Weekly Tech News Roundup 15/5/2017

The latest Malware will make you Wannacry, Keylogger discovered in laptops and if you hack your employer, you will have a bad time.

The last 72 hours have been one hell of a ride for many organisations as one of my predictions came true.

On the discovery of the NSA documents disclosed by Wikileaks known as Vault 7, I stated early in March that these tools and flaws will soon be used by the bad guys and last weekend that very thing happened. It was wcrypt or wannacry that surfaced Saturday morning Perth time using the usual email-bourne email attack but that was not where the real concern was. The magic happened when wannacry then started looking on the local networks to the infected machine for other computers with the unpatched flaw known as Eternal Blue still accessible.

With this flaw, wannacry was able to rapidly infect other computers on the network and continue to spread unchecked.

More on this here over at my own blog benaylett.com.

Some laptops are watching you as you type.

A security researcher has stumbled on a keylogger running as a part of the audio drivers for many laptops using the Conexant Systems audio hardware. The driver includes a keylogger that stored keystrokes in an unencrypted file on the hard drive in a pretty easy to find location.

It has been speculated that the driver included the keylogger for testing keyboard shortcuts used by the audio driver but was simply not removed prior to shipping as an official driver to manufacturers.

Again, you can check out the original story here on my blog.

Former employee to pay nearly US$319000 in damages to employer.

In a number of attacks the former employee accessed the payroll system to alter his hours worked, accessed the server to steal data to set up a rival business and defaced the company website.

Security Specialists successfully received over US$300,000 for the hacks carried out by Yovan Garcia who was initially dismissed for falsifying work records. From there with the assistance of an accomplice, Garcia accessed Security Specialists servers, emails and other confidential data to lure away Security Specialist clients to his new business and Garcia was also found guilty of defacing the Security Specialist website and deleting backups causing what was described as “debilitating” damage.

In addition to covering damages, Garcia will be expected to pay Security Services legal costs at a later date.

Full story covered by BBC.