Roundup It's time yet again to recap the latest security happenings.
FACEBOOK HACKED (on Twitter)
An otherwise slow Friday afternoon has been spiced up by a hacker crew that managed to temporarily take control of Facebook's official Twitter account. OurMine did not say how it got into the Social Network's Twitter account, but it did take the opportunity to blast Zuck and Co.'s security practices:
This is certainly one way to ruin a Friday afternoon for someone in Menlo Park— The Register (@TheRegister) February 7, 2020
Facebook's Twitter feed was hijacked. pic.twitter.com/Ioh58NibIZ
So what's with that "RootGoat2020" thing all the hackers are spaffing about?
Towards the end of last week, you may have noticed an odd trend amongst infosec people on Twitter, as the hashtag "#RootGoat2020" started making the rounds, being retweeted by several well-followed accounts.
El Reg got in touch with Pry0cc, one of the researchers who helped spread the campaign, and he explained how the light-hearted social engineering campaign came to be.
"There is a lot of politics that trends frequently and it all is quite too serious. We all banded together and decided to start something viral to vote for RootGoat for president for 2020," the 0x00sec founder explained.
"We also know how the trending algorithm works and wanted to see if we all tried really hard, could we actually get Twitter to trend a silly infosec goat meme? We’ve all been working terribly hard and some even mentioned making bots to aid in the efforts."
So there you have it.
Oregon Fail: Medical provider drops word of stolen laptop data breach
Bad news out of Oregon has health care provider Health Share of Oregon confirmed it lost 654,362 patient records when one of its 'ride to care' providers left a laptop in a vehicle that was broken into.
Exposed details included name, address, phone number, date of birth, Social Security number, and Medicaid ID number. So just about everything needed for identity theft.
The medical service will offer the exposed patients credit monitoring and everyone who gets a notification is also advised to keep a close eye on their accounts.
FBI warns of attacks targeting voter registration sites
The FBI recently sent some of security industry partners a notification after logging a DDoS attack attempt against a voter registration site.
The Feds said the attack was carried out for around a month against an unspecified state's registration portal.
Linux pwfeedback has overflow bug
Here's something you never thought you would see: a strange flaw in the pwfeedback component of some Linux distros could potentially be used to trigger a crash.
Apparently, there's a flaw in the way to component expresses password keypresses in asterisks.
"Due to a bug, when the pwfeedback option is enabled in the sudoers file, a user may be able to trigger a stack-based buffer overflow," the bug report for CVE-2019-18634 reads.
This bug can be triggered even by users not listed in the sudoers file. There is no impact unless pwfeedback has been enabled."
IRS launches identity theft portal
With tax season upon us, the IRS has posted a site to help Americans prevent and report identity theft related to bogus tax returns.
Basically, criminals get social security numbers and other personal info on unsuspecting citizens, then use it to file fake tax returns and pocket the refund money. The Identity Theft Central portal can be found here.
Cybercreeps using coronavirus panic to phish the public
The team over at Kaspersky has given the heads-up over phishing attacks promising articles and videos related to the outbreak as a lure to phishing sites.
"The letters appear to come from the Centers for Disease Control and Prevention, which is a real organization in the United States, and they do recommend some actions regarding the coronavirus," Kaspersky explained. "The e-mails also come from a convincing domain, cdc-gov.org, whereas the CDC’s real domain is cdc.gov. A user not paying careful attention isn’t likely to notice the difference."
This is relatively common to see whenever a major news event occurs. Remember to visit trusted news sites and avoid any links or attachments in unsolicited emails. ®