Unfortunately like every other month, we have an extensive list of hacks, data attacks, security breaches and exposed flaws to report on. A short recap and rundown of what you might have missed in consumer personal data leaked and exposed. Read on for the latest May hacks & breaches of the month.
Week 1 (May 1 – 10):
Dell computer support assist checks the health of your computer system’s hardware and software. A researcher found a vulnerability noting that hackers could exploit a non-updated version of the tool to take over a user’s computer by gaining code execution at admin level privileges. After the finding was reported, Dell security team and has fixed the bug in its SupportAssist tool. If you have the tool installed we recommend you update it to the latest version.
For the second time, Baltimore city government computers have been infected by ransomware. Malicious hackers are demanding that a ransom is paid for the safe recovery of encrypted files on the affected computers and servers. Only police and fire departments remained operational. The email systems used by municipal employees, phone lines and online bill payments were impacted by the attack.
Week 2 (May 11– 18):
Twitter discloses a bug that resulted in an account’s location data being shared with a Twitter partner. Only a portion of the Twitter iOS user base was affected, and have been notified of the issue.
Boost Mobile owned by Sprint has confirmed hackers broke into an unknown number of customer accounts. The hackers used those phone numbers and account PINs to break into customer accounts using the company’s website Boost.com. A spokesperson for Sprint did not immediately comment. However, the company has sent affected customers a text with a temporary PIN.
WhatsApp urging users to update asap, after a zero-day vulnerability found and exploited by attackers who were able to inject spyware to victims’ phones.
The popular messaging app owned by Facebook, WhatsApp discovered early May that attackers were installing surveillance software on iPhones and Android phones. The company has made a statement, “Monday WhatsApp Advisory has confirmed a security flaw, and since has been patched.” Basically, attackers used the app’s calling function and exploited a vulnerability in the VoIP stack to install the surveillance software. Users are urged to update to the latest version of the app which includes patches to protect against this vulnerability.
Google discloses a security bug on its bluetooth security keys. The security these keys are ment to provide can be circumvented by an attacker in close proximity due to a “misconfiguration in the Titan Security Key’s Bluetooth pairing protocols” says the company. Existing users are being provided a free replacement. The bug affects all Titian Bluetooth keys that have T1 or T2 on the back. Google notes security keys are the strongest protection against phishing emails. The company also offers a few tips for mitigating the potential security issues here.
Teamviewer reports it was compromised in 2016. The software is a popular remote-support tool that allows you to securely share your desktop or take control of other’s PC over the internet from anywhere around the world.
Week 3 (May 19 –31):
Reports of Snapchat employees spying on users accounts with a master tool called SnapLion. The tool was developed to allow the company access to user accounts in order to comply with legitimate legal requests from law enforcement. The company has since cracked down on who can access SnapLion.
Graphic design service Canva suffers a data breach of 139 million affected users. The company notified customers through email sent out on May 25th. Canva didn’t say how many records were accessed but the information accessed included user names, emails, and passwords. As always, we remind you to use different passwords for all your applications and digital logins to prevent this king of breach affecting more important online resources like your online banking. We also recommend users to change their passwords now!