Thursday, May 31, 2018

Bitglass Security Spotlight: Twitter, PyRoMine, & Stresspaint

By Jacob Serpa, Product Marketing Manager, Bitglass

Here are the top cybersecurity stories of recent weeks:

—Twitter exposes user credentials in plaintext
—PyRoMine mines Monero and disables security
—Stresspaint malware hunts Facebook credentials
—MassMiner malware mines cryptocurrency
—Access Group Education Lending breached

Twitter exposes user credentials in plaintext

Despite the fact that Twitter doesn’t store or display users’ credentials in plaintext, the social media company recently had a security mishap. Passwords were stored in internal logs before they were successfully obfuscated, exposing them to employees in plaintext. While the information wasn’t made viewable to outside parties, it’s still a cause for concern for Twitter’s users.

PyRoMine mines Monero and disables security

New malware, PyRoMine, leverages a host of previously disparate capabilities featured in other strains of malware. For example, it uses NSA exploits while mining Monero, a cryptocurrency. Malware is continuing to grow more sophisticated, compelling organizations to adopt advanced anti-malware solutions.

Stresspaint malware hunts Facebook credentials

Disguised as a stress-relieving paint program, Stresspaint is a piece of malware that is attacking users in an attempt to gather their Facebook credentials. In particular, the malware is targeting influential users – those who manage Facebook pages or have numerous friends and followers. It is primarily distributed through emails and messages on Facebook.

MassMiner malware mines cryptocurrency

MassMiner is the latest in a slew of malware strains that engage in malicious cryptomining. This threat seeks to take advantage of known vulnerabilities in order to commandeer web servers and mine Monero – which continues to be a common target in malicious cryptomining.

Access Group Education Lending breached

Unfortunately for those who have used the organization’s services for their student loans, Access Group Education Lending has been breached. Nearly 17,000 borrowers had their information exposed when a loan processing vendor working for the group shared their information with an unauthorized, unknown company.

Fortunately for the enterprise, cloud access security brokers (CASBs) can defend against zero-day malware and countless other threats. To learn more, download the Zero-Day Solution Brief.



from Cloud Security Alliance Blog https://ift.tt/2stfrF7

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.