It’s that time of week again. Our Threat Recap is bringing you the top news in cybersecurity from new OS releases to remote access of popular cars. Here are five of the major security stories happening this week.
New Ransomware Targets Disk Drives
With the current state of ransomware threatening computer systems around the world, the jump from encrypting specific file types to encyrpting the entire hard drive was inevitable. In the case of Mamba, the latest variant , it begins with replacing the Master Boot Record (MBR) and moves onto encrypting the hard drive itself. Once encryption is complete, the computer will then require a password to unlock, which just so happens to be the decryption key sitting behind the ransom’s paywall.
Remote Access: A Very Real Danger for Tesla
In a recent test, Chinese researchers were able to access several critical and non-critical components of a Tesla Model S. While it may seem benign to have your seat position changed or sunroof opened remotely, these tests have also proven the capability to control brake functionality. They’ve also shown that doors and trunks can be controlled from up to 12 miles away. Tesla has responded with updates to resolve this access, which only seems to occur when the in-dash web browser is in use.
Apple Releases New Mac OS Sierra
Apple announced the release of its latest iteration of the Mac OS, Sierra 10.12 . With this update, Apple has been able to remove nearly 70 different security vulnerabilities that had been prevalent in its previous two operating systems. In addition to the OS release, Apple also pushed out Safari 10, the latest update for their web browser, which should also resolve over 20 security issues from previous versions.
Facebook Zero-Day Gives Full Access to Pages
With the continuing rise of businesses using social media to advertise their products and communicate with their customers, exploits are always being researched . Recently, a researcher was able to gain access to any Facebook page by using a bug in the way Facebook deals with its business accounts. By spoofing the Business Manager functionality, the researcher was able to view and edit all associated pages with a given business, without requiring login credentials.
MoDaCo Breach Leaks Data on 880,000 Users
In the past week, MoDaCo, a UK-based smartphone forum, announced they had fallen victim to a security breach . Users of the service have been receiving notifications to change their passwords, although officials are stating that user credentials were all hashed. Researchers have been able to identify around 70 percent of the leaked credentials were already released in previous data breaches, courtesy of Have I Been Pwnd?, a web service that will notify users if their email address has been identified in a data breach.