By Jacob Serpa, Product Marketing Manager, Bitglass
—Twitter exposes user credentials in plaintext
—PyRoMine mines Monero and disables security
—Stresspaint malware hunts Facebook credentials
—MassMiner malware mines cryptocurrency
—Access Group Education Lending breached
Twitter exposes user credentials in plaintext
Despite the fact that Twitter doesn’t store or display users’ credentials in plaintext, the social media company recently had a security mishap. Passwords were stored in internal logs before they were successfully obfuscated, exposing them to employees in plaintext. While the information wasn’t made viewable to outside parties, it’s still a cause for concern for Twitter’s users.
PyRoMine mines Monero and disables security
New malware, PyRoMine, leverages a host of previously disparate capabilities featured in other strains of malware. For example, it uses NSA exploits while mining Monero, a cryptocurrency. Malware is continuing to grow more sophisticated, compelling organizations to adopt advanced anti-malware solutions.
Stresspaint malware hunts Facebook credentials
Disguised as a stress-relieving paint program, Stresspaint is a piece of malware that is attacking users in an attempt to gather their Facebook credentials. In particular, the malware is targeting influential users – those who manage Facebook pages or have numerous friends and followers. It is primarily distributed through emails and messages on Facebook.
MassMiner malware mines cryptocurrency
MassMiner is the latest in a slew of malware strains that engage in malicious cryptomining. This threat seeks to take advantage of known vulnerabilities in order to commandeer web servers and mine Monero – which continues to be a common target in malicious cryptomining.
Access Group Education Lending breached
Unfortunately for those who have used the organization’s services for their student loans, Access Group Education Lending has been breached. Nearly 17,000 borrowers had their information exposed when a loan processing vendor working for the group shared their information with an unauthorized, unknown company.