Today’s topics include a Netflix hack that led to the leak of 10 new “Orange Is the New Black” episodes, a flaw leaving hundreds of Android applications open to attack, Microsoft’s latest cloud updates for developers and the Hajime botnet’s infiltration of over 300,000 internet-of-things devices.
A hacker group called “The Dark Overlord” leaked 10 unreleased episodes of Netflix’s “Orange Is the New Black” it obtained after allegedly breaching a third-party partner.
The group claimed Netflix refused to pay a ransom before leaking the episodes on April 29, warning that other media outlets will be next. Netflix released a statement on the same day explaining it was aware of the situation.
Larson Studios, a full-service audio post-production company, is being reported as the third-party partner hacked by “The Dark Overlord.” The attack is a high profile example of the risk inherent in the distributed online development model.
Hackers will continue to look for weak links in supply chains, making security a shared responsibility among vendors, partners, end users and law enforcement, eWEEK claims.
Researchers at the University of Michigan, Ann Arbor found hundreds of applications on the Google Play store that have a security flaw. That flaw lets attackers take control of the devices the applications are installed on to steal data or introduce malware.
Some of the applications have been downloaded up to 50 million times, and at least one comes pre-installed on Android smartphones. The weakness comes via open ports.
These are communication interfaces that are typically used by server applications to receive requests from remote clients. Unsecured ports have long presented risks for IT organizations responsible for protecting networks and mobile devices because they offer attackers a path to devices and data.
One way Microsoft is growing its cloud business is by catering to the needs of enterprise developers. The company’s latest move, the release of new Azure management libraries for .NET and Java, will allow developers to integrate common cloud management functions into their applications.
Included in the new libraries are open-source components that cover a variety of compute, networking, storage and SQL database management functions. Other services on the way include support for Azure Container Registry, storage encryption and DocumentDB.
A botnet known as Hajime has successfully infected more than 300,000 internet of things devices in the last six months, according to Kaspersky Lab.
The security firm’s findings indicate manufacturers are still failing to secure their network-connected devices. Hajime’s two primary methods of attack are password guessing or exploiting the use of default passwords, Igor Soumenkov, principal security researcher at Kaspersky Lab, explained.
“What is surprising is that the simplest methods—such as brute forcing the password—still work and they are effective at infecting,” he said. “A lot of devices use preset passwords that no one changes, and a lot of times the user cannot even modify the password.”