15 April 19, 08:00
Quote:Continue Reading
Learn why TajMahal is the scariest malware yet, why net neutrality still has hope, why Yahoo is forking over $117M, and why a 24-year-old London student is going to jail.
TajMahal packs a palace of hurt
Cybersecurity experts are calling attention to what appears to be spyware on steroids. The TajMahal malware has been around since 2013 but was not discovered until late 2018. It is completely unique in that it has no known association with any advanced persistent threats (APTs) or malware. Its code is unlike others, and it uses an update mechanism to keeps its malware fresh so it avoids detection. Researchers are both impressed and unnerved by the level of sophistication in the malware, which includes malicious acts previously unseen such as stealing documents that had been sent to the printer queue, stealing files that had been accessed on removable drives, stealing data that had been burned on a CD, and taking screenshots as it records audio. The malware gives the attacker an all-access backdoor from which he or she can execute commands, use keylogging, exfiltrate files, steal cryptography keys, steal browser cookies, and more. All told, there are about 80 malicious acts that can be executed with TajMahal.
A move forward for net neutrality
The Save the Internet Act passed in the U.S. House of Representatives by a vote of 232-190. The bill heads next to the Senate where, if passed, it would reinstate the net neutrality rules that were set in 2015 only to be repealed two years later when the current administration took office. Though the bill inspired much discussion in the House and garnered many amendments insisted upon by the attending body, it did pass without losing any of its original intent. Yet despite having many supporters, the bill has an uphill battle in the Senate, where Majority Leader Mitch McConnell calls it “dead on arrival,” with the backup of the White House and FCC Chairman Ajit Pai. Though even if the bill doesn’t get past the Senate, it’s existence and support should generate much discussion in the public space on the advantages and disadvantages of net neutrality.
Yahoo pays up for data breach
Back in October, we reported on the $50M settlement Yahoo had reached with its users as compensation for a data breach that affected about one billion email accounts and almost 200 million consumers worldwide. That was put on hold in January, however, when a California judge ruled the amount was far too small. Yahoo more than doubled its proposed settlement then to $117M. The money will be used to cover victims’ out-of-pocket expenses, two years of credit monitoring, up to $30M for legal fees, and up to $8.5M for other expenses.