Latest Cyber Security News Update 12/29/2017
The last Cyber Security News Update of 2017 is here, and what a year it was. To wrap up this week we’ve got cryptocurrency hostage exchanges, leaky code and Samsung’s SOP bypass.
Pavel Lerner, the managing director of a cryptocurrency exchange in Ukraine, was kidnapped on December 26th while leaving his office. He works for EXMO, a large exchange and is also an expert on blockchains and cryptocurrency in general. He was dragged away in a black Mercedes-Benz Vito and hasn’t been heard from since. It’s currently believed that he’ll be ransomed back for some amount of untraceable cryptocurrency. This kidnapping is horrible, and it raises a disturbing question: Will there be more criminal acts now that untraceable currencies exist? There’s technology now to track individual pieces of real currency, and the people who’ve interacted with it but untraceable cyrptocurrencies like Monero exist. This abduction may also be the opening move of a robbery attempt on the EXMO exchange, so if you have currency there it may be time to withdraw it. Watch your account in the coming days.
Source: CEO of Major UK-Based Cryptocurrency Exchange Kidnapped in Ukraine
Ancestry.com is a well-known website that helps people see who’s in their family tree. It requires a DNA sample, which gets tested, and they also dig through records. While it might not seem like an identity threat, it really is the more you think about. The names of your family are recorded there and most people use familiar names when they generate their passwords or security questions. To go really off the deep-end, there’s also literally a record of your DNA on file and that’s pretty personal. At a reasonable level again, they also store credit card information and social security numbers. So when Ancestry.com reported that they had to close access off when they discovered that some 300,000 passwords had been leaked due to their root code it was concerning. They’ve reported that of the 300,000 passwords stolen most of them are for inactive trial accounts or for access to their messaging boards. Roughly 7,000 of them are for active accounts however, and while they say the actual credit card data wasn’t stored on the server that’s not all that comforting. So far, according to the company, no “malicious third party” has accessed the data, but they’re also refusing to comment on how they left this data unsecured in the first place or for how long.
LEAKY ROOTSWEB SERVER EXPOSES SOME ANCESTRY.COM USER DATA
Source: Critical “Same Origin Policy” Bypass Flaw Found in Samsung Android Browser
Max is a Legal Assistant and author residing in the Philadelphia area He has been writing for AskCyberSecurity.com since early 2017.