April 26, Softpedia – (International) Facebook bug allowed attackers to take over accounts on other sites. Facebook patched a flaw in its account registration process after security researchers from Bitdefender discovered the flaw could allow attackers to take over users’ profiles on Web sites where the Facebook Social Login feature was available by adding an attacker’s email address as a secondary address, enabling the attacker to verify the profile and make modifications to the account information. Source
April 25, SecurityWeek – (International) Malicious insiders could tap ransomware-as-a-service for profit. Security researchers from Imperva revealed that the ransom-as-a-service (RaaS) model could be leveraged by malicious attackers to exploit the organization’s unstructured data, locate sensitive data, and encrypt the company’s most valuable information after discovering that authors and distributors of the malware use anonymous Bitcoin addresses and the Tor network to ensure they receive their ransom money and stay undetected from law enforcement agencies. Source
Reprinted from the USDHS Daily Open Source Infrastructure Report