My TechDecisions

Network Security

Who Got Hacked This Week? Jan. 14 Edition

Who and what was hacked this week, January 14th, 2016? Read on to find out.

Leave a Comment

Who Got Hacked

Note: Each week we bring you the latest hacking news on the internet. Read on to find out who and what was hacked this week.

 

OSCE Suffers Major Cyber Attack

The Organization for Security and Co-operation in Europe has suffered a major cyberattack this week.

Based in Vienna, the OSCE includes 57 member states and is the largest security-oriented intergovernmental organization in the world. It focuses on issues like arms control, human rights, freedom of the press and fair election results.

Mersiha Causevic Podzic, a representative of the OSCE, said in an email that the organization became aware of a major information security incident in early November. The incident compromised the confidentiality of the organization’s IT network and put its integrity at risk.

It is believed that Russian hackers group APT28 (aka Pawn Storm, Sofacy, and Fancy Bears) was behind the attack.

The manner in which the OSCE was accessed has been identified along with some of the external communication destinations.

 

900 GB of Data Stolen from Cellebrite

Cellebrite, an Israeli company whose main product allows for data to be ripped from mobile phones, has itself been hacked.

More than 900 GB of data related to the company, including customer information, databases and technical data regarding Cellebrite products, was taken from servers related to Cellebrite’s website. The data also includes usernames and passwords for logging into Cellebrite databases. The data also contains evidence files from seized mobile phones and logs from Cellebrite devices.

Cellebrite is urging customers to change their passwords as a precaution.

 

Energy Department Warns U.S. Power Grid in “Imminent Danger”

The U.S. Energy Department has warned that the electricity system faces imminent danger from cyber-attacks.

 

27,000 Databases Held For Ransom in One Week

If you’re using MongoDB installations to create your database, you could be in trouble.

Hacker Harak1r1 has been accessing, copying and deleting poorly configured MongoDB databases and holding the lost data for ransom this past week. It is estimated that over 27,000 databases have been compromised. The hacker is demanding anywhere from 0.2 to 1 bitcoins ($184 to $906 U.S.).

The cause of the ransomware? The database administrators themselves. Every case involves a server with an administrator account that was configured without a password. There are currently 99,000 vulnerable MongoDB databases.

Administrators are advised to enable authentication, use firewalls and update MongoDB software to the latest release in order to stay secure.

 

FTC Sues D-Link Over Insecure Routers and IP Cameras

In the wake of IoT DDoS attacks of late, the FTC is suing D-Link due to failure to secure products.

The FTC maintains that D-Link failed to implement necessary security protection in routes and OP cameras that left thousands of consumers at risk to hacks.

D-Link has been accused of FTC Act violations like falsification about security, false claims of measures taken to secure devices, and failure to secure its software.

D-Link responded that the charges are baseless, and that the FTC fails to allege that actual customers suffered or are likely to suffer substantial injuries.

 

AutoFill Features Leak Personal Information to Hackers

The features used to automatically fill in information in browsers could be dangerous.

Hackers can use the autofill feature to trick users into spilling private information.

The way it works is that hackers could visibly include some pieces of information to autofill, and hide the rest. The browser will still fill all boxes. So a user could autofill name and company, the autofill could fill in phone number, email, address and more without the user knowing. Hackers could even invlude credic card information to autofill. Once submitted, hackers get the information.

A demo of how this works can be found here.

 

You Can Hack the Nintendo Classic to Add More Games

Owners of the highly popular Nintendo Classic have figured out a way to add more games using a hack. Be careful, though, it could also destroy the code of the entire system.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Reader Interactions

Leave a Reply

Your email address will not be published.

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Download TechDecisions' Blueprint Series report on Security Awareness now!
Blueprint Series: Why Your Security Awareness Program is Probably Falling Short

Learn about the evolution of phishing attacks and best practices for security awareness programs to ensure your organization is properly prepared t...

Workplace Collaboration Tools for Corporate Spaces
Workplace Collaboration Tools for Corporate Spaces

From lobbies and shared spaces to conference rooms and multipurpose facilities, you need high-performing AV technology to effectively share informa...

ChatGPT, generative AI, enterprise, workplace
Blueprint Series: ChatGPT and Generative AI in the Workplace

This latest release of the TechDecisions Blueprint Series explores the new phenomenon of tools such as ChatGPT and how IT leaders should go about d...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ