Quora Hacked, Moscow Ransomware, and More Security News This Week

Credit to Author: Emily Dreyfuss| Date: Sat, 08 Dec 2018 14:00:00 +0000

Nearly after a month after the midterm elections, details on a hack of the Republican National Congressional Committee reveals that meddling in the midterms was much worse than it seemed on election day. The hack probably should have been the biggest news of the week, but for a little distracting—and important!—thing called the Mueller probe.

In expectation of Robert Mueller making big moves in the investigation before the holidays, Garrett Graff spells out the 14 questions about Trump and Russia that Mueller knows the answer to.

Also this week, veteran Kristofer Goldsmith revealed that foreign trolls are targeting vets on Facebook. Louise Matsakis reported on the ways Facebook’s dominance of the nonprofit sector exposes charities to money—but also hackers. Lily Hay Newman explained that iTunes doesn’t encrypt downloads on purpose, and Brian Barrett warned you about a clever Touch ID scam hitting the App Store.

Australia’s very bad anti-encryption law could be bad for the whole world. A new company wants to solve the problem of email phishing with… the blockchain, obviously. Issie Lapowsky did the dirty work to understand how New York City’s anti-dick pic airdrop rule would even work. And we wrote you a guide to data breaches. You’re welcome!

Of course, that wasn’t all. As always, we’ve rounded up all the news we didn’t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.

In a blog post on Monday, Quora CEO Adam D’Angelo admitted that Quora was breached. The company discovered the problem last Friday, and more than 100 million accounts may have had their data taken. The company says it’s working to contain the problem and has hired independent auditors to figure out what happened. Quora also said that the breach also might affect any “linked networks,” aka Facebook or Google, if you used those to log into Quora. Though no financial information is attached to Quora accounts, there’s a ton of personal and social information available for each account. That kind of information is a juicy target for hackers looking to cause havoc or steal identities.

If you have a Quora account, you probably received an email this week telling you to change your password if it’s one you reuse elsewhere. You should get on that.

There’s something so romantic about a cable car in a city. Riding in one makes you feel like you’re flying above all the troubles of the concrete world below. But there was no romance in what happened to the the brand new free cable-car that opened in Russia’s capital to bring passengers from the tourist district of Vorobyovy Gory to the Luzhniki Stadium. On its first full day of operation, the cable car was hit with ransomware that shut the tramway down. Hackers demanded payment in bitcoin before they would resume service. Police has to turn disappointed passengers away. By the next day, however, they had cable car up and running again.

We told you about the hack that hit 500 million Marriott customers two weeks ago, and how to protect yourself from the fallout. Now, Reuters reports that it was likely a nation-state attack perpetrated by China, according to evidence unearthed by private investigators hired by Marriott. Why would a country want to hack a hotel chain, and steal the reservation records of millions of guests? Because who was staying where and when is very valuable information for a nation that wants to exert almost total control over its people. Investigators caution that they are not 100 percent sure it was China, however.

ZDNet reports that Kaspersky Labs has been brought in to investigate some bank robberies in Eastern Europe, in which robbers stole tens of millions of dollars. They apparently pulled it off by disguising themselves as inspectors, gaining access to the bank networks and leaving malware-laden devices behind. These devices—laptops, Raspberry Pis, and “malicious USB thumb drives known as Bash Bunnies,” according to ZDNet—allowed the hackers to remotely connect to the bank networks, and siphon money away.

https://www.wired.com/category/security/feed/