Cybersecurity roundup: May 6 to 12, 2018
This week's roundup features a bevy of stories, from the Russian effort to divide US society via Facebook ads, to a new bit of malware that takes advantage of social engineering on Facebook to deliver malicious chrome extensions to you.
Stay informed with this week's cybersecurity roundup!
Russian effort to divide US society through Facebook advertisements
Facebook and Instagram advertisements taken out by a Russian internet group were released this week, with the database illustrating how a concerted effort was made to foment anger and split US society around the 2016 election.
The ads and postings show a pattern of stirring up anger among different groups, encouraging support for then-candidate Donald Trump in the 2016 presidential race, and discouraging support for his rival Hillary Clinton.
Nigelthorn malware steals credentials, mines for cryptocurrency
A malware campaign through Facebook infects victims’ systems to steal social media credentials and download cryptomining code. Dubbed Nigelthorn by security researchers Radware, the malware is being propagated through socially engineered links on Facebook, then infecting people by asking them to download a Chrome extension.
The extension, once downloaded, performs credential theft, cryptomining, click fraud and other actions outlined in the report linked above.
Equifax reveals how much data was taken in its security breach
Consumer credit reporting agency Equifax, in a statement sent to the US Securities and Exchange Commission (SEC), revealed just how much data was exposed in its September 2017 breach.
According to the statement, 146.6 million names and birthdates were affected, with 145.5 million social security numbers, 99 million addresses and a host of other information taken during the breach. Due to the amount and types of data taken, it's possible for one person to have had multiple types of data taken as well.
Jollibee, Wendy's Philippines close their delivery sites to prevent data breaches
Wendy's and Jollibee both closed down their websites following data breaches that affected its customers.
Wendy's Philippines told users of a data breach it suffered on April 23, following intervention by the National Privacy Commission (NPC) which ordered them to inform users of the security issue on their site. Meanwhile, Jollibee Foods Corporation suspended its Jollibee, Chowking, Greenwich, and Red Ribbon sites following vulnerabilities on the sites found by the National Privacy Commission that could expose its 18 million users to harm.
The black dot emoji becomes a scourge for Apple devices
An emoji, containing strings of hidden code, has been discovered to have the ability to crash and disable the messaging app of iPhones, iPads, and Macs, and possibly, even WatchOS and tvOS devices. The emoji in question is a black dot with a finger pointing at it.
The emoji code contains thousands of invisible unicode characters, which the device attempts to process, and trying to read the text will result in a crash.