Cloud Security News: Week in Review is our blog series, grabbing the more interesting cloud security scoops from the web. Sit back, relax, and catch up on all you should know about this week.
Heads up social media users. There’s a new ransomware in town that uses data from social media accounts to carry out its plan of attack. Introducing: Ransoc. In other attack news, researchers have just discovered what has been befittingly dubbed WindTalker. User data, including passwords and PINs, can be leaked via WiFi signals coming from your smartphone in a sophisticated reverse engineering method. On a more positive note, the U.S. Army has introduced “Hack the Army,” a new program that looks for white hats to help test Army sites and databases for security vulnerabilities, playing a critical role in national security. More in-depth recaps below.
By Danny Palmer (@dannyjpalmer)
Active on Facebook, LinkedIn, or Skype? Social media users beware. Yet another type of ransomware has been discovered, called “Ransoc” (as cleverly named by cybersecurity researchers from Proofpoint). Once Ransoc infects the system, it searches through the victim’s social media accounts and steals data to create a tailored ransom note appearing to be a legitimate threat of legal action.
By Waqas Amir (@Writerblues)
Here’s a pretty scary one. Based on newly published research, “When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals,” we may want to all think twice when logging into accounts on our smartphones. According to the study, users’ passwords and PINs are at risk of exposure via WiFi signals. As a person uses their phone’s touchscreen to type something, WiFi signals are altered and attackers can interpret the interruptions and use reverse engineering to figure what was typed. World, meet WindTalker.
By Michael Mimoso (@Mike_Mimoso)
Big week for white hats! The U.S. Army announced a new invite-only initiative, called “Hack the Army,” in hopes of discovering any security vulnerabilities. Hackers will be focusing on testing out Army recruiting sites and databases, which contain large volumes of personal information belonging to recruits. Though similar to the “Hack the Pentagon” program that was announced earlier this year, “Hack the Army” is about testing dynamic content rather than just static websites.