CyberSec Roundup
A synopsis of the Latest Cybersecurity News
Toyota Data Exposure
Toyota confirmed a potential data leak leaked which exposed information for 300,000 customers between December 2017 and September 2022. Customers who subscribed to the company’s T-Connect system during that time were the ones affected, due to access keys for the system being made available in its source code on GitHub by mistake. The exposed data didn’t contain any names or financial information for customers, only email addresses and customer control numbers.
Malicious Apps Target Facebook Users
Meta warned its users to be aware of dangerous apps on the Andriod and Apple stores. These apps seem innocent at first, posing as photo editors, games, VPNs and flashlight apps, but require the user’s Facebook credentials to use their features. The attackers use the stolen login information to access the victim’s account and send phishing messages to their contacts. Meta advised users to reset their passwords and use MFA if they believe they may have used these apps. They also need to remove the apps from their devices and check app reviews before installing them to ensure they are not malicious.
Porn Sites with Malware
Threat actors are using malicious adult sites to push poorly written malware onto the machines of unsuspecting users. Victims of these websites are prompted to download a file with “sexy photos”, which appears to behave like ransomware when executed. However, the goal of the malware is to delete all files from the victim’s computer, but fails to do so due to an error in the malware’s code. The public needs to exercise caution when visiting these types of websites.
By: David Pinder
IT & Cybersecurity Consultant
Certified Ethical Hacker (Master)