Last Week In Blockchain and CyberSecurity News - July 16, 2019

FTC to Fine Facebook About $5 Billion for User-Privacy Violations, Report Says

The Federal Trade Commission (FTC) has voted to approve a record-setting fine of roughly $5 billion against Facebook for “user-privacy violations by the social media company that involved tens of millions of people.” The $5 billion fine will be the largest the FTC has imposed on a tech company.  

The FTC has been investigating Facebook after a wave of news reports stated that the company allowed Cambridge Analytica to collect data from millions of users without their knowledge or consent.  

The FTC report will be transferred to the Justice Department for review; however, it is unclear how long the process will take. In addition to the fine, Facebook agreed to provide more oversight into how it handles user data. Even for a large company like Facebook, a $5 billion fine is nothing to overlook.  

Read more here

Monroe College Hit with Ransomware, $2 Million Demanded

A ransomware attack has shut down the computer systems at the Monroe College campuses located in Manhattan, New Rochelle and St. Lucia. According to the Daily News, Monroe college was hacked “on Wednesday at 6:45 AM and ransomware was installed throughout the college's network.” The specific ransomware in question is not known; however, it is likely to be Ryuk, IEncrypt, or Sodinokibi.  

The attackers are reportedly asking for 170 bitcoins, roughly $2 million at the time of the ransom demand, to decrypt the entire college's network. 

Monroe College spokesperson Jackie Ruegger stated, “The good news is that the college was founded in 1933, so we know how to teach and educate without these tools,” and that the faculty are finding workarounds for their students who are taking online classes. This attack adds to the long list of organizations and cities who have been a victim of ransomware attacks.  

Read more here

Mac Zoom Web Server Allows for Remote Code Execution

A remote code execution vulnerability residing in the Zoom web server emerged last Thursday. The vulnerability allows attackers to access an unsuspecting user’s camera by merely tricking them into clicking on a link. Zoom offers enterprise video conferencing with real-time messaging and content sharing using end-to-end encryption.  

The security researcher who discovered the CVE, Jonathan Leitschuh, revealed that “upon installation, the Zoom Client sets up a web server onto the user’s machine, which is not removed when the application is uninstalled. The web server would allow an attacker to reinstall the Zoom application onto the user’s machine by simply sending them a link.” 

Zoom provided an update that removed the web server from its customer’s machines and now  allow users to remove the server at uninstall. Apple has also issued an update to remove the web server from Macs altogether.    

Get more information here

Bitpoint Exchange Hacked for $32 Million in Cryptocurrency

Remixpoint, Bitpoint’s parent company, discovered that about $32 million in various digital currencies has gone missing from its platform. The hack emerged “after an error appeared in the firm’s outgoing funds transfer system on Thursday night.” The cryptocurrency went missing from Bitpoint’s hot wallet, which is connected to the Internet.  

Bitpoint representatives stated that they are analyzing the breach but have not provided further details regarding the incident. Remixpoint has promised it would compensate customers for the losses.  

Read more here

Marriott Hit with $123M Fine for Massive 2018 Data Breach

The Information Commissioner’s Office (ICO) has imposed a $123 million penalty on Marriott International. The fine stems from the company’s 2018 data breach which impacted more than 383 million guest records. The ICO’s investigation found that “Marriott failed to undertake sufficient due diligence when it bought the Starwood properties, and should also have done more to secure its systems.”  

Hackers were able to gain unauthorized access to Starwood’s network back in 2014 and stay undetected until Marriott acquired Starwood in 2015. Information such as names, mailing addresses, phone numbers, passport numbers, and more were stolen as a result of the cyber-attack.  

Marriott announced it would appeal the proposed penalty given by the Information Commissioner's Office.  

Read more here