Olympic Ceremony breached by hackers, Grammarly exposes users, and the German government has its computer systems hacked. It's all this and more in The Month in Hacks
Hackers interrupted the Olympic opening ceremonies this year. They did so by taking down internet access and opening ceremony telecasts. The hackers also took down broadcasters' drones.
Experts suspect that the hackers were attempting to send a political message. Researchers discovered that while the perpetrators clearly could have destroyed the targeted computers, they chose not to. The attack had been in the works since December, based on timestamps found by security experts.
Over 4000 government websites were affected by a wide-ranging malware attack. Government sites in the United States, United Kingdom, and Australia were among those compromised. The malware took control of site visitors' computers and used the victimized computers' processing power to mine cryptocurrency.
The issue can be traced back to a plugin called Browsealoud, which allows blind and partially sighted people to access the internet. The Information Commissioner's Office took down the hacked website and says government websites are now secure.
Reports came out this month that the Equifax breach in September may have exposed more personal customer information than previously realized. Information like tax IDs and driver's license details is now being listed as also accessed by the hackers that impacted 145.5 million customers.
In response to criticism from consumers and lawmakers, Equifax has responded that the original list of exposed information was never meant to be exhaustive.
Google's Project Zero Security Researcher, Travis Ormandy, reported the flaw, calling it a high severity bug due to how vulnerable it left users. Grammarly was able to resolve the bug within hours, and according to a Grammarly spokesperson, no users have been compromised.
An automatic WordPress update has broken the automatic update feature. WordPress 4.9.3 included a bug that causes a fatal PHP error when WordPress tries to update itself. This means users would be stuck on 4.9.3 forever. Without automatic updates, WordPress users are vulnerable to future security issues.
WordPress released 4.9.4 to patch the bug, but the update must be done manually. Administrators are urging all users to manually update to 4.9.4.
German news agency dpa broke the news on 2/28/18 that an attack on government computer systems in Germany may have caused “considerable damage.” The hack was reportedly first discovered in December.
According to dpa, investigators believe it was a Russian group that was responsible. Data from Germany's foreign and defense ministries was stolen in the attack – that may have been going on over the course of a year.