Cyber Hacks of the month IT Security
image of security breach text with codes on a computer screen

Hacks & Breaches of the Month — May

Hacks & Breaches of the Month — May

Unfortunately like every other month, the Hacks & Breaches of the Month – May is no different. We have an extensive list of hacks, data attacks, security breaches and exposed flaws to report. Further, we will give you a short recap of what you might have missed in personal data being leaked and exposed. Learn more below with the Hacks and Breaches this month.

Lets get going with the Hacks & Breaches of the Month — May

Week 1 (May 1 – 10): Hacks and Breaches

Dell Support software hacked.picture of Dell's logo

Dell computer support assist checks the health of your computer system’s hardware and software. A researcher found a vulnerability noting that hackers could exploit a non-updated version of the tool to take over a user’s computer by gaining code execution at admin level privileges. After the finding was reported, Dell security team and has fixed the bug in its SupportAssist tool. If you have the tool installed we recommend you update it to the latest version.

City of Baltimore network down hacks & breaches

For the second time, Baltimore city government computers have been infected by ransomware. Malicious hackers are demanding that a ransom is paid for the safe recovery of encrypted files on the affected computers and servers. Only police and fire departments remained operational. The email systems used by municipal employees, phone lines and online bill payments were impacted by the attack.

Week 2 (May 11– 18): Hacks and Breaches

hacks & breachesMagento Credit Card Hacking 

Researchers have discovered an ongoing credit card hacking campaign. Over 105 e-commerce websites were identified as running JavaScript which is hosted on the malicious domain magento-analytics[.]com. This JavaScript skims and collects the credit card information used to make the purchase on these sites.

picture of a iphone with Twitter on it. Twitter Bug exposes users location

Twitter discloses a bug that resulted in an account’s location data being shared with a Twitter partner. Only a portion of the Twitter iOS user base was affected, and have been notified of the issue.

Boost Mobile Accounts Hackedhacks & attacks

Boost Mobile owned by Sprint has confirmed hackers broke into an unknown number of customer accounts. The hackers used those phone numbers and account PINs to break into customer accounts using the company’s website Boost.com. A spokesperson for Sprint did not immediately comment. However, the company has sent affected customers a text with a temporary PIN.

hacks & attacksWhatsapp Spyware Attack

WhatsApp urging users to update asap, after a zero-day vulnerability found and exploited by attackers who were able to inject spyware to victims’ phones.

The popular messaging app owned by Facebook, WhatsApp discovered early May that attackers were installing surveillance software on iPhones and Android phones. The company has made a statement, “Monday WhatsApp Advisory has confirmed a security flaw, and since has been patched.” Basically, attackers used the app’s calling function and exploited a vulnerability in the VoIP stack to install the surveillance software. Users are urged to update to the latest version of the app which includes patches to protect against this vulnerability.

Google Recalls Bluetooth Titian security keys picture of computer being hacked

Google discloses a security bug on its bluetooth security keys. The security these keys are ment to provide can be circumvented by an attacker in close proximity due to a “misconfiguration in the Titan Security Key’s Bluetooth pairing protocols” says the company. Existing users are being provided a free replacement. The bug affects all Titian Bluetooth keys that have T1 or T2 on the back. Google notes security keys are the strongest protection against phishing emails. The company also offers a few tips for mitigating the potential security issues here.

hacks & breachesTeamviewer software hacked 

Teamviewer reports it was compromised in 2016. The software is a popular remote-support tool that allows you to securely share your desktop or take control of other’s PC over the internet from anywhere around the world.

Week 3 (May 19 –31): Hacks and Breaches

Snapchat Employees Access To Users Accounts picture of snapchat

Reports of Snapchat employees spying on users accounts with a master tool called SnapLion. The tool was developed to allow the company access to user accounts in order to comply with legitimate legal requests from law enforcement. The company has since cracked down on who can access SnapLion.

hacks & breachesCanva Users Data Breach

Graphic design service Canva suffers a data breach of 139 million affected users. The company notified customers through email sent out on May 25th. Canva didn’t say how many records were accessed but the information accessed included user names, emails, and passwords. As always, we remind you to use different passwords for all your applications and digital logins to prevent this king of breach affecting more important online resources like your online banking. We also recommend users to change their passwords now!

 

picture of Josue Nolasco
Josue Nolasco

 

Author

Veronica Peon