Canadian Gold Mining Company Hit With Cyber Attack

In the past week it was discovered that Goldcorp, a major gold-mining company in Canada, had been hacked and employee information had been taken. The leak contains W2’s, dozens of bank account documents, and other sensitive  employee information coming to a total of nearly 15GB of data and spanning the last 4 years. In addition to the leaked information, the company also received a demand for money in exchange for not releasing further data.

https://www.hackread.com/canadian-gold-mining-company-hacked/

Hackers Target Dridex Botnet

Ransomware has been a major player in the past couple years, with the Dridex botnet being used for a good portion of the distribution. Recently, researchers discovered a dummy file, containing only the words “STUPID LOCKY”, as the main payload of what appeared to be a malicious email attachment. While not every recipient is so fortunate, it does show that even the hackers aren’t completely hidden and susceptible to their own schemes.

https://www.helpnetsecurity.com/2016/05/05/dridex-botnet-hacked/

US Utility Companies Face Growing Ransomware Concern

Recently, a Michigan utility company was targeted with a ransomware attack that left many of their system utilities non-functioning. It appears no customer data was stolen as only their internal systems were compromised, however they’re still operating under limited functionality. This attack is just one in a long string of growing threats to infrastructure, be it in America or abroad.

http://www.theregister.co.uk/2016/05/03/michigan_electricity_utility_downed_by_ransomware_attack/

NSA Announces Increased Spying on Employees

In an effort to increase national security, the NSA has determined that their agents should have all internet access be monitored, both in the office and at home. To ensure NSA agents aren’t doing illegal activities on their own time, the agency does occasional network scans to monitor sites visited, online transactions, and use of social media. While under the claim of verifying whether the employees can handle highly sensitive information, it appears to be just another reason to invade the privacy of the people who are presumably highly trusted to ensure the security of the country.

http://www.presstv.ir/Detail/2016/05/03/463838/NSA-child-pornography-Kemp-Ensor-Defense-Security-Service-Daniel-Payne/

Wendy’s Credit Card Breach Leads them to Court

In the months following Wendy’s data breach, a credit union has filed a class action suit stating Wendy’s failed to update it’s card processing systems and left itself and it’s customers vulnerable to fraud for months. It is still unconfirmed how many of their nearly 6,000 stores were affected by the breach, but Wendy’s is still working with law enforcement and credit card companies to come to a good resolution.

http://www.lowcards.com/wendys-faces-class-action-lawsuit-over-data-breach-41821

The post Threat Recap: Week of May 6th appeared first on Webroot Threat Blog.

A lot happens in the security world and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

Microsoft and Adobe Vulnerabilities Revealed

In the past week, Microsoft announced a vulnerability in Windows, which would allow attackers to target users visiting a specific site and execute malicious code automatically. In the same statement, Adobe also issued a warning for Flash users, as an exploit was discovered that could allow remote access to unsuspecting computers. Patches for both issues are in the works, and users are strongly encouraged to run these updates promptly.

http://arstechnica.com/security/2016/05/beware-of-in-the-wild-0day-attacks-exploiting-windows-and-flash/

Google Breach Attributed to Third-Party Vendor

Recently, Google sent out an email to its employees, notifying them of a data breach that occurred with their benefits management partner. Fortunately for Google employees, the recipient of the unauthorized data contacted the company and deleted the information that was sent. As a result of the incident, Google is providing its employees with credit monitoring to safeguard against any fraud that may occur.

http://www.csoonline.com/article/3066841/internet/google-suffers-data-breach-via-benefits-provider.html

British Retailer Hacked for Customer Information

Kiddicare, a British children’s retailer, was recently targeted by attackers who gained access to the personal information of nearly 800,000 customers. The issue stems from a test website that Kiddicare created in late 2015, which contained a large quantity of real customer information, and was never secured or disposed of properly after testing was complete. It is still unclear why the test site was publicly accessible, but some customers have claimed to have received multiple phishing messages via text and email.

http://www.informationsecuritybuzz.com/hacker-news/experts-comments-data-breach-british-retailer-kiddicare/

School District Hit With Ransomware Attack

In the steadily-rising trend of infrastructure cyber attacks, a Texas school district is seeing the impacts firsthand. Multiple district websites were taken down when the Education Services Center’s servers were struck with ransomware. The district refused to pay the ransom and has been reasonably successful at restoring their systems from secure backups. Fortunately, no data was compromised and the sites have been mostly restored to their previous states.

http://www.timesrecordnews.com/news/education/insidious-malware-cripples-school-district-websites-in-region-11-cyber-attack-32953919-206c-55c1-e05-379065281.html

GPS Security Still Major Concern

GPS is used around the globe by nearly 4 billion individuals on a daily basis, and while it has become a necessity for many, it’s susceptible to be jammed, which makes it a potential security issue. GPS jamming can range from a localized area to a much larger region, with the user having no knowledge that the jam is occurring, and can cause a large disruption in functionality. Currently, the U.S. Air Force is working on a better version of GPS, which uses a stronger signal that has less chance of being broadcast over by a signal jammer.

http://www.csmonitor.com/World/Passcode/2016/0510/Why-GPS-is-more-vulnerable-than-ever

The post Threat Recap: Week of May 9th appeared first on Webroot Threat Blog.

A lot happens in the security world and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

Microsoft Addresses Macro Malware Issue

With macros being a major vulnerability point in Microsoft Office software, the 2016 version of the product line will now offer protection against these infections. By allowing network admins to block execution of any macro that attempts to download content from the Internet, this will greatly reduce the number of systems that are compromised.

http://news.softpedia.com/news/microsoft-adds-new-feature-in-office-2016-that-can-block-macro-malware-502058.shtml

Ransomware Takes Aim At Healthcare

In the past week, three U.S. hospitals were targeted by ransomware attacks that left them in varying levels of functionality. Fortunately for patients, all hospitals have returned to full capacity, with little to no patient information being leaked. It is still unclear if the hospitals paid the ransom, however the cases are under FBI investigation.

http://www.bbc.com/news/technology-35880610

NASA Email Servers Hit with DDoS Attack

Recently, a group of hackers linked to Anonymous has made claims that they used a DDoS attack to take down NASA’s email servers all around the world. However, that claim appears to be unsubstantiated, as NASA’s main website was still accessible during the apparent outage. The attack was perpetrated because the hacker group claims that NASA is keeping important information regarding ISIS withheld from the public.

https://www.hackread.com/hackers-ddos-shutdown-nasa-website-email-server/

Local Utilities Need to Increase their Security Measures

In a recent study done by the Verizon RISK lab, it was determined that while many local utility services believe they are quite secure against an information-stealing attack, they are actually a major offender of vulnerabilities. The study also revealed that one customer, Kemuri Water Company, had a decade-old system infrastructure while also using a SCADA platform with direct internet access and no two-factor authentication.

http://www.zdnet.com/article/the-future-of-our-city-services-cyberattackers-target-core-water-systems/

Majority of IT Pros Use Basic AV Security Solutions

It was revealed recently that the vast majority of IT professionals believe that using only a basic Antivirus software is enough to defend against the latest cyber attacks. The study also showed that only 15% applied additional defensive measures. Fortunately for consumers, the trend is moving towards ever-improving security protocols and finding better ways to catch the latest malware variants.

http://www.computing.co.uk/ctg/news/2452094/ninety-seven-per-cent-of-it-professionals-think-standard-antivirus-software-will-stop-zero-day-attacks

The post Threat Recap: Week of March 21st appeared first on Webroot Threat Blog.

If you’ve ever been infected with serious malware, you may have assumed the culprit is a person sitting in the basement of their mom’s house, or a small group of people huddled in a garage somewhere. It’s really not that simple.  There’s a whole global cyber underground network that’s working diligently to make all this happen for you. It’s the lucrative cyber black market. Mostly everyone has heard the term “black market” at least a few times. It’s referenced in many movies and is often heard on the news when speaking of criminal activity and the purchasing of illegal materials or services.

Malware-as-a-Service is a prosperous business run on the black market that offers an array of services and isn’t just limited to malware or bits of code. And you don’t have to be a computer expert either. Anyone can purchase code that will cause harm to a person’s computers or even hold it for ransom. But once purchased, what are you going to do with it? How will investing in this piece of malware return a profit? There’s still the challenge of getting it out there, getting your potential victims to run the payload for the newly purchased malware on their computer. And most importantly, cashing out on the investment. This is where the entire business model of Malware-as-a-Service comes into play.

It’s all offered in the cyber black market and functions no different than the global markets we hear of. Due to its low key nature, it’s difficult to say exactly how much money is generated from Malware-as-a-Service in this market. But it would be no surprise if it stretched up into the billions.  In this market it’s possible to purchase all the necessary pieces to make it as easy as possible for the investors to profit.

First level: The highly skilled elite programmers or engineers who write malware, develop exploits, and are general researchers. This can be an individual or individuals working together.

Second level: Here are the spammers, botnet owners, distributors, hosted system providers. These people are also skilled, but not always elite. This is where the distribution is handled

Third level: The money mules, treasurers, financial data providers.

These three levels fall under the umbrella of Malware-as-a-Service that can be sold and purchased as an entire package or individual services by a vendor.

The individuals involved aren’t always strictly black hat. There are also grey hat hackers, otherwise known as freelancers who are simply looking to make a profit. A programmer can sell a zero day exploit to the vendor of a software as a bounty. However that same exploit might be able to fetch a far greater profit if sold on the black market. A perfect example of this is Facebook, who offers a minimum of $500 for anyone who can hack their site. With over 700 million users, a Facebook exploit can sell for a pretty hefty price in the black market. As malware becomes more profitable this type of business model will continue to grow.

The post Malware as a Service: As Easy As It Gets appeared first on Webroot Threat Blog.

A lot happens in the security world and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

MedStar Health, Latest Medical Services Ransomware Target

Early this week, MedStar Health, one of the largest healthcare providers in Maryland, was the victim of a ransomware attack that lead to the complete shutdown of their computer systems. Fortunately, for patients, it appears no information was stolen and all of their facilities have remained open, though currently lacking access to digital patient records.

http://www.csoonline.com/article/3048825/security/ransomware-attack-hits-medstar-health-network-offline.html#tk.rss_news

College Board Reports Security Breaches Allow Leaked SAT Tests

Recently, it has been discovered that, due to many security vulnerabilities in the College Board, the most recent version of the SAT has been compromised in several Asian countries. The latest report confirms that many prep schools throughout China and South Korea are teaching past SAT questions that will likely be used again, allowing some students to attain perfect scores, by having studied the answers beforehand.

http://www.reuters.com/investigates/special-report/college-sat-one/

Phishing Attack Nearly Costs Mattel $3 Million

Last year, toy maker Mattel was the victim of a phishing attack that lead to $3 million USD being transferred to a bank in Wenzhou, China. In this case, the new CEO’s email was spoofed to a financial executive that requested a large transfer, that was luckily caught and the account frozen before it was withdrawn. With social engineering being a prevalent source of corporate information, authentication for highly sensitive transfers of information or funds should be mandatory.

http://www.csoonline.com/article/3049392/security/chinese-scammers-take-mattel-to-the-bank-phishing-them-for-3-million.html#tk.rss_news

Federal Court Phone Scams On the Rise

Many people have been the victims of a scam call asking for access to your computer, or scaring you into giving up credit card information, but lately a new call has people worried. It comes in the form of a demand to quickly pay a fine for missing a jury duty summons, or have a warrant issued for your arrest. This type of scare tactic has become more aggressive, but also more detailed with the information they seem to “know” about you.

https://nakedsecurity.sophos.com/2016/03/31/us-federal-court-you-didnt-show-up-for-jury-duty-scammers-slicker-than-ever/

Computer Science Student Finds Valve Vulnerability

This week, a 16-year old student from the University of Salford successfully exploited a vulnerability that allowed him to publish a game to Steam without being reviewed by a Valve employee. He also made a blog post explaining how he was able to go about exploiting the bug, which has since been fixed.

https://www.helpnetsecurity.com/2016/03/30/steam-review-bypass/

The post Threat Recap: Week of March 28 appeared first on Webroot Threat Blog.

A lot happens in the security world and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

Credit Card Breach at Trump Hotels

It has recently been reported that the Trump Hotel chains have been the target of yet another credit card breach, which is currently affecting several locations around the world. This comes less than a year after their last report of suspicious payment activity, in which they confirmed their systems had been hit with info-stealing malware.

http://krebsonsecurity.com/2016/04/sources-trump-hotels-breached-again/

Panama Papers Released

In what is currently considered to be the largest data leak in history (containing over 2.6 TB of information), a laundry list of celebrities and major political figures have been tied to offshore bank accounts. While having an offshore corporation is perfectly legal, many of those listed were using tax havens to hide their considerable wealth by using an offshore law firm, Mossack Fonseca, to manage their funds.

http://www.theguardian.com/news/2016/apr/03/what-you-need-to-know-about-the-panama-papers

Updating Passwords Occurs Less Among IT Admins

Most people understand the importance of changing passwords for sensitive accounts regularly, but those who often recommend these changes are at times ending up as the worst offenders. In a recent survey, IT Admins were shown to insist users change their credentials more often than they changed the credentials themselves. Furthermore, an astounding 10% of IT Admins admitted to having never changed the administrative credentials used in their organizations.

http://www.techweekeurope.co.uk/security/security-management/lieberman-software-it-admins-passwords-189155

Visa Database Potential Identity Risk

In the past week, an internal study conducted by the U.S. State Dept. revealed vulnerabilities in the visa application database, which contains hundreds of millions of confidential personal records. Currently, there has been no indication of a breach, but work is being done to seek out any vulnerabilities that haven’t already been resolved. Many of the issues they’re facing are related to aging technical systems and lack of upgrades.

http://www.fiercegovernmentit.com/story/vulnerabilities-visa-database-could-put-290m-personal-records-risk/2016-04-04?

LA Times Confirms their Site was Hacked

On Wednesday, it was reported that someone was able to access the LA Times website using a vulnerability in WordPress, and was offering this access for purchase. According to the LA Times, the security flaw has been resolved and they have added additional security precautions to prevent future breaches.

http://www.csoonline.com/article/3051598/security/la-times-said-to-be-compromised-shell-access-offered-up-for-sale.html?

The post Threat Recap: Week of April 4th appeared first on Webroot Threat Blog.

Previous posts in this series provided an overview of threat intelligence, its role within the IoT space, and how it can be used to prevent threats at the network perimeter in IoT Gateways. With the evolution of internet-connected devices and their growing resource capabilities, these “things” will increasingly become connected directly to the internet, forgoing connectivity through traditional perimeter appliances, and in essence becoming their own gateways or firewalls. This evolution will require a new approach to security in terms of moving protective mechanisms from robust perimeter equipment into the devices themselves. This post focuses on how the use of separation kernel technology can help in this move from security at the perimeter to enabling the use of threat intelligence on the device.

An effective way of bringing threat intelligence to devices is through the use of a separation kernel. Separation kernel technology provides a mechanism for controlling the flow of data and commands between an operating system and the hardware on which the operating system resides. In its simplest form, it is a tiny kernel that sits between all hardware functions on a device and the operating system. This separation provides a mechanism for identifying threats outside of a host operating system. Here are two very straightforward ideas on how to quickly implement threat intelligence at the device level through the use of separation kernels:

• Traffic Flow Monitoring: Most gateway or perimeter devices provide a mechanism for traffic flow analysis through the use of packet inspection and threat intelligence. This can be achieved on a device by building tiny monitoring applications that live in a secure memory space outside of a host operating system, but are accessible by the separation kernel. Traffic can be analyzed in this secure space for threats so action can be taken before it is allowed to pass into the operating system or out of the device. This essentially brings the ability to apply network security and policy management to the “thing”.

• Malicious File Identification: Using the same model described above, it would be possible to analyze files outside of a user’s operating system by identifying threats before they have access to user memory and application space. Files could be assembled in a secure memory space for hashing and looked up in a cloud-based ecosystem for threat determination. In the case of unknown files, additional analysis could be performed locally to identify any threats before they have access to the user memory or application space.

These are only two basic examples of what could be done through the use of cyber threat intelligence on a device. As the Internet of Things continues to expand, there will undoubtedly be more and more approaches that bring existing network and perimeter security to the device. The next and final installment of this series will explore some of these ideas.

The post Bringing Threat Intelligence to the Device appeared first on Webroot Threat Blog.

A lot happens in the security world and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

Quicktime for Windows No Longer Supported

This week, Microsoft announced they would no longer be supporting the Quicktime media player and strongly recommended to completely uninstall it in order to avoid any malicious attack through the software, which will no longer receive patches. Several flaws have been found that could leave users open for attackers to access and infect the system. At present, the Mac version of Quicktime is still being supported with security updates.

http://n4bb.com/uninstall-quicktime-windows-microsoft-stops-support/

Security Flaw Leaves Phone Users Vulnerable

Most telecom companies around the world use the same routing protocol, SS7, for allowing users to contact others around the globe. However, SS7 also allows access to an individual phone and can even be maliciously aimed at gaining call recordings, geographical locations, and other personal information. This flaw, while dangerous in the hands of cyber criminals, is also used by the NSA and other intelligence agencies for data gathering and monitoring for suspicious activities.

http://arstechnica.com/security/2016/04/how-hackers-eavesdropped-on-a-us-congressman-using-only-his-phone-number/

Cyber Security Lacking in Majority of Companies

In a recent threat intelligence report, it was discovered that over 75% of business organizations have no method of response for cyber attacks, and only obtain these critical services after they have been targeted. While individual sectors are seeing a steady rise in malware attacks on their systems, it’s difficult to believe that a large portion are still unprepared for the attacks being reported in the news on a daily basis. And yet, here we are.

http://www.channelpartnersonline.com/news/2016/04/most-businesses-have-no-cyberattack-response-capa.aspx

Latest Encrypting Ransomware Aims at Bitcoin

In the past week, a new ransomware variant known as CryptXXX has been spotted in the wild that will both encrypt your data and steal bitcoins and other sensitive information located on the system. It appears to be from the same creators as Reveton, an older variant of encrypting ransomware, but with several advances that help it access stored passwords and lock users out of the system.

http://bravenewcoin.com/news/cryptxxx-set-to-become-the-worst-bitcoin-stealing-ransomware-yet/

End-to-End Message Encryption On the Rise

With the recent news about the FBI breaking Apple’s encryption to access sensitive information, more and more companies are working towards enhancing their current encryption standards. Viber, which makes the popular messaging app, has just announced they will be providing full end-to-end encryption for any and all data sent in messages, though it will take some time for all of its 700 million users to update to the latest version. Moreover, with Viber being an Israel-based company, they will not be directly affected by any US Congress decisions regarding encryption and the governments ability to access encrypted information.

http://www.wired.com/2016/04/viber-encrytpion/

The post Threat Recap: Week of April 22nd appeared first on Webroot Threat Blog.

Bangladesh Bank Still Attempting to Recover

In the months following one of the largest cyber heists in history, the Bangladesh Central Bank is still in the process of retrieving the $81 Million that was stolen from it, and which remains unaccounted for. The latest update comes from SWIFT, the financial transaction co-op, that has publicly stated that the Bangladesh Central Bank incident was not singular, but rather part of a larger string of cyber attacks. With this declaration, SWIFT has also pushed out a security update that will hopefully make these types of attacks more difficult in the future.

http://www.reuters.com/article/us-cyber-banking-swift-exclusive-idUSKCN0XM2DI

Uber User’s Data Security is Not So Secure

With the rise in app-based ride services across the globe, Uber riders are seeing spikes in fraudulent charges from distant locations. In other words, users are getting charged for rides they couldn’t possibly have been on. While Uber is still confident they’ve had no security breach of user information, more and more accounts are popping up on the Dark Web, at surprisingly reasonable costs. The most likely explanation is that consumers are using the same usernames and passwords for multiple apps, an ill-advised practice that’s not secure by default, which could be causing the harvesting of these credentials.

http://www.csoonline.com/article/3059461/data-breach/uber-fraud-scammer-takes-the-ride-victim-gets-the-bill.html?

Qatar National Bank is the Latest Financial Target of Cyber Attacks

In the past week, Qatar National Bank has stated they were the victim of a cyber attack, which allowed 1.4GB-worth of sensitive customer information to be leaked onto the Dark Web. Among the data, researchers have found transactions and other financial records of many high profile clients, including the Qatar Royal Family, possible intelligence agents from around the world, and even data on Al Jazeera employees. Qatar National Bank has made no confirmation of a security breach, although the leaked information would appear to be legitimate.

http://abcnews.go.com/International/wireStory/large-qatari-bank-investigating-alleged-data-breach-38698362 

Lifeboat Breach Could Lead to More Vulnerabilites

Recently, it was reported that Lifeboat Network, a Minecraft server provider, was hacked, with usernames/passwords being compromised. While Lifeboat issued a password reset to all users, who aren’t required to enter any personal or financial information when creating a login, users should still be cautious if they have re-used their passwords for other sites and change their passwords if this is the case.

https://www.helpnetsecurity.com/2016/04/27/lifeboat-data-breach/

Dating Site Exposes User Data

This week, yet another online dating site has been hacked and this time, the personal information of over 1 million individuals has been leaked. The site in question, Beautifulpeople.com, has stated that the leaked data was from a test server containing no user data. The server, which had no admin password to access, has since been taken offline.

https://www.wired.com/2016/04/beautiful-people-hack/ 

Separate tags with commas

SWIFT, Uber, Bangladesh Central Bank Breach, Dating site breach, Uber data security, data security, Minecraft, Lifeboat breach, cyber attacks, financial breach

The post Threat Recap: Week of April 29th appeared first on Webroot Threat Blog.

Canadian Gold Mining Company Hit With Cyber Attack

In the past week it was discovered that Goldcorp, a major gold-mining company in Canada, had been hacked and employee information had been taken. The leak contains W2’s, dozens of bank account documents, and other sensitive  employee information coming to a total of nearly 15GB of data and spanning the last 4 years. In addition to the leaked information, the company also received a demand for money in exchange for not releasing further data.

https://www.hackread.com/canadian-gold-mining-company-hacked/

Hackers Target Dridex Botnet

Ransomware has been a major player in the past couple years, with the Dridex botnet being used for a good portion of the distribution. Recently, researchers discovered a dummy file, containing only the words “STUPID LOCKY”, as the main payload of what appeared to be a malicious email attachment. While not every recipient is so fortunate, it does show that even the hackers aren’t completely hidden and susceptible to their own schemes.

https://www.helpnetsecurity.com/2016/05/05/dridex-botnet-hacked/

US Utility Companies Face Growing Ransomware Concern

Recently, a Michigan utility company was targeted with a ransomware attack that left many of their system utilities non-functioning. It appears no customer data was stolen as only their internal systems were compromised, however they’re still operating under limited functionality. This attack is just one in a long string of growing threats to infrastructure, be it in America or abroad.

http://www.theregister.co.uk/2016/05/03/michigan_electricity_utility_downed_by_ransomware_attack/

NSA Announces Increased Spying on Employees

In an effort to increase national security, the NSA has determined that their agents should have all internet access be monitored, both in the office and at home. To ensure NSA agents aren’t doing illegal activities on their own time, the agency does occasional network scans to monitor sites visited, online transactions, and use of social media. While under the claim of verifying whether the employees can handle highly sensitive information, it appears to be just another reason to invade the privacy of the people who are presumably highly trusted to ensure the security of the country.

http://www.presstv.ir/Detail/2016/05/03/463838/NSA-child-pornography-Kemp-Ensor-Defense-Security-Service-Daniel-Payne/

Wendy’s Credit Card Breach Leads them to Court

In the months following Wendy’s data breach, a credit union has filed a class action suit stating Wendy’s failed to update it’s card processing systems and left itself and it’s customers vulnerable to fraud for months. It is still unconfirmed how many of their nearly 6,000 stores were affected by the breach, but Wendy’s is still working with law enforcement and credit card companies to come to a good resolution.

http://www.lowcards.com/wendys-faces-class-action-lawsuit-over-data-breach-41821

The post Threat Recap: Week of May 6th appeared first on Webroot Threat Blog.

A lot happens in the security world and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

Microsoft and Adobe Vulnerabilities Revealed

In the past week, Microsoft announced a vulnerability in Windows, which would allow attackers to target users visiting a specific site and execute malicious code automatically. In the same statement, Adobe also issued a warning for Flash users, as an exploit was discovered that could allow remote access to unsuspecting computers. Patches for both issues are in the works, and users are strongly encouraged to run these updates promptly.

http://arstechnica.com/security/2016/05/beware-of-in-the-wild-0day-attacks-exploiting-windows-and-flash/

Google Breach Attributed to Third-Party Vendor

Recently, Google sent out an email to its employees, notifying them of a data breach that occurred with their benefits management partner. Fortunately for Google employees, the recipient of the unauthorized data contacted the company and deleted the information that was sent. As a result of the incident, Google is providing its employees with credit monitoring to safeguard against any fraud that may occur.

http://www.csoonline.com/article/3066841/internet/google-suffers-data-breach-via-benefits-provider.html

British Retailer Hacked for Customer Information

Kiddicare, a British children’s retailer, was recently targeted by attackers who gained access to the personal information of nearly 800,000 customers. The issue stems from a test website that Kiddicare created in late 2015, which contained a large quantity of real customer information, and was never secured or disposed of properly after testing was complete. It is still unclear why the test site was publicly accessible, but some customers have claimed to have received multiple phishing messages via text and email.

http://www.informationsecuritybuzz.com/hacker-news/experts-comments-data-breach-british-retailer-kiddicare/

School District Hit With Ransomware Attack

In the steadily-rising trend of infrastructure cyber attacks, a Texas school district is seeing the impacts firsthand. Multiple district websites were taken down when the Education Services Center’s servers were struck with ransomware. The district refused to pay the ransom and has been reasonably successful at restoring their systems from secure backups. Fortunately, no data was compromised and the sites have been mostly restored to their previous states.

http://www.timesrecordnews.com/news/education/insidious-malware-cripples-school-district-websites-in-region-11-cyber-attack-32953919-206c-55c1-e05-379065281.html

GPS Security Still Major Concern

GPS is used around the globe by nearly 4 billion individuals on a daily basis, and while it has become a necessity for many, it’s susceptible to be jammed, which makes it a potential security issue. GPS jamming can range from a localized area to a much larger region, with the user having no knowledge that the jam is occurring, and can cause a large disruption in functionality. Currently, the U.S. Air Force is working on a better version of GPS, which uses a stronger signal that has less chance of being broadcast over by a signal jammer.

http://www.csmonitor.com/World/Passcode/2016/0510/Why-GPS-is-more-vulnerable-than-ever

The post Threat Recap: Week of May 9th appeared first on Webroot Threat Blog.

A lot happens in the security world and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

TeslaCrypt Closing It’s Doors

Here’s a bit of good ransomware news, for once. This week, it was brought to the attention of the security world that TeslaCrypt, one of the largest ransomware creators/distributors, was shutting down their operation for good. Researchers from ESET contacted TeslaCrypt via their support chat function and requested the master decryption key, which was provided freely, along with an instruction guide on how to use it.

https://www.helpnetsecurity.com/2016/05/19/end-of-teslacrypt/

New World Hackers Group Continues With University Hack

The New World Hackers (NWH), a hacktivist group participating in the OpAfrica Anonymous campaign, have targeted Limpopo University in South Africa in response to the ongoing human rights violations that are occurring in the country. Along with replacing the university’s main webpage, the group was able to gain access to both alumni and faculty personal information, which was then released publicly online.

http://news.softpedia.com/news/anonymous-leaks-data-from-south-african-university-504081.shtml

LinkedIn User Data On Sale

Recently, it was reported that the user account information of nearly 167 million LinkedIn users was available on the dark web 5 bitcoins, a small price. The leaked data likely comes from the 2012 hack of LinkedIn, in which over 6 million user accounts were made available, and resulting in hackers working to successfully crack a majority of the hashed passwords. While this breach doesn’t affect all of LinkedIn’s customers, it is advisable that all users change their passwords to avoid any potential future attacks on personal accounts.

http://www.computerworld.com/article/3071916/security/a-hacker-is-selling-167-million-linkedin-user-records.html?

Apple Pushes Out High Volume of Security Updates

This week, Apple started sending out security updates for all platform versions of its operating systems, with iOS alone receiving 39 different patches. These updates come just months after Apple participated in Pwn2Own, a hacking event focused on finding security vulnerabilities in the products of several industry leaders. Many of the patches are around the ways Apple product users view web content, with the goal being to keep them safe from any malicious attachments or redirects that may be lurking around.

http://www.eweek.com/security/apple-makes-security-improvements-to-ios-and-os-x.html

Germany Blames Russia for Cyber Attacks

German intelligence officials are pointing their fingers at Russia in regards to attacks dating back to  2015 on the German parliament, as well as the the more recent attacks on Chancellor Angela Merkel. In the past year, attacks originating in Russia have become increasingly common and have a wide spread of targets, including Ukraine’s power grid, TV stations in France, and computer system in the Netherlands. While it’s impossible to know for sure, many of the victims believe it to be the work of the Russian government rather than individual hackers.

http://www.securityweek.com/evidence-russia-behind-cyber-attacks-germany-secret-service?

Hacker Selling Pornhub Shell Access was a False Claim

In the past week, a hacker claimed to be selling shell access to Pornhub’s site, though this information later proved to be false. When contacted by Pornhub in regards to the vulnerability, the hacker was unable to provide any evidence of his capability to gain access or execute any injected code on the site. Pornhub has an ongoing bug bounty program, which will pay out up to $25,000 USD for the discovery of vulnerabilities on their sites.

http://www.csoonline.com/article/3070420/security/pornhub-said-to-be-compromised-shell-access-available-for-1-000.html

The post Threat Recap: Week of May 16th appeared first on Webroot Threat Blog.

Government IT Systems Long Outdated

In a recent study done by the Government Accountability Office, a large portion of the US government’s critical business systems have been found to be requiring an increasing amount for maintaining their basic operation, but also they are a major security risk. From defense systems to scientific research systems, these agencies are constantly working to maintain the aging infrastructure with little to no plans for replacement or any significant overhauls.

http://arstechnica.com/information-technology/2016/05/government-agencies-keep-sacrificing-cash-to-zombie-it-systems-gao-finds/

Microsoft Steps In To Increase Business Security

With the recent news of LinkedIn’s security breach, Microsoft has announced that users of Azure Active Directory will no longer be allowed to use passwords that were found in the LinkedIn breach to be the most common, and therefore vulnerable. By stopping these weak passwords from being used, Microsoft hopes to stop the bad habits that form around password creation, and keep more businesses secure.

http://www.theregister.co.uk/2016/05/25/microsoft_password_policy/

Kansas Hospital Pays Ransomware, Remains Encrypted

In the past week, another hospital was the focus of a ransomware attack that was fortunately mitigated enough to allow continuing operations and maintaining patient data. Although the hospital did pay the ransom initially, not all of their data was restored and a second demand for additional payment was issued. The hospital refused the demand and was able to resume operations quickly as they had a plan in place for a possible cyber attack.

http://www.techspot.com/news/64954-hackers-demand-ransom-payment-kansas-heart-hospital-files.html

Employees Still Number One Security Risk

It comes as no surprise that the majority of security breaches are caused by employee negligence and lack of knowledge on potential security hazards. A study released in the last week shows that half of the nearly 600 companies had experienced some for of security issue due to employee negligence, and of those companies, 60% felt it unnecessary to require additional security training. The study also revealed that most companies provide neither incentive for following correct security procedures nor consequences for the employee found to be at fault for the breach.

https://www.experianplc.com/media/news/2016/dbr-ponemon-institute-managing-insider-risk/

Hong Kong Bitcoin Exchange Hacked

Recently, the Hong Kong firm, Gatecoin was hacked and the attackers made off with nearly $2 million worth of cryptocurrencies. The company is still unsure of how the breach occurred, though Gatecoin has already begun work on improving it’s cyber security to prevent or deter these types of attacks in the future. In addition, the company has also offered a bounty for the return of any bitcoins that were taken.

http://www.forbes.com/sites/robertolsen/2016/05/24/hackers-steal-2-million-from-bitcoin-exchange-in-hong-kong-bounty-offered-to-recover-funds/#3af2641611c7

The post Threat Recap: Week of May 23rd appeared first on Webroot Threat Blog.

There’s a lot that happens in the security world, with many stories getting lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

MySpace Hack Could Be Largest in Recent History

Recently, LeakedSource announced that they had obtained the login credentials for over 300 million MySpace users. While the leaked database doesn’t show the full credentials for every user (as some usernames/passwords were missing), over 100 million of the passwords had a username attached. Along with posting the entire dataset, LeakedSource also posted the top 50 passwords being used and their frequency of use.

http://www.itnews.com.au/news/myspace-breach-potentially-the-largest-ever-420184#ixzz4A9aotQr4

Majority of Phishing Emails Contain Ransomware

This week, PhishMe published a report showing that a staggering 93% of all phishing emails contained a dropper for some version of ransomware. This number, which contributes to the overall steady increase in phishing attempts (which have risen nearly 800% since the end of 2015), is likely as high as it is thanks to ransomware becoming increasingly easy to deploy and having a high success rate for extortion. With these numbers always on the rise, it’s important to remain vigilant for any suspicious emails containing attachments, especially ones asking for sensitive information.

http://www.csoonline.com/article/3077434/security/93-of-phishing-emails-are-now-ransomware.html

TeamViewer Possibly Hacked, Main Site Goes Offline

In news that has spread quickly over the past week or so, many users have claimed to have been hacked via TeamViewer, which has led to thousands of dollars of fraudulent charges being attained in only a few hours. According to many of the victims, the attacks took place in the early morning hours, with PayPal transfers to offshore accounts ranging from several hundred to several thousands of dollars. TeamViewer’s response to these claims has been the denial of any security issue. Rather, they’re stating that a DNS issue was at fault for their site and services being offline.

http://www.csoonline.com/article/3078000/security/teamviewer-users-reporting-unauthorized-access-hack-suspected.html

New Ransomware Variant Acts Like Virus

In  the past week, a new form of ransomware, which behaves like a traditional computer virus by copying itself to new drive or network locations to continue propagating itself, was discovered. The variant, ZCrypt, comes through like typical ransomware via an email attachment from a seemingly harmless sender. It then requests downloading a zip file, which launches an executable of the same name (usually an Invoice or Order form), and displays the ransom splash screen.

https://nakedsecurity.sophos.com/2016/06/01/zcrypt-the-ransomware-thats-also-a-computer-virus/

Lenovo Warns of Security Flaw in Pre-Installed Software

This week, Lenovo has strongly recommended that all users should remove the pre-installed Accelerator Application from their computers, as the software makes no security checks when searching for and downloading updates. Amongst the flaws, the application doesn’t use encryption when making outside connections to download updates, nor does it check the validity of digital signatures for said updates, leaving users open for man-in-the-middle attacks during the time the system makes these update checks.

http://www.csoonline.com/article/3077935/security/lenovo-advises-users-to-remove-a-vulnerable-support-tool-preinstalled-on-their-systems.html

The post Threat Recap: Week of May 30th appeared first on Webroot Threat Blog.

There’s a lot that happens in the security world, with many stories getting lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

Human Error Remains Top Security Threat

In a study conducted over the course of 3 years by the Information Commissioner’s Office, it was found that security breaches due to human error were the number one issue, with the number of reported issues growing steadily year-over-year. While many companies have been increasing the amount of security precautions in regards to cyber attacks, most of them do not see human error as the real problem and thus provide no additional training for their employees.

http://www.charitydigitalnews.co.uk/2016/06/03/human-error-more-damagaing-than-cyber-attacks/

University of Calgary Pays High-Dollar Ransom

In the past week, the University of Calgary was hit with a ransomware attack that left them with few options. In the end, they ended up paying the nearly $20,000 ransom in hopes of regaining their important files and keeping their systems functional. Fortunately for students and faculty, the decryption keys have been successful, but there still remains much left to do to protect against future attacks.

https://www.helpnetsecurity.com/2016/06/08/university-pays-20000-ransomware/

Social Media Hacks On The Rise

Recently, many high-profile Twitter and other social media accounts have been hacked, including the official NFL Twitter account and Mark Zuckerberg’s seemingly unused account. The hacker behind the NFL breach claims to have had access to an NFL Social Media Staffer’s email that contained the login information for the @NFL  account, although it’s unclear exactly how that access was gained.

http://arstechnica.com/security/2016/06/nfls-breached-twitter-account-falsely-claims-commissioner-goodell-is-dead/

Game Torrents Redirecting to PUA Downloads

Many people who download pirated copies of games are aware of the risks involved, as some of these downloads have the possibility to contain malicious software. However, a current trend across torrent sites is instead to bundle potential unwanted applications (PUAs) with legitimate game titles and have the file launch an executable rather than the zipped game files. Once the user allows the download, some variants are capable of silently downloading additional PUAs onto the machine without further notifications to the user.

https://www.helpnetsecurity.com/2016/06/08/fake-gaming-torrents/

Microsoft’s Anti-Macro Efforts Missing Target

With macro-based infections continuously on the rise, Microsoft has made an attempt to secure its users through the use of more messaging, which warns of macros launching out of Word or Excel documents. Unfortunately, the wording of these warnings has changed for the worse since early iterations of the Office Suite. Where once the messages warned users of possible malicious content and aimed them away from enabling the macro, they now show an almost cheerful dialog box with options only to enable the macro or ignore the bright yellow bar atop the screen.

http://www.cso.com.au/article/601455/microsoft-office-macro-malware-warnings-failed-users/

The post Threat Recap: Week of June 6th appeared first on Webroot Threat Blog.

There’s a lot that happens in the security world, with many stories getting lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

Compromised RDP Servers Offer Cheap Attack Platform

Recently, researchers discovered an online marketplace that allowed for the purchase of hacked remote desktop servers for a minimal fee. The Russian-based site, known as the xDedic Marketplace, has listings for over 70,000 servers located in 173 different countries, which range from government institutions to universities.

http://www.theregister.co.uk/2016/06/15/hacked_server_market/

Chat Support: The Latest Ransomware Feature

Ransomware has become an all-too-common occurrence in the cyber world, and a new variant named ‘Jigsaw’ has a curious surprise for its victims: live phone support. An option on the lock screen offers the victim a chance to speak with someone about paying the ransom by using ‘onWebChat’, a free-to-use chat program. This feature is just another step towards professionalizing the ransomware industry and instilling trust in their worldwide “customer” base that they will decrypt the user’s files once a payment has been made.

http://www.darkreading.com/attacks-breaches/ransomware-now-comes-with-live-chat-support/d/d-id/1325879

Lone Hacker Claims Responsibility for DNC Breach

Earlier this week, it was reported that the DNC’s (Democratic National Committee’s) official servers had been compromised and sensitive information regarding opponent Donald Trump had been stolen by the Russian Government. Shortly after Kremlin officials stated their innocence in the matter, a hacker going by Guccifer 2.0 posted a blog on WordPress where he took full credit for the hack and included several (supposedly) related documents. Security officials are working to determine the authenticity of the documents, while further research has turned up additional information about other intrusions into the DNC network.

http://www.reuters.com/article/us-usa-election-hack-idUSKCN0Z209Q

Japanese Travel Agency Hacked

In the past week, the Japanese travel agency JTB announced a data breach encompassing nearly 8 million customers. The leak is said to contain not only the names and addresses of users, but passport information as well. It is believed that the attack stemmed from a phishing email attachment, which was downloaded by an unsuspecting employee. Fortunately, after further investigation, it seems only 4,300 of the passport numbers are actually valid.

http://www.zdnet.com/article/japans-largest-travel-agency-fears-data-leak-impacting-8-million-users/

Android TV Ransomware Spotted

A variant of ransomware that’s been around since 2015, known as ‘Frantic Locker’, has started to appear on Android Smart TVs with a demand for ransom in the form of iTunes gift cards. The infection initiates via a downloaded file from an infected site, then determines its geolocation and, based on its region, either launches a lock screen or shuts down. While users in Eastern Europe seem unaffected by the infection, victims in other regions are already discovering various methods to simply remove the infection, rather than paying the ransom.

http://www.theregister.co.uk/2016/06/13/android_ransomware_infects_tvs/

The post Threat Recap: Week of June 13th appeared first on Webroot Threat Blog.

There’s a lot that happens in the security world, with many stories getting lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

First ‘Hack the Pentagon’ Event a Major Success

Several months ago, the Department of Defense launched a program designed to bring in registered hackers and have them attempt to breach several public-facing websites, for cash prizes. With over 1,400 hackers participating, the DoD was able to confirm 138 discovered vulnerabilities and paid out amounts up to $15,000. Furthermore, in the 3-week period, not a single malicious attack was attempted on DoD sites.

http://www.darkreading.com/vulnerabilities—threats/hack-the-pentagon-paid-117-hackers-who-found-bugs-in-dod-websites/d/d-id/1325999?

Apple Customers Targeted With Phishing Campaign

In the last week, many Apple users had received an email warning them of a virus in the iTunes Database that required all users to re-validate all of their user information, and threatened to delete accounts if the user delayed inputting the information. However, with a redirected splash page riddled with misspelling, this phishing attempt was quickly thwarted and the associated pages were taken down, though Apple still warns users to be vigilant for similar emails in the future.

https://www.helpnetsecurity.com/2016/06/21/itunes-database-phish/

Ded Cryptor, Latest Bilingual Ransomware Variant

Researchers have uncovered another ransomware variant, this time with a less-than-jolly Santa figure appearing alongside the ransom instructions, written in both English and Russian. The so-called Ded Cryptor replaces the user’s wallpaper with the ransom note and gives an email address to contact for further steps towards payment and decryption of their files, which are appended with a .ded extension upon encryption.

http://www.bleepingcomputer.com/news/security/the-ded-cryptor-ransomware-thinks-you-have-been-naughty-this-year/

Court Rules FBI No Longer Needs Warrant to Hack Computers

In a recent court ruling surrounding a child pornography case, the FBI had granted a warrant to hack into certain computers and retrieve information that lead to multiple offenders being arrested. The presiding judge had determined that while the offenders had used Tor to anonymize their browsing, having a publicly accessible IP address removed the need for law enforcement to obtain a warrant when gaining unauthorized access to any computer, regardless of probable cause or any real suspicion.

http://www.csoonline.com/article/3088270/security/us-court-rules-that-fbi-can-hack-into-a-computer-without-a-warrant.html

Acer Security Breach

Recently, Acer has come forward and admitted to a breach in their systems that allowed hackers to access the sensitive information of over 34,000 customers, which ranges over a course of a year and contains a full year’s worth of transactions. This information includes names, addresses, and credit card information (that may or may not have been encrypted prior to the breach), and other private information that criminals could use to commit fraud.

http://www.csoonline.com/article/3085503/data-breach/massive-acer-security-breach-exposes-highly-sensitive-data-of-34500-online-shoppers.html

The post Threat Recap: Week of June 20th appeared first on Webroot Threat Blog.

It was only a matter of time before phone hacking rose to the top of the media-driven hysteria list

Thanks to the rapid growth of mobile device adoption and the subsequent rapid growth in mobile threats, phone hacking prevention is a hot topic. A headache reserved for celebrities in the past, smartphone-infiltration concerns have crossed the VIP vs. everyone else blood-brain barrier and now potentially impacts anyone who owns a smartphone.

But is this really a serious problem for us regular folks? Are our voicemail messages so interesting that someone would invade our privacy to listen in? Before we go barking up the narcissism tree, it’s best to examine what phone hacking is and whether you really need to worry about it.

With everything I’ve got going on, do I need to worry about my phone’s security?

This security threat can be broken down into two types: hacking into a live conversation or into someone’s voicemail, and hacking into data stored on one’s smartphone. Just as the majority of abductions are carried out by a member of the abductee’s family—unless you go by code name POTUS or are Hugh Grant—the person most likely to hack into your live conversation or voicemail will be someone that you know who has an ax to grind.

And in today’s mobile world, mobile security is a growing issue. As people increasingly store sensitive data on their mobile devices, the opportunity to exploit privacy weaknesses becomes more tempting to unscrupulous ‘frenemies’, exes or the occasional stranger.

It doesn’t help that there is a cottage industry of software ostensibly developed for legal uses but is easily abused (password crackers aptly named ‘John the Ripper’ and ‘Cain and Abel’ are two examples). Opportunistic hackers can wreak havoc with data deletion or install malicious software that gathers bank account logins and confidential business emails.

So what’s a smartphone owner to do?

If you want to be proactive, there are several measures you can take to protect yourself against this threat, most of which involve common sense. For example:

• Don’t leave your phone unattended in a public place.
• Be sure to change the default password that comes with a new phone to something more complex (resist the usual “1234,” “0000” and 2580)
• Avoid using unprotected Bluetooth networks and turn off your Bluetooth when you aren’t using it.
• Use a protected app to store pin numbers and credit cards, or better yet, don’t store them on the phone at all.

Throwing the baby out with the bathwater

If you’re still worried about your smartphone’s security, there are further steps you can take to protect yourself. However, taking things too far will defeat the purpose of having a smartphone at all.

• Avoid accessing important locations such as bank accounts via public Wi-Fi that may not be secure.
• Turn off your auto complete feature so critical personal data isn’t stored on the phone and must be re-entered every time you need it.
• Regularly delete your browsing history, cookies and cache so your virtual footprint is not available for prying eyes.
• If you have an iPhone, you can enable ‘Find My iPhone’ in your settings, and it will locate your phone if you misplace it before the hackers can lay their hands on it.
• Use a security app that increases protection. For Android owners, Webroot offers the all-in-one SecureAnywhere Mobile app that provides antivirus protection and allows you to remotely locate, lock and wipe your phone in the event you lose track of it.

Remember—if the thought of your smartphone getting breached has you tossing and turning at night, you can just turn the phone off, remove the battery and hide it under your pillow for some sweet lithium-ion induced dreams.

The post How to Prevent Phone Hacking and Sleep Like a Baby Again appeared first on Webroot Threat Blog.

With the sheer amount of available pornographic images of child abuse – often called child porn – available online, it may seem that there is little you can do to protect your children, or yourself, from this type of content. This isn’t true.

Here are eight key tools and tactics to eliminate – or significantly reduce – the risks of you or your child coming across pornographic material.

Eight tools to help block internet pornography

1. Set your search engine to “safe search” mode: Google users can visit the ‘Google Safety Center‘ to adjust the settings, while Bing users can change preferences in the Bing Account Settings. If you use another search engine, it’s usually straight-forward to access the equivalent settings for that specific search engine.  Also, if you child uses YouTube, be sure you have set the “safe” mode on that platform as well.
2. Use the family safety tools provided by your computer’s/other device’s operating system: Windows and Mac operating systems provide family safety settings. Many mobile device manufacturers also provide a wide variety of safety settings within their mobile devices.
3. Use family safety tool services: Sometimes called parental controls, these tools allow you to set specific filters to block types of content you find inappropriate. This isn’t just something to apply to youth; plenty of adults prefer to filter out pornographic and other types of content like ‘hate’ and ‘violence’.  The appropriateness of some types of content will change as children mature; other types of content may always be unacceptable. To find the tools that best fit your family’s needs, search for parental-control or family-safety-tool reviews. Keep in mind that these tools need to be installed on every device your child uses to go online: game consoles, smartphones, tablets, personal laptops and computers. Some services have coverage for all types of devices, others are limited to just computers or phones. You may find that using a single solution on all devices makes your monitoring much easier.
4. Periodically look at your children’s browser history. There are a number of phrases youth use to get around pornography filters – like “breast feeding” and “childbirth” – and some fast-changing slang terms that filters may not have caught up with like “walking the dog,” which is a slang term for sex. If you see odd search terms, give the sites a quick look.
5. Have your children restrict access to their social networking sites to only known friends, and keep their sites private. A great deal of pornography is shared among private albums on social networking sites.
6. Scan the photos on your child’s smartphone/mobile device time-to-time. While the youngest kids aren’t ‘sexting’, by the time they’ve hit their ‘tweens’, there’s a chance that they have begun participating in this type of behavior. Let your children know that you plan to sit down with them and go through the pictures they have stored on their phone.
7. Review the applications your child has downloaded to their phone or tablet. Mobile content filters may not catch all the potentially inappropriate apps.
8. You are your strongest tool. No technical blocking solution alone is enough to protect a determined child or teen from finding pornography online. Have the “talk” on an ongoing basis with your children about the content your family finds appropriate and inappropriate; this exchange should never be a one-time conversation.

Teens in particular may balk at the conversations, but they do listen far more than you might imagine. To learn more about your influence on your teens’ lives, see Psst! Parents! If you talk to your teen, they will listen to you, as well as this article about how to talk to teens.

The post How to Block Pornography on Internet-Connected Devices appeared first on Webroot Threat Blog.

There’s a lot that happens in the security world, with many stories getting lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

Hard Rock Las Vegas Confirms Credit Card Breach

Recently, the Hard Rock Cafe in Las Vegas issued a statement regarding the unauthorized access to its card processing systems, confirming that a breach had occurred and that affected customers from the last 9 months. The resort has since been in contact with customers that may have been affected by any fraudulent activity and are working to determine how the breach was carried out.

https://threatpost.com/hard-rock-las-vegas-noodle-and-co-confirm-hacks/118966/

Auto-rooting Malware? There’s An App For That!

In the past week, researchers have identified a new app on the Google Play marketplace that, once installed, will give itself root access to the device and begin installing new apps without any user interaction. The app, called ‘LevelDropper’, appears to be a simple horizontal leveling app, but once it’s active on the device with elevated permissions, it allows for attackers to install numerous other apps in order to increase ad revenue per installation.

https://threatpost.com/google-play-hit-with-rash-of-auto-rooting-malware/118938/

CCTV Botnet Used to DDoS Jewerly Shop

While stories of DDoS attacks targeting banks and other financial institutions are quite common these day, using a botnet comprised solely of hacked CCTV security cameras to attack a jewelry store website seems a bit out of place. The botnet in question is currently in control of over 25,000 cameras across at least 100 different countries. At this strength, it was capable of sending over 50,000 requests per second, rendering the jewelry site completely inaccessible.

http://arstechnica.com/security/2016/06/large-botnet-of-cctv-devices-knock-the-snot-out-of-jewelry-website/

Microsoft Loses Lawsuit Over Windows 10

With the deadline for the free Windows 10 upgrade only a few weeks away, some users who have been automatically updated to the latest Microsoft OS are less-than-pleased with it. One such case is a travel agent in California who went to court seeking restitution for her lost revenue and the cost of a new computer after the automatic Windows 10 upgrade failed and caused her computer to become unusable. Microsoft declined to appeal the case and the resulting judgement cost them $10,000.

http://www.seattletimes.com/business/microsoft/microsoft-draws-flak-for-pushing-windows-10-on-pc-users/?utm_source=twitter&utm_medium=social&utm_campaign=article_left_1.1

NASCAR Team Hit With Ransomware Prior to Race

In a time where ransomware is running rampant, it comes as no surprise that one of the highest grossing entertainment events in the world would enter the crosshairs of cybercriminals. Shortly before the race at Texas Motor Speedway in April, the Circle-Sport Leavine Family Racing team was hit with the TeslaCrypt ransomware variant that effectively shut down their 3-computer system, and almost cost them years of time and money spent on racing technology. The team paid the $500 ransom in bitcoins and was able to successfully decrypt their computers in time for race start.

https://www.helpnetsecurity.com/2016/06/27/nascar-team-victim-ransomware/

The post Threat Recap: Week of June 27th appeared first on Webroot Threat Blog.