a way to cut costs and minimize paperwork, and its success makes it likely that the use of blockchain in the supply chain will continue to evolve.
The integration of blockchain is also expected to decrease fraud, increase efficiency, cut costs, and quicken the supply chain process.
Even with this success, the fate of blockchain is still uncertain. It is likely, however, that this trial will lead other companies down the same blockchain path.
Microsoft terminating Windows Vista OS Support
Starting on April 11, 2017, Microsoft will no longer offer support for Windows Vista, the company said in a statement.
This means that Windows Vista users will lose access to new security updates, bug fixes, support options, and technical content updates. The news comes after 10 years of supporting the operating system.
Users who continue using Windows Vista after the support has ended will still be able to use the OS, but it will quickly becomes increasingly vulnerable to malware and viruses. On top of this, Internet Explorer 9 is no longer supported and PCs will become even more vulnerable if using this browser. Another thing users should consider is that as apps continue to be created, more and more will become incompatible with Windows Vista.
Microsoft Security Essentials is losing support as well. Users will continue to receive updates for a short period of time, and then this too will become ineffective.
Microsoft is urging people to upgrade to Windows 10 to ensure their data and their systems are protected to the highest degree.
Before upgrading your PC to Windows 10, make sure your data is safe. Back up your data so that you don’t lose valuable information in the migration to the new OS.
Third party app used to hack prominent Twitter accounts
Hundreds of Twitter accounts were targeted last week after a third party app was hacked.
The app, Twitter Counter, analyzes Twitter followers, and hackers used this to their advantage, according to Gizmodo. As the app requests posting rights, these hackers were able to hack into accounts and tweet.
Some of the affected accounts include Forbes, Duke University, and Nike Spain—the hackers hijacking these accounts and posting Nazi references and swastikas. They also made reference to April 16th which is when Turkey will hold a referendum to decide if President Erdogan will be granted more power.
The tweets were written in Turkish, including phrases like “Nazi Germany” and "Nazi Holland”—an obvious reference to the elections in the Netherlands and rising tensions with Turkey. Many of the affected accounts have regained access, but there are some that still have residual hacked content.
Twitter Counter, the app used by these hackers, is aware of the hack and is taking measures to correct it.
“We’re aware that our service was hacked and have started an investigation into the matter. We’ve already taken measures to contain such abuse,” they said in a statement.