Some weeks the news is straightforward. Other weeks it’s a winding webbed trail (haha). Some weeks the headlines grab you by the neck and shake you. Other weeks they leave you scratching your head.
This week the cyber week in review is a week of contradictions: the things that happen and the things that unhappen (or maybe didn’t happen…or maybe are different, but the same)…it’s contradictory week, but it’s your cyber week in review.
Bug bounties have been an important piece of the cybersecurity puzzle in recent years: big payout for potentially risky invitations to hackers to find security flaws in your programming. The bigger the bug, the bigger the bounty!
Well, Slack got a real doozy of a bug and paid the bounty, but—pay attention here folks—other programs may still have this flaw!
A researcher at a web security company submitted a bug and got a little bonus check in February. The bug could have allowed an attacker to login to a Slack account via a configuration flaw with WebSocket. A hacker could have stolen the user’s Slack authentication token and then access anything—chats, shared files, anything the user had access to.
Other companies use interfaces like the PostMessage function or WebSocket protocol to communicate between websites. If that’s part of a company’s interfacing, an inspection, and repair of the problem is overdue!
As far as Slack is concerned, though, they say they did a thorough analysis and could find no instances of that particular bug being exploited.
Translation: your Slack is safe.
If you hadn’t already heard, Mike Pence’s personal email account was hacked. The circumstances surrounding the hack might be worth a chuckle or two. Here they are:
So is Mike Pence a punchline? Perhaps. A head-scratcher? Certainly. Also, a contradiction this week in cyber land.
The Coachella Valley Music and Arts Festival is one of the biggest (and most star-studded) music festivals in the world. Held each April in Indio, California: Madonna, Rihanna, OutKast, Prince, Daft Punk, and so many more have played over the years. The warm California weather and the laid-back vibe signal the start of the musical summer.
So a hack of users and their passwords would…definitely contradict their image.
Motherboard reports that stolen data, including usernames and passwords, are for sale on the dark web.
Two suggestions: 1) If you have a Coachella account, change the password and 2) Take this as yet another example of one simple password rule: never, ever, use the same password for more than one site.
A lot of wind would be let out of hacker sails if we could just get everyone to agree to not reuse passwords.
Every week we bring you top (and pop) stories in the world of cybersecurity. Not to confuse, but to amuse. Not really a rant about passwords (unless a little extra time on that soapbox would actually make a difference).
Also, a little bit about cyber threat prevention strategies: because when we learn from the mistakes of others we need not bother making them ourselves.
Until next week…as ever…enjoy the headlines (but stay out of them).