Note: Each week we bring you the latest hacking news on the internet. Read on to find out who and what was hacked this week.
The Marai botnet that knocked out a major portion of the internet last month is at it again.
More than 900,000 broadband routers from Deutsche Telekom in Germany were knocked offline last weekend due to a cyberattack affecting phone, TV and internet service.
Routers made by Zyxel and Speedport were vulnerable to a critical remote code execution flaw. Internet port 7547, meant to be used by ISPs to manage devices remotely, were open to receive commands based on TR-069 and related TR-064 protocols.
According to security researchers BadCyber, the attack originated from a known Marai’s command-and-control server.
Last week more than 2,000 computer systems at San Francisco’s public transit agency were hacked.
Known as MUNI, station payment systems and schedule monitors were hacked by ransomware and displayed the following message:
“You Hacked, ALL Data Encrypted. Contact For Key(email@example.com)ID:681 ,Enter.”
This forced MUNI to shut down ticket kiosks, resulting in free rides over the weekend.
Only known by the pseudonym “Andy Saolis,” the hackers demanded $73,000 in Bitcoin in order to free up the system.
The Russian Central Bank admitted this week that hackers stole more than 2 billion rubles ($31 million) in a cyber attack, without giving much more information.
In a briefing, Artyom Sychyov explained that hackers faked client credentials and attempted to steal up to 5 billion rubles from correspondent accounts.
Norway-based security firm Promon demonstrate how easy it is to hack a smartphone and steal a Tesla using Tesla’s official Android app.
A new Android malware known as “Gooligan” is responsible for breaching more than one million google accounts and is infecting 13,000 devices every day. These accounts are hijacked and access to sensitive information from Gmail, Google Photos, Google Docs, Google Play, Google Drive and G Suite is available to the attackers.
Android devices running older versions of the OS are most at risk, and the malware can be activated when downloading Android apps on 3rd party app stores. The malware generates revenue by fraudulently buying apps from Google Play Store as well as installing adware.
You can check if your device has been compromised here.
Changes to Rule 41 of the Federal Rules of Criminal Procedure by the United States Department of Justice went into effect Thursday that grant the FBI greater powers to hack computers.
FBI can now remotely hack into multiple computer within the country or around the world with just a dingle warrant issued by any US judge, including magistrates.
Opponents to the rule changes worry that this will allow FBI to hack innocent users, while advocates say it will give them better ability to track down organized cyber criminals.
The same vulnerabilities that led to the Deutsche Telekom router attacks have been used against Talk Talk and the Post Office in the UK.
Zyxel AMG1302 routers, used by the Post Office, were compromised. A Post Office spokeswoman assures customers that no personal data or devices were compromised.
Talk Talk customers using D-Link DSL-3780 routers were also affected, but the company maintains that a small percentage of its customers use these routers.
Around 26,500 UK National Lottery players accounts were accessed and suspicious activity was detected.
Details accessed may include name, contact details, date of birth, transaction history, account preferences, last four digits of card numbers, and expiration dates of card numbers.
According to Camelot, the National Lottery Operator, core systems have not been compromised. No money has been deposited of withdrawn from affected accounts, although less than 50 have had activity take place that may have been done by the players themselves.
Camelot believes the email addresses and passwords were stolen from another website where users used the same details as with their National Lottery accounts.
Affected accounts have been suspended and Camelot is reaching out to players to help them re-activate securely.
A series of destructive attacks on Saudi Arabia have been carried out over the past two weeks.
Hackers have struck computer banks of the agency running the country’s airport as well as five additional targets, erasing data and wreaking havoc.
Saudi Arabia says that several government agencies were targeted from outside the kingdom. Digital evidence suggests the attacks came from Iran.