Investigators find cybersecurity is poor at several Trump properties

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Inter­net secu­ri­ty at Mar-a-Lago and oth­er Trump prop­er­ties is easy to bypass, accord­ing to an inves­ti­ga­tion by ProP­ub­li­ca and Giz­mo­do, which found wire­less net­works and devices vul­ner­a­ble to spy­ing and hack­ing. Inves­ti­ga­tors parked a boat equipped with a wire­less anten­na off­shore near Mar-a-Lago in Palm Beach, Fla., and found three Wi-Fi net­works with poor encryp­tion. The inves­ti­ga­tion also found wire­less vul­ner­a­bil­i­ties at Trump Nation­al Golf Club in Bed­min­ster, N.J.; Trump Inter­na­tion­al Hotel in Wash­ing­ton, D.C.; and Trump Nation­al Golf Club in Ster­ling, Va. Trump has made fre­quent vis­its to many of these prop­er­ties as pres­i­dent, espe­cial­ly the Mar-a-Lago resort, where he has host­ed for­eign lead­ers includ­ing Chi­nese Pres­i­dent Xi Jin­ping and Japan­ese Prime Min­is­ter Shin­zo Abe. The report says that hack­ers could have mon­i­tored any diplo­mat­ic con­ver­sa­tions they may have had. Source: The Wash­ing­ton Exam­in­er

Unhappy ending? Hackers say they have access to a Disney film

Walt Dis­ney CEO Bob Iger says hack­ers claim­ing to have access to a Dis­ney movie threat­ened to release it unless the stu­dio paid a ran­som. Iger didn’t dis­close the name of the film, but said Dis­ney is refus­ing to pay. The stu­dio is work­ing with fed­er­al inves­ti­ga­tors. The Dis­ney chief said the hack­ers demand­ed that a huge sum be paid in bit­coin. They said they would release five min­utes of the film at first, and then in 20-minute chunks until their finan­cial demands are met. Source: The Hol­ly­wood Reporter

Consumers don’t feel personal threat from data breaches

Despite wide­spread news reports of data breach­es, con­sumers’ vig­i­lance and aware­ness haven’t kept pace, accord­ing to a sur­vey by Exper­ian. Con­sumers store an aver­age of 3.4 types of per­son­al iden­ti­fi­able infor­ma­tion online. Half don’t think they’re like­ly to ever expe­ri­ence iden­ti­ty theft because they believe poor cred­it makes them unap­peal­ing tar­gets. Sources: PR Newswire, Exper­ian

Cyber-savvy kids do the darndest things

At a cyber safe­ty con­fer­ence in the Hague, Nether­lands, 11-year-old Reuben Paul used a small com­put­er called a “rasp­ber­ry pi” to hack into audi­ence mem­bers’ Blue­tooth devices and down­load phone num­bers. Paul then used one of the num­bers to hack into a “smart” ted­dy bear, which con­nects to the inter­net via Blue­tooth or Wi-Fi, and used the toy to record a mes­sage from the audi­ence using the com­put­er lan­guage pro­gram Python. Source: For­tune

WannaCry might not have been cause of some computers woes

Many com­put­ers and servers around the world whose own­ers believed they were oper­at­ing slow­ly because of the Wan­naCry ran­somware attack, were actu­al­ly vic­tims of mal­ware called Adylkuzz, accord­ing to the secu­ri­ty com­pa­ny Proof­point. Adylkuzz turned them into “min­ers” work­ing to fun­nel dig­i­tal cur­ren­cy, like­ly des­tined for dark web mar­kets. Proof­point says this mal­ware took advan­tage of the same Nation­al Secu­ri­ty Agency-devel­oped tools that drove Wan­naCry. Source: CBS News

North Korea suspected in worldwide ransomware attack

North Korea may be behind the huge glob­al hack that took down Britain’s Nation­al Health Ser­vice, among oth­er orga­ni­za­tions. The hack took down com­put­ers across the world and might be respon­si­ble for deaths in affect­ed hos­pi­tals. Those behind the attack asked for mon­ey to unlock the com­put­ers that were caught up in it. Experts said that the code used, as well as the way that the hack­ers took com­put­ers hostage, were sim­i­lar to the way that North Korea has worked in the past. Source: The Inde­pen­dent

Education platform deals with double whammy

Class­room-learn­ing plat­form Edmo­do was the vic­tim of a hack that led to tens of mil­lion of users’ account details (includ­ing email address­es) being put up for illic­it sale on the dark web. In addi­tion, a blog­ger pub­lished a post detail­ing what he described as Edmodo’s prac­tice of track­ing stu­dents’ and teach­ers’ activ­i­ty on their web-based plat­form, then send­ing the infor­ma­tion to data bro­kers. Source: Edu­ca­tion Week

Bell Canada calling: Your account might have been hacked

Bell Cana­da says an anony­mous hack­er has obtained some cus­tomers’ names and tele­phone num­bers as well as email address­es. Ille­gal­ly accessed infor­ma­tion includ­ed approx­i­mate­ly 1.9 mil­lion active email address­es and approx­i­mate­ly 1,700 cus­tomer names and active phone num­bers. Bell says there is no indi­ca­tion that any finan­cial, pass­word or oth­er sen­si­tive per­son­al infor­ma­tion was accessed. Source: Huff­Post Cana­da

Sign here; or wait, maybe you shouldn’t

Dig­i­tal sig­na­ture ser­vice DocuSign said an unnamed third-par­ty had obtained access to email address­es of its users after hack­ing into its sys­tems. The hack­ers gained tem­po­rary access to a periph­er­al sub­sys­tem for com­mu­ni­cat­ing ser­vice-relat­ed announce­ments to users through email, the com­pa­ny said. Only email address­es were accessed, not oth­er details such as names, phys­i­cal address­es, pass­words, Social Secu­ri­ty num­bers, cred­it card data or oth­er infor­ma­tion. Source: PC World

Google’s Chrome might lose some of its shine

A vul­ner­a­bil­i­ty in Google’s Chrome brows­er allows hack­ers to down­load a mali­cious file onto a victim’s PC that could be used to steal cre­den­tials and launch relay attacks. The attack­er entices the vic­tim (using ful­ly updat­ed Google Chrome and Win­dows) to vis­it his web­site to be able to reuse victim’s authen­ti­ca­tion cre­den­tials. Source: Kasper­sky Lab

Some cars might be built to resist outside control

Black­Ber­ry is work­ing with at least two automak­ers to devel­op a secu­ri­ty ser­vice that would remote­ly scan vehi­cles for com­put­er virus­es and tell dri­vers to pull over if they were in crit­i­cal dan­ger. Aston Mar­tin and Range Rover are test­ing the ser­vice, which also would be able to install secu­ri­ty patch­es on an idle car. Source: Reuters

Insider may have exposed patient data at New York hospital

A vol­un­teer at NYC Health + Hospitals/Coney Island gained unau­tho­rized access to the health infor­ma­tion of near­ly 3,500 patients, the hos­pi­tal told the U.S. Depart­ment of Health and Human Ser­vices. The vol­un­teer entered patient names in a log­book, cleaned up data stor­age areas and trans­port­ed spec­i­mens with­in the hospital—without being vet­ted by Coney Island’s human resources depart­ment. The hos­pi­tal told affect­ed patients it was not aware that their per­son­al infor­ma­tion “has been fur­ther improp­er­ly dis­closed or inap­pro­pri­ate­ly used in any way.” Source: Crains New York

Dressed for a lack of success when it comes to security

A cred­it card breach at Brooks Broth­ers took a year to get under con­trol, accord­ing to a data breach noti­fi­ca­tion. The cloth­ing giant said that a hack­er obtained the cred­it card details of cus­tomers who vis­it­ed stores in the Unit­ed States and Puer­to Rico. That includes the name, card num­ber, expi­ra­tion date, and ver­i­fi­ca­tion code. The hack­er installed mal­ware on point-of-sale devices used to process pay­ments in-store. Source: ZD Net

Facebook will have to cough up some cash

France’s inde­pen­dent pri­va­cy watch­dog fined Face­book for breach­ing French pri­va­cy laws by track­ing and using the per­son­al data of 33 mil­lion users, as well as nonusers who browse the inter­net. The Nation­al Com­mis­sion on Infor­mat­ics and Lib­er­ties imposed sanc­tions of 150,000 euros ($166,000) on the social net­work­ing com­pa­ny for fail­ing to com­ply with French data pro­tec­tion laws after a for­mal warn­ing last year. Source: ABC News