Spyware Company's Servers Hacked and Wiped, Tesla's AWS Credentials "borrowed" for cryptocurrency mining, Google discloses Microsoft Edge vulnerability
Infosec News
INFORMATION SECURITY NEWS
For The Week of 2/13-2/20 2018
The Information Security News Service is a project of LARS (Laboratory for Advanced Research in Systems) in the CS Department at the University of Minnesota Duluth. We send out top stories in information security every Tuesday (except during some academic breaks). If you have stories you’d like to see featured, please email them to infosec...@d.umn.edu.
CURRENT NEWS
A Hacker Has Wiped a Spyware Company’s Servers - Again
Retina-X sells “spyware” to parents, employers, and suspicious partners that allows them to covertly track the location, web usage, photos, and text messages of their victim’s phone. Retina-X stores all the data on its servers. Last year, a vigilante hacker broke into their servers and wiped all of the data on them. This year, the hacker has done it again, citing concerns about privacy as his motivation. Retina-X denies having been hacked, but motherboard was able to confirm that the hacker has access to their servers.
https://motherboard.vice.com/en_us/article/3k7a5k/hacker-wipes-spyware-retina-x-flexispy
Tesla’s public cloud ‘borrowed’ for cryptocurrency mining
Attackers were able to gain access to Tesla’s AWS credentials and use Tesla’s cloud for mining cryptocurrency. They were also able to access some private data, although it seems like customer data was not leaked. Tesla made a statement saying that the impact is limited to “internally-used engineering test cars only”.
https://www.engadget.com/2018/02/20/tesla-cryptojacking-report/
Google Discloses Microsoft Edge Security Flaw Before Patch is Ready
Google has a history of disclosing vulnerabilities in Microsoft products before Microsoft is able to patch them. They have done it again, this time with an Edge vulnerability that was disclosed to Microsoft in November. Google waited 90 days, plus an additional 14-day “grace period” before disclosing the vulnerability. Microsoft claims that the fix is “more complex than initially anticipated”, and the timeline for a patch is unknown.