Reading Time: ~2 min.

Facebook API Bug Reveals Photos from 6.8 Million Users

Facebook announced this week that an API
had been found that allowed third-party apps to access all user
photos, rather than only those posted to their timeline. The vulnerability was
only available for 12 days in mid-September, but could still impact up to 6.8
million users who had granted apps access to their photos in that time.

Children’s Charity Falls Victim to Email Scam

Over $1 million was recently diverted from a children’s
charity organization
after hackers were able to gain access to an
internal email account and begin creating false documents and invoices. Due to
a lack of additional authentication measures, the funds were promptly
transferred to a Japanese bank account, though insurance was able to compensate
for most of the loss after the scam was finally discovered.

Email Extortion Scams Now Include Hitmen

The latest in a series of email
extortion campaigns
promises its victims will be executed by a
hitman if a Bitcoin ransom of $4,000 isn’t paid within 38 hours. Given such
poorly executed scare tactics, it comes as no surprise that the payment account
has still not received any funds after several days. Hopefully, as the threats
of violence leads to victims contacting law enforcement rather than paying the
scammers, these types of scams will become more rare.

Hackers Force Printers to Spam PewDiePie Message

Nearly 50,000 printers
around the world have been spamming out a message suggesting subscribing to
PewDiePie on YouTube and recommending the recipient improve their printer
security. The group behind the spam has stated they want to raise awareness of the
real threat of unsecured devices connected to the internet and how they can be
used maliciously. In addition to sending print-outs, attackers could also steal
data being printed or modify documents while they are being printed.

Cybersecurity Audit Shows Major Vulnerabilities in U.S. Missile Systems

A recent report showed that U.S. ballistic missile defense systems have consistently failed security audits for the past five years. Some of the major flaws included a lack of encryption for data stored on removable devices, patches reported in previous years that remained untouched, and the regular use of single-factor authentication for entire facilities. Physical security issues that could leave highly-sensitive data exposed to anyone willing to simply try to access it were also detailed in the report.

The post Cyber News Rundown: Facebook Bug Exposes User Photos appeared first on Webroot Blog.