Welcome to The Dashlane Tech Check for June 23, 2017! I’ll help you catch up on Dashlane-related news and the big news in the tech industry. And just for fun, I’ll include a useful life hack that will keep you safe and secure all year long.
What in the (security) world?
Here’s what made headlines this week in the world of digital identity, security, and privacy:
Personal data on nearly 200 million US voters were leaked online, making this the largest leak of voter data of all time
Sensitive data on nearly 200 million US voters–approximately 61 percent of the total population–was found on a publicly accessible Amazon server used by a company contracted by the Republican National Committee and potentially compromised, according to Infosecurity Magazine. Personal data includes home addresses, birthdates and phone numbers, analytical data on voting preferences, personal stances on hot-button issues, and ethnicity and religious data.
UpGuard cyber-risk analyst Chris Vickery discovered the data was stored by Deep Roots Analytics, a conservative marketing firm, on publicly accessible Amazon server for 12 days without password protection and could’ve easily been accessed by anyone who found the URL. To date, there have been no discoveries as to whether the information actually has been used or accessed by bad actors, but, nevertheless, this does put millions at risk for targeted social media and phishing attacks.
If you believe you may be affected by this data leak, read our essential guide on how to identify and avoid different types of phishing scams.
WannaCry strikes again, taking out a Honda manufacturing plant
On Monday, a Honda manufacturing plant in the northwest of Tokyo temporarily halted production after finding the WannaCry ransomware worm on its computer network. According to Reuters, despite attempts to secure its systems in mid-May when the virus caused worldwide disruption at plants, hospitals, and shops, Honda found the worm had affected systems in Japan, North America, Europe, China and other regions on Sunday. Production was not halted at other plants, but production at the plant in northwest Tokyo resumed on Tuesday.
Hacktivist breaks into Minnesota government databases to protest Philando Castile verdict
After a jury found the cop that shot and killed Philando Castile not guilty of manslaughter, a hacker named Vigilance took matters into his own hands by hacking into a database in Minnesota state government, stealing 1,400 email addresses and corresponding hashed passwords. “I thought I had to do something against what I found to be unjust,” the hacker said to a reporter at Motherboard. “This was a failure of justice. And his family won’t get the satisfaction of knowing the one who killed Philando is rightly punished. An innocent man died. And a guilty one lives freely.”
Did Skype suffer an outage as the result of a cyber attack?
If you’re a frequent Skype user, you may have experienced connectivity issues as the result on an outage earlier this week. According to Infosecurity Magazine, Skype’s parent company, Microsoft, has yet to confirm the cause of the outage, but many suspect it was the result of a DDoS attack.
How effective are DDoS attacks? We’ll show you how a DDoS attack took down Amazon, Twitter, Reddit last year.
Uber founder Travis Kalanick resigns as CEO
As a result of a shareholder revolt, Travis Kalanick is resigning as the CEO of Uber, the popular ride-hailing service, on Tuesday. The New York Times is reporting that Kalanick’s departure was the result of pressure from five of Uber’s top investors to resign immediately. Although Kalanick is no longer the CEO, he will remain on Uber’s board of directors.
This follows numerous reports about Uber’s toxic work culture, including allegations of sexual harassment and discrimination, an ongoing lawsuit from Waymo, the self-driving car business under Google’s parent company, and a federal inquiry into tool Uber used to sidestep law enforcement.
Moroccan hackers infiltrated Miami school districts ahead of 2016 US Presidential election
A Moroccan hacking group, MoRo, infiltrated the networks of at least four Miami school districts just two months before the 2016 US Presidential Election. According to The Miami Herald and Infosecurity Magazine, the hackers used phishing emails to infect the system with malware used to turned off logging tools for three months while “the hackers probed the systems, mapping them out and testing their defenses. At one point, they even posted photos of someone dressed as an ISIS fighter on two school district websites.” Luckily, the hackers did not manage to access and exploit any personal information. However, as The Miami Herald notes, these hackers were looking to pivot to hacking election systems.
21 states were potentially targeted by Russian government cyber actors, says US Department of Homeland Security
Samuel Liles, the acting director of the Department of Homeland Security (DHS) Office of Intelligence and Analysis (I&A), Cyber Division, and Jeanette Manfra, acting deputy undersecretary for cybersecurity and communications at the DHS’ National Protection and Programs Protectorate, testified before the US Senate Intelligence Committee on Russian attempts to swing the 2016 US presidential election.
Infosecurity Magazine reports the officials confirmed details from a report published in October that, “internet-connected election-related networks, including websites, in 21 states were potentially targeted by Russian government cyber actors”. Liles and Manfra also confirmed in their testimony that Russian actors were not targeting vote tallying machines but other parts of the election management infrastructure, perhaps in an attempt to undermine voter confidence.
Microsoft has admitted interfering with third-party antivirus software running on Windows 10
Infosecurity Magazine reports that Microsoft “admitted interfering with third-party antivirus software running on Windows 10, but only if it is incompatible with the OS and needs updating.” “For the small number of applications that still needed updating, we built a feature just for [antivirus] apps that would prompt the customer to install a new version of their [antivirus] app right after the update completed,” said Rob Lefferts, partner director for the security and enterprise part of the Windows & Devices Group in a blog post. “To do this, we first temporarily disabled some parts of the [antivirus] software when the update began. We did this work in partnership with the [antivirus] partner to specify which versions of their software are compatible and where to direct customers after updating.”
This appears to be a direct response to accusations from Russian antivirus software vendor Kaspersky Lab that Microsoft abuses its dominant position in the OS market to force its own antivirus software on users.
Girl Scouts will soon begin offering badges on cybersecurity
Girl Scouts USA is partnering with Palo Alto Networks “on a national badge system that aims to help girls explore opportunities in science, technology, engineering and math (STEM) while developing problem-solving and leadership skills”, according to Infosecurity Magazine. 18 new badges will be available to all participants in grades K-12, which is set to debut in September 2018.
Dashlane News You Shouldn’t Snooze
“Password hygiene for cyber security: Millennials driving a positive change”
Dashlane is cited in an article by the Digital Guardian on password hygiene and millennials, based on a Digital Guardian random survey of 1,000 Google users and their password habits. The article cites Dashlane analysis on the average number of accounts per internet user to illustrate password overload.
This Week’s Lifehack to Improve Your Security
What do hackers and water parks have in common? Both can cause you to lose all of your data if your devices aren’t properly protected. Whether you’re going on a business trip or family vacation, try one of these 11 genius travel hacks that’ll protect your smartphone, computer, or tablet while you’re on the go this summer.
Have any thoughts on any of the news I shared? Leave me a comment below and make sure to visit our blog next week for another edition of The Dashlane Tech Check.