Welcome to The Dashlane Tech Check for May 4, 2017! I’ll help you catch up on Dashlane-related news and the big news in the tech industry. And just for fun, I’ll include a useful lifehack that will keep you safe and secure all year long.
What in the (Security) World?
Here’s what made headlines this week in the world of digital identity, security, and privacy:
Gone phishing: A major phishing attacks targeted Google Docs users this week
A massive phishing attack targeting Google Docs users spread like wildfire around the Internet. According to several outlets, the attack would’ve given permission to the attacker(s) to gain access to a user’s contact lists and continue spreading spam messages on a user’s behalf. However, consumers weren’t the only targets. According to InfoSecurity Magazine, security firm Agari claims that more than 3000 organizations were compromised within a few hours of the attack, and sent more than 23,000 emails to its customers.
A Google spokesperson confirmed to The Verge that the offending accounts were disabled, fake pages removed, about a specialized team is working on preventing similar attacks in the future. However, a report from Motherboard claims the tech giant was warned that such an attack could take place six years ago. It claims that in October 2011, a researcher warned Google about the exact technique used in Wednesday’s attack.
Go Phish: Read our comprehensive guide on how to spot and prevent phishing attacks.
Financially-motivated hackers are using SS7 attacks to break into bank accounts.
According to Motherboard, a German newspaper The Süddeutsche Zeitung reported that hackers are exploiting flaws in a mobile data networks called SS7 to drain bank accounts. In sum, the vulnerability lies with authentication–”the network believes whatever you tell it.” For instance, presuming that an attacker already has access to your bank password, they’ll just need to purchase SS7 access for about 1000 euros, send a routing request, and direct their target’s text messages to another device, giving them the ability to steal any 2FA codes required to access an account and make a money transfer.
A law against encryption could happen under Trump administration, says FBI Director
During his public Senate hearing on Wednesday, FBI Director James Comey didn’t rule out the possibility tech companies like Apple or Google would be required to come up with a backdoor for the feds. The Verge reports that Senator Chuck Grassley (R-IA) asked Comey if he still believed it wasn’t necessary to push for laws addressing encryption interfering with criminal investigations. “I could imagine a world that ends up with legislation saying if you are going to make devices in the United States you figure out how to comply with court orders,” Comey said. “Or maybe we don’t go there.
Hacker claims to have leaked “Orange is the New Black” and other Netflix shows
According to InfoSecurity Magazine, a hacker named TheDarkOverloard has attempted to leak the new season of Orange is the New Black after a failed extortion attempt. The hacker also threatening to release other shows from other networks, like New Girl on Fox. “We are aware of the situation. A production vendor used by several major TV studios had its security compromised and the appropriate law enforcement authorities are involved,” Netflix said in a statement.
Police in the UK plan requiring facial scans for all Champions League final attendees
InfoSecurity Magazine is reporting that police in the UK are planning on using automatic facial recognition for all attendees of the UEFA Champions League final on June 3. The scans will be used to compare the scans with mugshots of 500,000 criminals and “persons of interest” in real time in an effort to thwart a potential terrorist attack. About 170,000 fans are expected to attend the event.
Don’t publicly share your first 10 concerts in your Facebook status. It could make you a prime target for hackers.
A popular Facebook meme has people asking their friends which one out of 10 concerts they didn’t really attend, however, experts claim this information can be used by hackers to answer one of your security questions and break into your online banking account. Dashlane’s CEO Emmanuel Schalit offered this advice to USA Today: “A bank asks to know my mother’s maiden name — spend 10 minutes online and you can find it out,” he says. Schalit instead generates a password of numbers, letters and symbols that would make no sense to anyone, and stores it within his Dashlane manager. “This will never be guessed by anyone because it can’t,” he says.
Gannett Co. phishing attacks affected 18,000 current and former employees
Media giant Gannett was the target of a wide-scale phishing attack that potentially compromised as many as 18,000 former and current employees. In an announcement on USA Today, the company said the attack was discovered on March 30 and compromised the Office 365 credentials of some HR staff members. Attackers were then able to take control over employee email accounts and impersonate HR with a seemingly valid email address. To date, the company has yet to confirm if any employee accounts or customer account information was accessed during the attack, but said that “employee information was potentially available” before the accounts were locked down.
Dashlane News You Shouldn’t Snooze
Dashlane advocates for better password habits ahead of World Password Day
World Password Day was yesterday, but members of the Dashlane team and advocates were busy spreading awareness about the importance of password safety and management on various news programs and publications. Here’s what you may have missed:
- Dashlane CEO Emmanuel Schalit appeared on NY1 during the 8 AM newscast ahead of World Password Day.
- Jeff Stone, cybersecurity research director at Wall Street Journal Pro included Dashlane in his morning cybersecurity newsletter.
- Senior Marketing Manager Ryan Merchant was interviewed by NBC New York to discuss Wednesday’s sophisticated Google Doc phishing attack.
This Week’s Lifehack to Improve Your Security
Yesterday was World Password Day (and also Star Wars Day–May the Fourth be with you!) and Dashlane teamed up with Intel to raise awareness about the importance of password security. Although the day may be over, we still challenge you to take our pledge: commit to changing at least one password–preferably a password for a social media account, online banking app, or any account using your personal information. Want to learn how to make a strong password? We offer some handy quick tips here.
Have any thoughts on any of the news I shared? Leave me a comment below and make sure to visit our blog next week for another edition of The Dashlane Tech Check.
Also, don’t forget to follow us on Twitter to always be in the know! In our last Tech Check, the FCC published a draft proposal to reverse Title II net neutrality rules. We break down everything that you need to know.