In honor of International Women’s Day, we hosted our quarterly Women of Webroot meeting this afternoon at our World Headquarters in Broomfield. Women of Webroot brings together women from all parts of our business to celebrate wins and provide support for issues women in tech may face.

Although there are more women in technology-related positions now than in previous years, the tech industry is still largely male dominated. This divide underscores the importance of a sense of workplace community and support, as well as a place where your voice will always be heard.

Walk softly, even in heels

Attendees shared different stories of inappropriate or uncomfortable situations they’ve faced in the workplace, and their strategies for addressing them. The truth is that speaking up about inappropriate comments or behavior can be just as uncomfortable as experiencing them in the first place.

Here are some of the approaches we heard today.

• The straightforward approach: “It’s not okay for you to speak to me that way.”
• Taking a moment to step away from the situation before responding
• Scheduling time with someone individually to address the comment
• Giving someone perspective on what they’ve said by saying it back to them
• Focusing on the facts
• Encouraging and empowering others to speak up as well
• Asking direct questions to get to the heart of the matter, and give yourself time to collect your thoughts

Own your voice.

All in all, some great suggestions came out of our time together. Hearing how my teammates have been successful in addressing challenging situations was inspiring. The important thing is to find your voice and find the approach that is most comfortable for you. Although these can be awkward conversations to have, it is only by raising our voices, drawing attention, and being heard that we can build awareness within our teams, our networks, and ourselves. To achieve and maintain an open culture, we each have to take an active role. We are fortunate to have such a strong internal network that we can turn to for strength, and look forward to its continued growth.

The post A glimpse into Webroot’s International Women’s Day appeared first on Webroot Threat Blog.

The convenience of having some kind of internet connection on more and more of the devices we use each day is undeniable. However, without proper security vetting, this convenience may come at a hefty price. In the past year alone, we’ve seen millions of routers, DVRs, IP cameras, cars, and more get hacked and either ransomed or hijacked for illegal purposes. This is mostly because the vendors of these devices only focus on functionality and the “set it and forget it” mentality. The next big IoT device type on the high-risk radar might not be what you expect… It’s toys.

Just last month, almost a million CloudPets.com accounts were compromised which contained 2 million voice recordings of kids and their families. This data—which is currently being ransomed—was taken from an unsecured MongoDB installation. There was no password or authentication required to access the widely available MongoDB on port 2701 at 45.79.147.159. Anyone who tried to connect had access and could access as much data as they wanted. It was only a matter of time before threat actors decided to take the data and delete the original copies from the server. In fact, the MongoDB currently has over ten thousand unsecured servers from which data has been stolen and held for ransom.

The CloudPets breach is yet another in a long list of poorly secured connected devices. Germany has already banned My Friend Cayla dolls, having classified them as espionage devices. Anyone selling the toy may be subject to a fine of up to 25,000 € for anyone who sells the toy. Barbie dolls are also on radar, since the Hello Barbie doll made headlines a couple of years ago. The doll was easily hackable and would reveal users’ system information, Wi-Fi network names, internal MAC addresses, account IDs, and even MP3 files. Aside from the sheer creepiness of hacking a children’s toy, this type of sensitive information can be used by cybercriminals to gain entry into a user’s more high-value accounts. The ease with which an attacker can access users’ details, including passwords, can give them a starting point to infiltrate other accounts, and sensitive family information can be used to guess passwords and secret questions.

Are hackers toying with your data?

We continue to witness a growing number of attacks with extortion as their goal. They begin with a simple but effective brute force assault from RDP to MongoDB and are now on to MySQL, and it won’t stop there. As long as such protocols, tools, and software are installed without adequate security measures, new breach stories will continue to make the news. Vendors of all IoT devices must ensure that they properly secure their devices and the information they collect.

Beyond the vulnerabilities the backend databases that support these IoT devices comprise, we have also been seeing remote exploitation of the actual toy device via Bluetooth Web API. Any user with a computer or a phone can connect to the CloudPets plushie without any authentication, and can then control the toy. Using the built-in microphone, an attacker can send and receive recorded messages to and from the toy, and they don’t even have to be inside the house. Experts in the field are already issuing warnings as to the privacy risks associated with allowing websites to connect to devices via Bluetooth. The CloudPets situation is a prime example of connected device manufacturers being grossly negligent towards the security of their products, and only focused on functionality (and, therefore, saleability.)

There’s a smarter way to play

To mitigate these types of risks, vendors need to conduct regular risk assessments and security vetting. They need to understand what does and does not need to be internet-facing within the organization. The items that do need to connect to the internet should be protected accordingly, starting with checking and improving on default settings. Authentication levels for each product need to be investigated and possibly enhanced to require two-factor, given that default options aren’t always the most secure. Where possible, access should be restricted based on policy, and vendors must investigate whether VPN and tunneling protocols would work for a particular use case. It’s essential to keep installations up to date. Additionally, vendors need to regularly review the setup configurations, look for unexpected or undocumented changes, and review the listed administrator accounts as a standard routine. In addition, consumers must be educated on the potential for these devices to generate and store sensitive data, as well as how to use good security practices to ensure their information stays safe. Although we can never make ourselves 100% secure, we should give ourselves a fighting chance.

Once a vendor or organization has set up what it believes to be the best defense, it cannot simply forget about it. Plans need to be in place for when a breach does occur so data can be recovered as quickly and efficiently as possible. This means creating and executing a well-divided, regularly-tested, air-gapped backup strategy. It could mean the difference between a breach being little more than a learning experience, versus resulting in devastating losses from which the business may not recover. It’s also important to make sure all employees are aware of what to do when things go wrong, as time will be of the essence. Each employee must know who needs to do what, when, where and how, from the incident responders to PR. Because the modern threat landscape continually changes, the only way to achieve remotely effective protection is not to sit back and relax, but to continue examining, refining, and improving upon security practices.

The post The Internet of Toys appeared first on Webroot Threat Blog.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

Microsoft Services Go Offline

Was I the only one who wasn’t able to access my Xbox Live account earlier this week? Once again, Microsoft services were rendered inaccessible to users due to an issue with their authentication servers. The service interruption affected Outlook, Skype, and even Xbox Live not recognizing correct credentials, as we would attempt to log into the services. Fortunately for us, most services were promptly restored to working order and we were able to game-on.

Satan Ransomware Offers New Service

We all know that ransomware isn’t a new topic (nor one that is going by the wayside), but as new variants are created, the attacks are becoming more sophisticated. With the Satan variant, malicious actors are employing new tactics. I was surprised to learn that the latest evolution introduced a service signup sheet to begin running your own ransomware campaign. Scary, right? Now we have entrepreneur malware authors refining their skills and creating ransomware. The malware authors providing this service gain revenue by taking 30% of the earnings from everyone that uses the tool to distribute ransomware.

Anonymous Decreases Dark Web Activity by 20%

Did you think Anonymous was on vacation? Well, they’re rested and back to playing Robin Hood. Anonymous took down over 11,000 Dark Web sites and the majority of sites in question were distributors of child pornography or offered access to illicit drugs. Their targets were also responsible for the leak of over 380,000 user records.

Smart Utility Readers Failing to Read Anything

Our society is becoming more connected and ‘smart’ every day but sometimes things go wrong.  Over the last four months, EDF customers were paying next to nothing for their energy bills. As it turns out, the smart meters weren’t so smart and were failing to report energy usage data. Customers will receive updated bills as they’re charged for the energy usage that failed to send.

WikiLeaks Releases Immense CIA Data Vault

Don’t you love hearing about new ways our government is spying on us? If so, you’ll love what’s next. WikiLeaks has released an enormous trove of information regarding tools and methods used by the CIA to spy on us through our devices (again). By copying tactics used by large-scale malware samples, the CIA has created various tools to bypass secure messaging encryption or even turn IoT devices into spies! Creepy, right? And thanks to the selfie, we have two cameras that they can use.

The post Cyber News Rundown: Edition 3/10/17 appeared first on Webroot Threat Blog.

News of yet another breach at Target or Yahoo seems pretty commonplace these days. Sometimes, the frequency of big, newsworthy hacks can make us forget about more personal threats we face: the people close to us who have easy access to our financial info, social media accounts, online identity, and even our computer password.

Exponential growth

According to Pew Research Center, the use of social media has seen tenfold growth over the last decade, with nearly 68% of U.S. adults at the end of 2016 reporting they have a Facebook account (let alone any of the other social media outlets, such as Twitter, LinkedIn, Instagram, etc.) This growth represents a turning point in the way we consume news and share information with our friends and family members. But as the world becomes increasingly connected, it’s also becoming increasingly hackable.

In a survey conducted by the University of Phoenix, it was found that 70% of social media scams in 2016 were shared manually, meaning people voluntarily and unwittingly shared posts that linked to malicious or affiliate sites. Moreover, the study found that 9 out of 10 people limit their personal information shared on social media due to fear of being hacked.

9 out of 10 people limit their personal information shared on social media due to fear of being hacked.” – Survey results, University of Phoenix, 2016

Friends don’t let friends get hacked

To increase your personal security when browsing and sharing online, we recommend you take just a few simple steps.

Enable an automatic lock on your computer.
It sounds so simple, right? But seriously, adding a lock to your computer will keep friends and foes alike from accessing your everyday accounts that you may have forgotten to close or sign out of. We recommend rotating your Windows or Apple password and making it unique and very different from others that you may use on financial or data sensitive accounts.

Use a secure password manager.
They’re easy to find and easy to use. So what’s standing in your way? Using a password manager like Google Chrome’s built-in features or the Webroot SecureAnywhere password manager enables another layer of protection that you can sign out of when you’re done browsing or paying your bills. This will also help keep you from using the same password across all of your accounts for ease of access.

Don’t enter passwords on other people’s computers.
Be wary of logging into your social media accounts on your friends’ computers. You might forget to click “no” or “never” when prompted to save your login credentials, and you wouldn’t want an embarrassing Snap or Facebook post to haunt you.

If your password gets hacked

First, don’t panic, but don’t hesitate to take action either. Change all relevant passwords immediately, including any to other accounts where you may have reused the same credentials. Inform your friends and family members immediately of the situation, and to disregard messages or posts that were sent from your account during the period of exposure. Finally, don’t forget to notify the support team for the associated social network so that they can investigate and help prevent others from becoming victims of the same types of attack.

The post My friend stole my password! appeared first on Webroot Threat Blog.

The online threat landscape continues to evolve. Not only do we need to continue innovating and refining our protection techniques, but we also need to stay on top of our cybersecurity education in order to protect each other from these attacks. As it happens, a number of people still don’t use any cybersecurity on their personal devices. To better understand these patterns, and to help create a cybersmart community as more aspects of our daily lives become internet-connected, we took it upon ourselves to gather data from home users in the form of a survey.

First, how many people use cybersecurity?

We found that nearly 15% of users surveyed don’t use any cybersecurity protection whatsoever. Sure, we could tell you all you should be using our cloud-based SecureAnywhere® protection, but, in all honesty, it’s more important to us that people protect themselves in the first place, whether they’re our customers or not. You can help your friends become CyberSmart by sharing this blog or by sending a Tweet to your network. Foregoing an antivirus solution and neglecting to layer your cyber defenses exposes you to an ever-evolving barrage of malware and phishing, not to mention SQL injection, cross-site scripting, and man-in-the-middle attacks.

Are You CyberSmart?

Given how many free antivirus solutions are available, the number of survey participants who still don’t use any device protection was much higher than we expected. (Do keep in mind, however, that a large number of the free solutions come with potentially unwanted applications in tow. When it comes to cybersecurity, you tend to get what you pay for.)

No matter which protection you choose to use, we recommend taking a few simple steps to minimize your risk of being targeted by attackers. Enabling automatic updates for your operating system, apps, and programs, and layering your Wi-Fi security are easy but effective ways to close the gap. Also, be sure to use strong, unique passwords for your sensitive accounts. Although you’ve probably heard that one before, you’d be amazed at how many people still reuse passwords between various accounts, including their banking and other financial logins.

Nearly half of users in our survey admitted to reusing their passwords. If you’re one of them, and you find yourself thinking, “but I have so many logins and it’s too hard to remember all my different passwords,” we understand. We’ve all faced this question at one time or another during the internet age. But you can use a secure password manager to ease the burden of having to keep track of so many credentials.

My Webroot, Anywhere

Whether you’re already part of the family, want to take Webroot SecureAnywhere® for a free test drive, or purchase for 25% off,  we provide an online management account where you can centrally control your various connected home and mobile devices (and also manage your passwords.) If you haven’t already, take advantage of our advanced protection features today by setting up your My Webroot Anywhere account.

The post Simple steps to help make you CyberSmart appeared first on Webroot Threat Blog.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

USAF Leaks Highly Sensitive Data

Our government is back at it again. Researchers discovered the exposure of an unsecured backup drive containing names, addresses, ranks, and Social Security numbers of over 4,000 United States Air Force officers and top security clearance information of other high-ranking officials. Personal records for several celebrities who had undergone security clearance checks prior to visiting foreign military bases were also exposed. It sounds like this breach could prove to be disastrous if the information gets into the hands of enemies to the United States.

Ohio County Facing Massive Ransom

In recent weeks, Ohio County officials have been recovering from a cyber-attack that forced the county to shut down over 1,000 computers to prevent the infection from spreading. The ransom for the return of their files was 28 bitcoins, roughly $35,000 at the time of writing, which the county correctly chose to ignore and instead restored their systems from backups. While the whole process cost the county nearly $50,000, the situation could have been worse if they paid and received nothing in return for paying the ransom.

Instagram Credentials at Risk

Researchers discovered 13 seemingly harmless apps on the Google Play Store that function as data collectors for your personal information. The apps themselves claim to increase your Instagram follower numbers by simply having users log into their accounts, only to be greeted with an error message. Fortunately, Google has already been made aware of the Turkish-based apps and has removed them.

PetrWrap Circumvents Ransomware Authors’ Cut of Ransom

As ransomware continues to evolve, some malware authors have begun acting against their peers, who wish to piggyback off the creations. By exploiting a bug found in the Petya ransomware variant, a new collection of cybercriminals have created a workaround to insert their own encryption keys over the Petya authors’ and collect the ransom themselves. This workaround comes months after Petya creators implemented methods to stop this very exploitation of their software.

New Updates on Phishing Tactics

People have been on the watch for tax-related phishing scams, as they appear around this time every year. The latest trend, however, appears to be PDF files that do not contain malicious code and use social engineering to direct victims towards compromised websites to input sensitive information. Additionally, there has been a recent influx of phishing attacks due to fake friend requests through email, as users are exceedingly likely to click on these types of links and attempt to “log in” to view the request.

The post Cyber News Rundown: Edition 3/17/17 appeared first on Webroot Threat Blog.

Sometimes it takes a close call or bad experience to really hammer it home. The concept of identity theft is nothing new. To put it in perspective, my step-dad had his identity stolen, and didn’t even know it. He was targeted by a social engineering attack and forked over several hundred dollars during the scam and didn’t realize he was a victim until I sat down with him to help speed up his aging computer.

What is social engineering?

Social engineering attacks, like any con, are based on psychological manipulation to incite victims to give up money and sensitive, confidential information. An example given by Wikipedia (yes, we use Wiki too), might be someone who walks into a building and posts an official-looking flyer on the company bulletin that announces a new phone number for the help desk. When employees call for help, the criminal might ask for passwords and other corporate login credentials. This opens access to the company’s private information. Another example of social engineering might involve a hacker contacting their target on a social network, such as Facebook. They start a conversation and gradually gain their target’s trust, then use that trust to get access to sensitive information.

Why? Because $$$.

Motives typically involve some kind of financial gain, though some attackers choose victims for personal reasons, such as revenge. In my step-dad’s case, it all started with that slow computer. He signed up for a sketchy PC cleaner tool to get rid of viruses and speed things up, after which he was targeted through a phishing scam. This attack resulted in him paying the attacker sums of $150 to $300 on various separate occasions.

What are the most common types of social engineering attacks?

Phishing: These attacks can include scenarios like the aforementioned, but may also be more targeted. Spear phishing attacks are more sophisticated and can include customized email sends or targeted ads that require a bit more research on the attacker’s part.

Watering hole: The attacker takes advantage of users’ trust in the websites they visit most commonly. Malicious actors gather information and test trusted, high-traffic websites and search for vulnerabilities to inject website code that will infect visitors with malware.

Baiting: Just like the term suggests, baiting attacks involve offering victims something they want. Most often, these appear on peer-to-peer sharing sites where you can download or stream those hot new movies or Beyonce tracks you’ve been hearing about. The risk is that you may be downloading malware instead of, or in addition to, the files you actually want. Baiting can also include too-good-to-be-true online deals or fake emails with answers to questions you never asked on any forums.

Who and what to trust

Social engineering attacks are limited only by the attacker’s imagination. But, that means knowledge is your greatest tool against evolving cyber threats. I’m not suggesting you turn paranoid, but if something online strikes you as a little off or too good to be true, question it. Don’t remember sending a package or signing up for a contest? Then don’t click the “track my package” or the “Congrats, you’re a winner!” links.

Phishing and baiting tactics have been used in recent employment scams targeting recent college graduates. Whether you’re on social media, applying for jobs, or simply surfing the web, always think before you click, do your research, and visit HTTPS sites through a secure search engine, not via email or social media links.

The post Keep social engineering attacks from destroying your identity appeared first on Webroot Threat Blog.

Aren’t you tired of annoying pop-ups that slow your computer way down, or give you viruses that cripple your PC faster than De’Aaron Fox on a fast break? What if we said you could make minor changes to your lineup to drastically speed up browsing sessions, improve browser security, and reduce your risk of downloading malware or potentially unwanted applications (PUAs)?

Well, hold onto your hats, folks. That’s exactly what I’m going to do. (Just think of all the time and hassle you’ll save when you no longer have to remove junk programs from your parents’ computers due to accidental pop-up clicks!)

Which browsers do you recommend?

Personally, I’m a fan of Google Chrome and Opera, but I also use the most up-to-date versions of Waterfox and Internet Explorer for testing purposes or when accessing certain content management systems. Each of the above has quality security features, including pop-up blockers, antispyware, antivirus, anti-phishing, and private modes. Here’s a breakdown.

Google Chrome: I’m biased here, but Chrome is extremely stable, has cross-platform functionality, and it’s pretty darn fast if you have enough RAM or a gaming PC like myself. Most importantly, however, it offers a wide range of extensions for improved user experience and navigation, handling pop-ups and ads, etc. If you’re a fellow Chrome user, I can’t recommend Adblock Plus enough. It’s amazing how quickly pages load when they’re not cluttered up with ads you’d never intentionally click on anyway.

Waterfox: Firefox was a longtime favorite of mine for a variety of reasons, but we’ve grown apart in recent years. Let’s face it: back when we first met, Firefox looked good, moved fast, and had better functionality than anything else available. These days, Firefox has gotten sluggish and imposes too many restrictions for my liking. (And let’s not forget the incessant update phase from a few years back.) My new side-browser is Waterfox. If privacy is a concern, you’ll be happy to hear that absolutely no data is sent back to Firefox or Waterfox. You can also sleep better at night knowing that Waterfox is partners with Ecosia, a search engine provider that plants trees with earned revenue. Built on the same Firefox code but without the painful restrictions, it reminds me why I ever fell in love with Firefox in the first place.

Opera: Maybe it sounds crazy, but Opera is my favorite mobile browser. I get impatient about slow network speeds and Wi-Fi connections, especially when my ISP throttles my bandwidth. Opera is super-fast and has plenty of features, but what really makes it stand out for mobile is its Turbo Mode. Turbo Mode compresses web traffic through Opera’s servers, reduces the amount of data transferred, AND it dodges annoying ISP restrictions. Opera has built-in fraud and malware protection that’s enabled by default. It uses several databases and blacklists for known phishing and malware websites to help with browser security.

Internet Explorer: If I’m being honest, I wouldn’t say I like IE. But the reason it’s on this list is that it’s still a shockingly popular browser, and a lot of content management systems and other programs I’m required to use professionally run more smoothly with IE. You can adjust security levels, enable the SmartScreen Filter, and enable ActiveX filtering for enhanced browser secuirty on Internet Explorer.

Turn your Browser Security into a Slam Dunk

Having layers of protection is never a bad idea, especially with the evolving threats we’re faced with today. Preventing pop-ups is a quick and easy step to protect yourself and any family members you may have who aren’t as up-to-date on mitigation techniques. Built-in antispyware and anti-phishing components of these browsers typically notify users when they click malicious or risky URLs, thereby stopping attacks before the actual malware or spyware is downloaded onto your machine.

By using secure browsers on all your devices, in addition to cloud-based cybersecurity, you can avoid many of the threats on the web, and seriously up your security game.

The post Take your browser security to the next level appeared first on Webroot Threat Blog.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

Hackers Threaten to Lock 200M+ iCloud Accounts

Hackers are threatening to remotely lock down over 200 million iCloud accounts. Webroot Senior Threat Research Analyst, Tyler Moffitt told SC Media that this may be a bluff. We’ll wait and see on this one since all we have to go off of is the hackers’ word and a few screenshots. We’ll know more as the ransom deadline of April 7th approaches.

American Farmers are Hacking Their Tractors

This isn’t our usual data leak or ransomware attack, it’s black market tractor hacking. Farmers are taking things into their own hands in an effort to thwart manufacturer blocks on their farming equipment.  These blocks are an attempt to prevent farmers from going to cheaper, “unauthorized” repair shops to maintain their vehicles. Farmers are starting to hack their equipment with Ukrainian Firmware so they can fix their tractors when they need to and at an affordable price.

ISPs Now Allowed to Sell User Browsing History to Advertisers

It just wouldn’t be the Cyber News Rundown without a new government data leak or citizen privacy battle. The US Senate has voted to eliminate broadband privacy rules that require ISPs to obtain customer consent before selling any sensitive information with advertisers. The vote was split equally down the party lines, and now only a House vote or Presidential veto could stop the roll-back of the privacy rules. The data in question is extremely valuable as major corporations could use it to pattern out an individual’s entire day, based on their Internet usage, purchases made, and places visited.

UK Mobile Data Breach Leaves Customers Stunned

Customers at Three UK found a surprise when signing into their accounts, a breach of privacy where they’d see a stranger’s personal information and call history. The cause of the breach hasn’t been announced but this is their second data exposure within a few months. Although the Three UK breach only affected a small percentage of their 9 million customers, I’m guessing back-to-back data leaks are not helping their retention rates.

McDonald’s Delivery App Vulnerabilities

The McDonald’s India-exclusive app service, McDelivery, is currently under fire for an API leak that has exposed millions of users. The vulnerability was originally reported to McDonald’s in early February and is still unpatched. While reporting these types of breaches isn’t mandatory in India, you’d think the sheer number of users who could be negatively impacted would motivate McDonald’s to release an update. I guess I wouldn’t mind people knowing how often I order off the dollar menu either — but having access to my phone number and address is another story.

The post Cyber News Rundown: Edition 3/24/17 appeared first on Webroot Threat Blog.

Ransomware authors are pivoting their attacks from individuals to government entities and health care institutions, causing a threat to public safety. Traditionally, crypto ransomware targeted individuals and encrypted their personal data and files as a form of extortion for hundreds of dollars. Ransomware has evolved to target businesses and government agencies for much larger financial gains.

The cost of ransomware

There are countless news stories of hospitals and other institutions being shut down by ransomware. We have been seeing an increase in attacks on government entities, including counties and police departments.

A small Ohio town experienced a ransomware attack earlier this year that shut down county government offices and 911 dispatch. This slowed their emergency response but luckily they were still able to respond to emergency 911 calls.

The financial costs to these organizations are also a concern and they’ve been steadily increasing as crypto ransomware continues to evolve.

The FBI estimated that cybercriminals would collect over $1 billion in ransoms during 2016.

In reality, the actual losses suffered by organizations are much higher due to the disruption of productivity and when government entities and police departments are increasingly being targeted, public safety becomes an issue.

An issue of public safety

Ransomware attacks targeting hospitals are increasing, crippling critical infrastructure and exposing or hindering Electronic Health Records (EHR). When these records are impacted, it causes patient care to be hindered or halted. As more organizations implement connected medical devices and allow employees to bring their own devices to work, access points for unauthorized users are left open.

A 2016 study by Peak 10 found that only 47% of current healthcare organizations have implemented advanced malware protection and only 57% have implemented an encrypted network.

Earlier this year, an attack on police CCTV cameras in Washington D.C. crippled the city’s surveillance system and forced major citywide reinstallation. Although this attack was an extortion effort, it makes you wonder how similar attacks will be used to cripple government emergency response and how cyberattack methods are evolving.

Once ransomware hits a police department’s system, the damage can be catastrophic if mitigation methods aren’t in place. Attacks cripple dispatch systems and patrol car computers, slow police response time, expose records, and create an unsafe environment for officers in inmate holding areas.

What the government is doing about it

Ransomware and other cyberattacks on government operations are a real issue of public safety and steps need to be taken to improve response time to such attacks. The FBI recommends taking prevention and continuity measures to lessen the risk from ransomware attacks.

• Back up your data locally or in the cloud
• Secure backups and keep them on scheduled updates
• Do not open attachments in unsolicited emails
• Keep your operating system, software, and firmware up-to-date
• Ensure antivirus and antimalware solutions are set to automatically scan and update
• Report internet crimes to the Internet Crime Complaint Center (IC3)

Ransomware presents a real, imminent threat to the public and to our government. Share this article to help spread ransomware awareness in your community.

The post Ransomware: a Modern Threat to Public Safety appeared first on Webroot Threat Blog.

Don’t wait for a system failure, ransomware attack, or for your laptop to be stolen before you start thinking about backing up your data.

Why back up?

According to a 2016 study by Acronis, 1 in 3 people have suffered data loss and are willing to pay up to $500 or more to recover lost files. Your data and important files are undoubtedly worth a lot to you, but—realistically speaking—just how much are you willing (or even able) to shell out?

With the increase in ransomware and sophisticated attacks, you can’t afford NOT to back up your files and sensitive data. Being proactive with your backup can help save your favorite vacation photos, videos of your kid’s first piano recital, not to mention sensitive information that could cost you thousands by itself.

In an effort to help the community be more cyber aware, WorldBackupDay.com celebrates on March 31st not only as a day for backing up your personal data, but a day for preserving our increasingly digital heritage for future generations.

How to effectively back files up to prevent data loss:

• Choose a secure backup solution. Whether it’s a cloud-based service or an external hard drive, do your research and choose what’s right for you.
• Implement a backup schedule that covers your preferred data through your cloud solution or external drive.
• Set reminders to ensure that your backups are running regularly and that they haven’t encountered any errors.

I’ve backed up my data. Now what? How do I avoid a ransomware attack?

“Throughout 2016 and likely into 2017, the Office document macro infection into encrypting ransomware was quite common. By disabling macros completely in the trust center (free and easy to do) you will completely remove this attack vector from posing a threat to you or your organization.” –Tyler Moffitt, Senior Threat Research Analyst

• Disable macros
• Keep your device and all programs, plugins, add-ons, and patches up to date
• Use a secure browser with an ad blocking plugin
• Disable autorun in Windows

Take the Pledge

Hop on the World Backup Day bandwagon. Share a Tweet to help keep yourself, your friends, and your family protected from ransomware attacks, stolen devices, and system failure.

It’s easy. Repeat after me.

“I solemnly swear to backup my important documents and precious memories on March 31^st.”

The post Celebrate World Backup Day the Smarter Way appeared first on Webroot Threat Blog.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

Ransomware Exploits Safari Bug

Apple fixed a flaw earlier this week that allowed scammers to exploit a pop-up redirecting porn viewers to a fake law enforcement page. Once there, further access was blocked, and a demand for an iTunes gift card as ransom was made. While many unsuspecting users fell victim to the scam, Apple was able to promptly issue a patch that resolved the vulnerability. Apple has also recommended that anyone affected by the scam should clear their browser cache, to remove any possibility of relaunching the malicious sites.

Microsoft’s Docs.com Sharing Documents Publicly

Researchers have discovered that a vast majority of the documents posted to Docs.com are fully searchable and indexed into several search engines. This wouldn’t be such an issue if the many users posting content to the site were aware of the public availability of the possibly-sensitive documents they had unwittingly sent through their organizations and out into the public domain. While Microsoft has since removed the search bar from the main site page, anything uploaded prior is still available through multiple search engines.

Hong Kong Voter Records Leaked

As the Hong Kong elections took place over the weekend, two laptops containing sensitive information for Hong Kong’s nearly 3.7 million voters were stolen from a backup location for the elections. While the data on the laptops was encrypted, it could only be a matter of time until it is broken and that data is exposed. If released, it would be the largest data breach to ever come out of Hong Kong.

Crusader Adware Replaces Tech Support Search Results

A new browser extension has been discovered that can modify a user’s search results, launch additional ads, and even display pop-ups for other scams. Usually installed with a bundle of other software, the extension known as Crusader is able to monitor all Internet traffic and rewrite tech support numbers to continue the cycle by having the victim contact yet another tech support scammer for “assistance.”

WoW Users Targeted with Phishing Attack

Many avid World of Warcraft players have received emails offering an in-game pet that was “gifted” to them by a fellow gamer. Unfortunately for the recipients, the link directing them towards the Battle.net site to claim their gift actually sent them to a phishing site set up to capture all of their login information. While the scam site is already blocked by Google’s Safe Browsing, users are still urged to proceed with caution, should they receive any suspicious emails.

The post Cyber News Rundown: Edition 3/31/17 appeared first on Webroot Threat Blog.

Raise your hand if you’ve ever received a call from a company, unsolicited, that got aggressive? Maybe the caller wouldn’t hang up or kept calling back. Maybe the caller asked for money or made a threat. Regardless, you were upset. But when you alerted the company of the bad deed, they gave you some line about phone “spoofing.” Your gut reaction might have been to call BS. But it’s not. Phone spoofing remains a thorn in the side of many consumers across America. According to an online survey conducted by Harris Poll for Truecaller, roughly 27 million Americans reported losing money to phone scams over the last 12 months, a 53 percent increase from 2014.

At Webroot, we’ve heard from our customers they’ve been targets of phone scammers and we want to help educate our community.

We encourage our customers to steer clear from doing business with any callers claiming to be

• tech support and requesting access to your computer to “fix a problem” and charge you;
• Webroot and trying to sell you a lifetime SecureAnywhere subscription

Webroot teammates DO NOT make unsolicited outbound calls to customers. If you have been a victim of such callers purporting to be Webroot, file a complaint with the FCC. The FCC collects data to track down and prosecute scammers. (Anyone who is illegally spoofing can face penalties of up to $10,000 for each violation.)

What is Phone Spoofing?

Phone spoofing is when a scammer makes another person’s or company’s phone number appear on the receiver’s caller ID in an attempt to impersonate that individual or organization. The end goal is to gain access to your personal information and/or get you to pay for a fake service.

How can I protect myself?

As a consumer, you have rights and options.

• If a number repeatedly calls and doesn’t leave a message, block it.
• If you do pick up and it seems like a bogus call, hang up immediately. However, you may find yourself on the other end of a questionable conversation. In this case, place the caller on hold and call their incoming number. If someone picks up on the other end from the company, ask whether or not the person on hold is calling on their behalf. The key is not to share any personal information.
• Finally, educate your community. Help others in your life understand what phone spoofing is and how to protect themselves. You wouldn’t use a third party to call if you were stuck in Nigeria and needed a loan! Discuss scams you’ve received and how you handled with friends, so they are aware of the scenario and the appropriate actions to take. You also can refer them to discussion groups like the Webroot community for safety tips.

What can we do to stop spoofing?

The government and telecom industry are working together to put a stop to spoofing. The Truth in Caller ID Act, passed in 2009, prohibits any person or entity from transmitting misleading or inaccurate caller ID information with the intent to defraud, cause harm, or wrongly obtain anything of value. Also, the tech and telecom industries are working on solutions. Similar to our anti-virus solutions for email and internet safety, there may soon be better anti-spoofing protections for voice.

Americans receive 15.8 spam calls (cell and/or landline) and 6.3 spam text messages in an average month. Until a complete solution is found, remain vigilant about protecting your personal information.

The post Phone Spoofing Unpacked appeared first on Webroot Threat Blog.

Email attacks are the most common methods for initiating ransomware and phishing scams. Attackers want you to open an infected attachment or click a malicious link, and unwittingly download malware to your machine. But you can avoid such attacks by being patient, checking email addresses, and being cautious of sketchy-sounding subject lines.

7 dangerous subject lines to watch for

Cybercriminals initiate their attacks through hyperlinks or attachments within emails. Most of these attacks use urgency or take advantage of user trust and curiosity to entice victims to click. Here are examples of subject lines to be cautious of.

Remember me? It’s Tim Timmerson from Sunnytown High! Criminals use social engineering tactics to find out the names of the people close to you. They may also hack a friend or relative’s email account and use their contact lists as ammo. Next, they research and impersonate someone you know, or used to know, through chats and emails. Not quite sure about a message you received? Hover your mouse over the sender address (without clicking) to see who the real sender is.

Online Banking Alert: Your Account will be Deactivated. Imagine the sense of urgency this type of subject line might create. In your panicked rush to find out what’s going on with your account, you might not look too closely at the sender and the URL they want you to visit. At the end of March, a Bank of America email scam just like this was successfully making the rounds. Initially, the email looked completely legitimate and explained politely that a routine server upgrade had locked the recipient out of their account. At this point, when clicking the link to update their account details, an unsuspecting victim would be handing their login credentials and banking information over to cybercriminals.

USPS: Failed Package Delivery. Be wary of emails saying you missed a package, especially if they have Microsoft Word documents attached. These attacks use the attachments to execute ransomware payloads through macros. Senior Threat Research Analyst Tyler Moffitt walks us through what it’s like to get hit with a ransomware payload from a USPS phishing email.

United States District Court: Subpoena in a civil case. Another common phishing attack imitates government entities and may try to tell you that you’re being subpoenaed. The details and court date are, of course, in the attachment, which will deliver malware.

CAMPUS SECURITY NOTIFICATION: Phishing attacks have been targeting college students and imitating official university emails. Last month, officials at The University of North Carolina learned of an attack on their students that included a notification email stating there was a security situation. The emails were coming from a non-uncg.edu address and instructed users to “follow protocols outlined in the hyperlink”. Afterward, the attacker would ask victims to reset their password and collect their sensitive information.

Ready for your beach vacay? Vacation scams offer great deals or even free airfare if you book RIGHT NOW. These scams are usually accompanied by overpriced hotel fees, hidden costs, timeshare pitches that usually don’t pan out, and even the theft of your credit card information. Check the legitimacy of offers by hovering over links to see the full domain, copy and pasting links into a notepad to take a closer look, and by researching the organization.

Update your direct deposit to receive your tax refund. The IRS warns of last minute email phishing scams that take advantage of everyone’s desire for hard-earned refunds and no doubt, their banking credentials.

Read between the lines

1. Enable an email spam filter
2. Hover over links before you click
3. Keep your cybersecurity software up to date
4. Disable macros to avoid ransomware payloads
5. Ignore unsolicited emails and attachments
6. Be on the lookout for the top 5 tax season scams
7. Educate yourself on social engineering attacks
8. Check the Federal Trade Commission’s scam alerts

Help us create awareness in the community around scams and phishing attacks with dangerous subject lines. From here on, education should be top of mind as our community begins to adopt safer online habits. Share this blog with your friends and family or get in on the #CyberSmart conversation by sharing a Tweet.

The post 7 dangerous subject lines appeared first on Webroot Threat Blog.

When you meet Gary Hayslip, don’t let his calm demeanor fool you — underneath is a deep passion for and understanding of the “Internet of Everything” or IoE. To say his 25-year career in information security is impressive would be an understatement. From serving as Command Information Security Officer in the United States Navy to his more recent position as the City of San Diego CISO and deputy director, Gary has become attuned to the ever-evolving role of a CISO in organizations.

As I chatted with him across a boardroom table, I began to picture how IoE has the potential to create abundant opportunity and new risks. Imagine this: smart parking meters making your urban commute easier. Communications between your car’s GPS and parking meters in the vicinity help you find a vacant spot and pay the meter all from an app on your phone. Now imagine the adverse — a powerful DDoS attack using those same smart parking meters to send a flood of communications to an area internet service provider, overloading its network bandwidth, and debilitating internet service for its customers. It can be scary to think about.

According to the FBI, “deficient security capabilities and difficulties for patching vulnerabilities in these devices, as well as a lack of consumer security awareness, provide cyber actors with opportunities to exploit these devices.” For the record, this is why more organizations need the Gary’s of the world.

I caught up with Gary at the Webroot World Headquarters in Broomfield, Colorado, to talk about his decision to join Webroot, his views on IoT, and more.

Webroot: What made you decide to join the Webroot team?

Gary Hayslip: I had been working in the IoT and cybersecurity space around smart cities and smart communities for a while when I came across Webroot. Seeing the Webroot FlowScape® capabilities coupled with how their product suite leverages the power of machine learning to predict and protect against threats in the connected world we live in had me sold. At the end of the day, a forward-leaning company that can offer Webroot’s level of protection to both consumers and partners intrigues me.

Webroot: As an InfoSec leader, what will be your main area of focus at Webroot?

GH: To me, cybersecurity is a business critical function. The Office of the CISO provides enterprise risk management through current state assessments and forecasting. Ultimately, our consistent question to solve is “how can we better support departments across the organization?” I think I’ll bring a unique point-of-view to that question considering I was recently a customer. Along those lines, my insight from the customer point of view will offer an advantage with product strategy to reduce the risk for customers.  As Webroot grows, I want to ensure the programs and strategies my teams create are flexible enough to grow alongside the company.

Webroot: What opportunity do you think Webroot can fill in the market?

GH: I see a significant amount of movement in getting IoT devices to market, but not a lot of readiness to make sure these devices can be scanned, monitored, or protected. FlowScape bridges the gap and allows you to see the devices communicating within your networks and gives context around what devices are doing. The Webroot product portfolio truly does protect users across devices, networks, and perimeters.  Delivering comprehensive security solutions that detect, defend, and provide analysis to businesses and individuals is our sweet spot.

Webroot: What difference do you want to make in your new role?

GH: The biggest thing for me is making a resilient program ever better. Cybersecurity is a life cycle and breaches are part of that life cycle. It’s never lost on me that threats are constantly emerging and evolving. It’s only fitting for a best-in-industry organization to meet the threats where they live with constant preparation.

In addition to sitting on numerous boards and being an active member of ISSA, ISACA, OWASP, and InfraGard, Gary holds the certifications of CISSP, CISA, and CRISC. Be sure to check out his book CISO Desk Reference Guide.

The post Gary Hayslip Chats About the Internet of Everything, the Strategic Role of Cybersecurity, and Becoming Webroot’s New CISO appeared first on Webroot Threat Blog.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

Microsoft Patches Critical Zero-day Vulnerability

On Tuesday of this week, Microsoft released a patch for a relatively unknown zero-day vulnerability that allowed attackers to distribute malware through malicious Word documents. Opening the infected document allows it to contact a remote server to begin downloading malware to a victim’s system via a script file embedded in the document. While the Microsoft patch does resolve the issue, we still encourage you to use caution when opening any documents attached to emails, even if they appear to be from a trusted sender.

Legit IRS Online Tool Used Illegitimately

In the past few months, investigators have been looking into some fraudulent activity that was occurring in their Data Retrieval Tool. By using the tool as intended, criminals were able to impersonate legitimate users to begin a tax return form and access that user’s data, thereby creating fraudulent returns. From the initial investigation, it appears nearly 100,000 different user accounts have been tied to this method of identity theft. The scam itself has cost the IRS over $30 million.

Sneaky CIA Malware Uses Pop Culture References

When the Wikileaks Vault 7 post revealed numerous spying tools from a CIA dump, many researchers began digging through the treasure trove of information. Researchers at Kaspersky Lab found several malware programs with code referencing Star Trek, Flash Gordon, and other recent pop culture icons. The malware in question has been linked to a long-standing malware campaign that hit multiple targets across Europe and Asia.

Ex-Employee Hacks Hotel System, Slashes Room Rates

Ever daydream about getting back at a bad boss? One NYC Marriott hotel found itself on the receiving end of a disgruntled ex-employee’s revenge. A few weeks after being fired from his job, Juan Rodriguez hacked into the hotel’s reservation systems and cut prices down by up to 95%, costing Marriott over $50,000 before the intrusion was discovered. Unfortunately for Juan, while he was smart enough to infiltrate their network, he forgot to mask his own IP, which led authorities straight to his apartment.

Patient Records Available Online

As prices for medications and health treatment continue to rise, a lot of people are looking for cheaper ways to obtain prescriptions and services. Unfortunately, this leads to increased risk, particularly in the case of elderly citizens on a fixed income. Recently, a researcher found a database with the medical and personal records for nearly 1 million senior citizens, freely available to the public. But the database in question didn’t belong to a healthcare facility. Instead, it was owned by a telemarketing firm who had gathered a large quantity of sensitive information on the promise of providing cheaper deals on medication.

The post Cyber News Rundown: Edition 4/14/17 appeared first on Webroot Threat Blog.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

Neiman Marcus Breach Bigger than Initially Believed

Following the 2015 Neiman Marcus breach, the company only recently disclosed that the impact is far greater than originally believed. The latest findings come on the heels of a January attack that copied the original 2015 hack, during which the information for over 350,000 unique credit cards was compromised. The recent attack exposed an unknown quantity of user’s data, though it focused more on the company’s loyalty card program, InCircle.

Chinese Video Service Accounts for Sale on Dark Web

As the list of data breaches continues to grow, several prominent Chinese companies have seen massive breaches, reaching well into the hundreds of millions range as far as individual accounts affected. Recently, a database belonging to Chinese streaming service Youku was found for sale on the Dark Web for a paltry $300. The database contains the usernames and passwords for nearly 100 million users, most of which have already been decrypted or even found in multiple, previously leaked databases.

Ransomware-as-a-Service, Surprisingly Affordable

The newest trend taking the malware world by storm: cheap ransomware-as-a-service that comes with a user-friendly dashboard, so launching a ransomware campaign is now easier than ever. For the low, low price of $175, aspiring cybercriminals gain access to a fully customizable interface to monitor the infections from start to end. Fortunately for potential victims of this particular variant family, security researchers have been successful in creating decryption keys to remove the malware for free.

Indian Hackers Strike at Snapchat over CEO Comments

In another case of cybercriminals turned hacktivisits, attacks have been launched following a PR nightmare in which Snapchat’s CEO allegedly made comments that the Snapchat platform is meant for “rich people”, not for “poor countries” like India. The hackers claim to have stolen user data for over 1.7 million accounts, though Snapchat has yet to confirm that any leak actually occurred.

International Hotels Group Finds Malware in Payment Systems

Following an investigation that began in the second half of 2016, officials for the International Hotels Group have confirmed that multiple locations had suffered significant credit card breaches. Even more worrisome is that the latest breach was only discovered by the card providers monitoring suspicious activity on the accounts, which suggests that the IHG’s internal security measures aren’t up to snuff.

The post Cyber News Rundown: Edition 4/21/17 appeared first on Webroot Threat Blog.

UPDATE 4/28/17 2:11 p.m. MDT

As a reminder, the repair utility to address the false positive issue that arose on Monday, April 24, is available. The utility will release and restore quarantined applications to working order on the affected endpoints.

Please note, the utility was built to address only this specific false positive issue. It will be deactivated in the future.

If applications are operating normally on your systems, you do not need to implement the utility.

To obtain the repair utility, open a support ticket, or reply to your existing support ticket related to this issue. Please include your phone number in the ticket.

I want to thank each of our customers and partners for their patience during this time, and we are committed to earning your trust going forward.

UPDATE 4/27/17 2:47 p.m. MDT:

We have 0 calls in queue on our phone line, and are working through about 130 tickets related to the False Positive repair utility. A good portion of those are simply awaiting customer verification.

If you haven’t yet submitted a support ticket and you need the repair utility, please do so here. Include your phone number as well with the support ticket.

Our sincerest thanks to the MSP beta customers who worked with us to further test and validate this repair. We truly appreciate the support of our customers and thank you for your patience.

Update (Business) April 26, 10:25am MDT:

In addition to the manual fix issued Monday, April 24, we have now issued a standalone repair utility that provides a streamlined fix for business customers.  It will release and restore quarantined applications to working order on the impacted endpoints.

For access to the repair utility, customers should open a support ticket, or reply to your existing support ticket related to this issue.  Please include your phone number within the support ticket.

Our sincerest thanks to the MSP beta customers who worked with us to test and validate this repair. We appreciate the support of our customers and thank you for your patience.

Update (Business) April 25, 9:41pm MDT:

We created a comprehensive repair utility, and have successfully completed QA. We are currently rolling out the utility to a group of beta customers to ensure it works for our broader customer base. We expect to complete that work soon, and then will make it available incrementally to the entire customer base to ensure a successful deployment.

You also can look to our Community for ongoing updates.

Our Support team remains available to those of you who need urgent assistance, and we thank you for working with us through this challenging issue.

On April 24, Webroot experienced a technical issue affecting some business and consumer customers. Webroot incorrectly identified multiple files as malware. Webroot was not breached. Actual malicious files are being identified and blocked as normal.

We recognize that we have not met the expectations of some customers, and are committed to resolving this complex issue as quickly as possible.

For Business

Webroot is making progress on a resolution and will update you when it is available. In the meantime:

• Do not uninstall the product or delete the quarantine. This will make quarantined files unrecoverable.
• We have rolled back the false positives. Once the fix is deployed, the agent should pick up the re-determinations and perform as normal.
• Customers should ensure endpoints are powered on and connected to the internet to receive the fix. Once files have been restored from quarantine, some endpoints may require rebooting.

Those who wish to address the issue manually should follow the instructions posted on Webroot Support.

We are conducting a thorough technical review to ensure we have a complete understanding of the root cause.  A summary will be posted in the Webroot Community, and Webroot account representatives will be prepared to discuss the findings in greater detail with you.

For Home

To resolve the issue, customers need to restore the quarantined file(s). Please follow the steps on the Webroot Community and restore the file(s). Webroot offers free 24/7 support for consumers, and can open a ticket for any questions here.

We apologize for the inconvenience this has caused our customers and are taking the actions to earn your trust going forward.

The post Critical Service Announcement appeared first on Webroot Threat Blog.

We’ve heard the same advice over and over when it comes to passwords—make it strong. But how many of us actually follow this advice? Would you believe that some of the most popular passwords are still “password”, “123456”, “qwerty”, and “abc123”?¹ For World Password Day, we’ve want to offer a few tips to make sure your passwords are up to snuff.

Tips for securing passwords

1. Create a strong password that uses numbers, caps, and special characters
2. Use unique passwords for each account
3. Enable two-factor authentication
4. Set up a secure password manager

You’re probably thinking “it’s hard to remember multiple strong passwords.” To help you out, here’s how you can choose something easy to remember, but hard to crack.

1. Start with your favorite song, movie, or book. Use the first letter of each word. So, if your jam is “Guardians of the Galaxy Vol. 2”, that would make it “Gotgv2”.
2. You could then increase the complexity by changing out any vowels with numbers. That makes it “G0tgv2”.
3. Now add a special character, such as “!” or “$”. Your password would now be “G0tgv2!”.
4. Turn it into a passphrase for good measure. Something like  “G0t7gv2! is my jam!”.
5. Make sure it’s at least 16 letters long. This one is, but you may need to add another number or symbol to make the password long enough.

If this is still too much to remember, you can use the first letter of one of your favorite phrases from a song, movie, or book until you reach 12 or so characters, mix up capitalization, then add in a few special characters.

Otherwise, go with option 4 from my original list: get yourself a password manager. There are a number of free and low-cost password manager applications out there, which will generate and store secure passwords for all of your accounts. Many Webroot subscribers already have one, depending on their Webroot subscription type.

Note: If you do use this option, you will still need a strong password for the password management program itself.

Mobile reminder

If you don’t have a password on your mobile phone or tablet, you should reread part about following security advice. Most smartphones offer the option of a 4-digit PIN or a pattern. When creating your PIN, be sure to use a unique string of numbers, and one that isn’t easy to guess (e.g. don’t use your birthday.)

Join Webroot and hundreds of other organizations worldwide on May 4^th to take the pledge to build stronger password habits.

1. Jacob Siegal. “The most common passwords of 2016 are just as embarrassing as you expected” (January 2017)

The post Creating strong passwords on World Password Day appeared first on Webroot Threat Blog.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

Apple Threatens to Remove Uber App

In recent weeks, Apple has threatened to remove Uber from its App Store after a New York Times article revealed the app was tracking iPhones, even after having been uninstalled. Uber’s response was that the tracking was implemented to identify fraudulent trips and ensure untrustworthy users were blocked from the service, though this type of monitoring is expressly forbidden by Apple. While the issue has only been spotted on iOS® devices so far, it’s possible that Android® devices are also being tracked.

List of IoT Medical Devices Grows, Along with the List of Threats

Many of us may remember hearing that internet-connected pacemakers were potentially susceptible to cyberattacks. Now, several imaging sensors, prosthetics, and other connected medical devices, which are either currently available or in production, don’t appear to have proper security precautions. In addition to the possibility that these devices could be accessed remotely, there’s also a chance they could be used to steal any personal medical data they record.

Chipotle Payment Processing Systems Compromised

In the last week, Chipotle’s CFO released a statement about unauthorized activity on their internal payment processing network. While it appears their security measures did stop the attack, the company is working with its payment processor to monitor customer accounts for any suspicious activity over the 3-week period in which the breach occurred.

Mole Ransomware Brings Two Forms of Encryption

As ransomware continues to evolve, the tactics to ensure a successful attack have improved right along with them. With the Mole variant, criminals use RC4 encryption and RSA for decryption, leaving victims with no way to decrypt their files or even tell them apart. The infection begins by executing a javascript file that pretends to be a Flash update, then changes all file extensions to .MOLE. It finishes by scrambling all of the filenames with hexadecimal values.

FalseGuide Android Malware Reaches 2 Million Victims

In a recent study, researchers discovered the prevalent Android malware FalseGuide has affected over 2 million individual devices. The malware proliferates by disguising itself as game guides for dozens of popular mobile games, and, after being installed, requests admin privileges to remove any options for the user to delete the app. After gaining admin access, the malware registers itself on a cloud messaging service to receive remote commands.

The post Cyber News Rundown: Edition 5/5/17 appeared first on Webroot Threat Blog.