A computer is only as good as the information that feeds it. This belief nourishes the computer programming and engineering field, encouraging scores of youth to dive into the relatively nascent field–software programming and engineering have only been a widespread occupation since the 1980s.  It’s no wonder there is an explosion of jobs in the field as new technology such as cloud, Big Data, and mobile are embraced. According to SC Magazine, the Bureau of Labor Statistics reported that in February 2017 there was a net increase of 13,000 information technology jobs.

So what is the next generation doing to prepare for this exciting field? They’re seeking out internships.

This semester, Webroot was lucky enough to have 8 interns. I sat down with Clarence Tan, a senior at the University of California, San Diego studying computer science, to get a snapshot into the mind of the next generation of computer greats.

Webroot: Tell me a bit about yourself?

Clarence Tan: I’m a 4th year studying Computer Science at UCSD. For me, I really enjoy software development, because I appreciate problem-solving and building things in general. Outside of coding, some of my interests include watching sports, playing board/video games, and traveling.

Those hobbies sound like a checklist for a lot of the technical folks around here! Besides the obvious overlap of interests, how did you learn about the Webroot internship?

I learned about the Webroot internship through UCSD’s job page (PortTriton). My university has great connections with area businesses like Webroot.

What was enticing about an internship at Webroot?

For me, I wanted to gain more industry experience and further my knowledge in software development to become a better engineer. While I do learn a lot of interesting things at school, I feel I have grown the most through my experiences as an intern.

Wise words, Clarence. There is nothing like “real-world” experience. Take us through a day in the life for you in our San Diego office?

As a software intern, the majority of my time is spent coding, doing research, and having technical discussions regarding the features I am working on. Outside of that, I have scrum meetings every other day, bi-weekly engineering meetings, and one-on-one meetings with Tom Caldwell, my manager. Otherwise, I have a few larger group meetings addressing more general Webroot or office business.

It sounds like you get to be in the weeds on projects. Knowing what you do now, what is your biggest takeaway or lesson learned from this semester?

I think one of the biggest takeaways for me is time management. Since I am still in college, I have to balance my coursework with my internship and other school activities. It was definitely a challenge for me initially, but I feel I’ve learned a lot through this experience and worked through how to balance it all.

While I do learn a lot of interesting things at school, I feel I have grown the most through my experiences as an intern.

If it’s any consolation, I also struggle with time management and balance. There is always one more thing to do! What advice can you share with students in your field?

I’d recommend doing side projects or pursuing an internship. As I mentioned earlier, I feel I’ve grown the most as a developer by applying the knowledge and theory I learned in school to real-world situations. It has allowed me to understand technology better through the application of it. Also, I’d recommend students pursue a part of software development that interests them in particular, which can range from full-stack to DevOps to mobile. These are all very different, but equally important, aspects of development and I believe it is important to do what you enjoy.

Solid advice, Clarence! Now on the flipside, any advice for Webroot?

Continue to rock on with those great snacks.

Thanks, Clarence. I appreciate you taking the time to chat.

If you’re interested in an internship at Webroot, check out our careers page, www.webroot.com/careers.

The post Intern Q&A with Software Engineer Clarence Tan appeared first on Webroot Threat Blog.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

UK Dating Site Exposes User Info

Recently, users of the UK-based dating site, Soulmates, reported receiving explicit emails that contained info available on their dating profiles. After what appeared to be a third-party data leak, Soulmates revealed that both usernames and corresponding email addresses had been compromised. Soulmates has since confirmed that the cause of the leak has been resolved, but declined to provide further detail.

Dangerous Microsoft Security Bug Found

In the past week, a Google researcher discovered a bug in the Microsoft® Windows Defender that exploits the program’s high-level permissions to cause chaos on the system—without the user having to take any action. The bug occurred when Windows Defender scanned a malicious email, which then enabled the remote code execution to further take control of the affected device. Fortunately, Microsoft releases automatic updates, so this should be resolved for most systems, or will be soon.

Ireland Falls Victim to Multiple Email Scams

In recent weeks, thousands of Irish citizens have received scam emails from Tesco Bank and Bank of Ireland, all requesting that they confirm personal information via a link to the site’s login page. (As if we needed yet another reason to avoid links in emails…) Recognizing that many users will be savvy enough to delete the obvious phishing attempt without clicking the link, attackers are likely measuring success based solely on the relatively small percentage of recipients who fall for the scam.

Healthcare Providers Leave Medical Records Accessible to All

Researchers have recently uncovered a flaw in several healthcare providers’ websites, which allows any user to view the medical records of other patients. By logging into one site, the researcher was able to successfully load another patient’s records by simply changing a single digit in the PDF download link. Another site allowed users to view records without a login that would verify their identity.

SS7, Major Security Flaw in International Telecomm

For years now, researchers have been documenting flaws inherent in SS7, the signal protocol that allows 800+ telecomm service providers to work together efficiently. By taking control of a rogue telecomm company, attackers have been able to successfully reroute incoming messages and calls to a compromised device to monitor activity. SS7 has also been blamed for multiple other security incidents over the years, from device tracking to full internet usage and communication monitoring.

The post Cyber News Rundown: Edition 5/5/17 appeared first on Webroot Threat Blog.

Ransomware attacks continue to spread around the world this weekend, after the initial damage inflicted on healthcare organizations in Europe on Friday.

The criminals responsible for exploiting the Eternal Blue flaw haven’t yet been identified, but up to 100 countries have hit with WannaCry ransomware, with Russia, Ukraine and Taiwan among the top targets.

The ransomware first appeared in March, and is using the NSA 0-day Eternal Blue and Double Pulsar exploits first made available earlier this year by a group called the Shadow Brokers.  The initial spread of the malware was through email, including fake invoices, job offers and other lures with a .zip file that initiates the WannaCry infection.  The worm-like Eternal Blue can exploit a flaw in the Server Message Block (SMB) in Microsoft Windows, which can allow remote code execution.  This flaw was patched in Microsoft’s March 2017 update cycle, but many organizations had not run the patch or were using unsupported legacy technology like XP.

What’s New

Today, Microsoft has released emergency security patches to defend against the malware for unsupported versions of Windows, including XP and Server 2003.

Overnight and today, it has become clear that a  kill switch was included in the code.  When it detects a specific web domain exists—created earlier today—it halts the spread of malware.  You can learn more at The Register.

As a Webroot customer, are you protected?  YES.

Webroot SecureAnywhere  does currently protect you from WannaCry ransomware.

In simple terms, although this ransomware is currently causing havoc across the globe, the ransomware itself is similar to what we have seen before.  It’s the advanced delivery mechanism that has unfortunately caught many organizations off guard.

In addition to deploying Webroot SecureAnywhere as part of a strong endpoint control strategy, it is essential you continue to keep your systems up-to-date on the latest software versions, and invest in user education on the dangers of phishing, ransomware, social engineering and other common attack vectors.

If you have any questions about your Webroot deployment, reach out to our Support Team now.

And, if you are not a Webroot customer, we encourage you to trial Webroot SecureAnywhere now.

The post WannaCry Ransomware: Webroot protects you. appeared first on Webroot Threat Blog.

As the second wave of WannaCry spreads across the globe, the latest estimate from the leading European police agency Europol suggests the malware has hit over 200,000 victims over 150 countries.  You can catch up on some of the latest news here.

New kill switch detected ! https://t.co/sMyyGWbgnF #WannaCry – Just pushed for an order ! pic.twitter.com/cV6i8DpaF4

— Matthieu Suiche (@msuiche) May 14, 2017

Although a second kill switch has been identified and registered today, there is no certainty that this second kill switch will address all malware variants. Europol continues to recommend that one of the best defenses is to take advantage of the patches released by Microsoft.

Webroot currently has strong protection in place for WannaCry, and has already reviewed and fortified its protection and detection routines to protect its users against future variants that may appear.

As Webroot sees every new executable file introduced on systems where Webroot SecureAnywhere is installed, we get rapid insight into all types of new malware.  This allows us to quickly create and/or improve upon our best-in-class detection mechanisms for zero day threats.

The post Second WannaCry wave spreads the globe appeared first on Webroot Threat Blog.

Webroot recently announced a new collaboration with Clavister, a leader in the network security market. Clavister selected Webroot’s BrightCloud® IP Reputation Service. The solution detects malicious activity within users’ IT infrastructure and delivers actionable threat intelligence. We sat down with Mattias Nordlund, product manager for Enterprise at Clavister to get the scoop on the new offering and also the importance of IP reputation.

Webroot: Give readers a brief overview of Clavister.

Mattias Nordlund: Clavister is a Swedish security vendor founded in 1997 in the very improbable location of Örnsköldsvik, on the border of Lapland, far in the North of the country. We always joke – because it’s cold and dark so much of the year – our developers don’t have any distractions from making the best security code out there. Our “Swedishness” is a big source of company pride.

The development of our proprietary software – first cOS core and later our cOS stream solution – made the product into an award-winning and industry-respected leader in cybersecurity and digital threat deterrence. We’ve managed to grow the business internationally to an installed base of 20,000 customers with a 95 percent satisfaction rate, which drove Clavister to be one of the few Swedish technology companies listed on the NASDAQ OMX Nordic Exchange. Clavister also has acquired a formidable client list that includes Nokia, Canon ITS, and D-Link, as well as collaborations with Intel, Redhat, and VMware, among others.

I love the source of pride in your heritage. Putting on your security hat, do you see a difference in cyber preparedness in Europe versus the United States?

Of course. The US is a very advanced market when it comes to threat protection and development with some of the biggest vendors operating within its borders. But, if you think of EU legislation, like GDPR, with a more independent tradition that doesn’t appreciate the surveillance and backdoors built by both US and Chinese actors, then you see that Europe is quite advanced in cybersecurity. In Sweden, just as an example, we use a two-factor authentication app for not only our banking but logging into public websites, checking your kid’s daycare schedule, etc. So identity management and using VPNs is far more advanced in the EU than in the US.

That’s great. We are always pushing two-factor authentication, but it isn’t required by many sites here. Switching gears, why is IP reputation important?

For us, it’s important as a tool to help our customers stop Command & Control and Botnet communications, alleviate load on servers from attacks from known Denial of Service (DoS) IPs, or help limit the load on mail servers by stopping known spam sources on the edge. IP reputation in a way becomes a proactive mitigation technique rather than a reactive one. That’s where we see the market for Next-Generation Firewalls (NGFW) going.

Being proactive in your cyber defense is key. What do you hope your customers will gain by including Webroot BrightCloud IP Reputation intelligence in your solutions?

For our customers, it’s one more piece of the puzzle in how to understand traffic flowing through our products. The customer will get insights on the behavior of users. Coupled with other features like web content filtering and application control, it will indicate the behavior of a user and how “risky” it is.

What advice can you share with businesses struggling with their security plans today?

Having a holistic approach to how the company behaves – BYOD, its cloud-based work, endpoint, identity access management (IAM), VPNs, etc. – is really critical. It no longer works to take a partial approach. And then there’s the human firewall factor. Keep in mind, 85 percent of network breaches come from employees hitting phishing emails. That’s very important to bear in mind, as much as the hardware and software solutions.

Wise words, Mattias. Thank you for taking the time to talk cyber.

If you want to learn more about this new collaboration, check out the media release.

The post Clavister Partners with Webroot for IP Reputation appeared first on Webroot Threat Blog.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

WannaCry Ransomware Tackles Globe

In the past week, organizations in over 150 different countries have been dealing with the WannaCry ransomware that spread like wildfire across at least 150,000 individual endpoint devices. By propagating like a worm, the infection was able to spread quickly, exploiting a largely unpatched vulnerability in several Windows operating systems. While a patch for un-updated systems has been publicly available since March, many organizations have struggled to roll it out to their endpoints, or can’t do so without rendering their proprietary software unusable.

Restaurant Listing Service Zamato Hacked

Researchers have discovered a Dark Web vendor with a listing for 17 million Zamato user accounts, along with samples of the data to prove its legitimacy. In response to the hack, Zamato has issued a forced password reset for all affected users, and strongly recommends a password change for the remaining users as added precaution. Fortunately, no credit card information was compromised, as it is stored in an alternate location.

Pirates Pirate “Pirates”

As the official release of the new Pirates of the Caribbean movie looms ever closer, hackers have threatened to leak five minutes of a stolen, unreleased film, followed by 20-minute chunks if Disney doesn’t pay their Bitcoin ransom demand. (It’s unclear if the stolen movie is truly the new PotC, but that’s the rumor.) Piracy is hardly new in the film industry, and a case much like this one happened last month with Netflix and episodes from the upcoming season of Orange Is the New Black. From the sound of it, most production companies agree that a few leaks to dodgy download sites so close to release aren’t significant enough to consider paying up.

Dangerous Flaw Found in the Google Chrome Browser

A recently discovered flaw in Google Chrome has allowed researchers to download a malicious shell command file to a user’s computer, which then executes when the user opens the folder where the file was saved. Upon execution, the file retrieves the user’s login credentials for accessing other network drives or local files. Fortunately, Google is aware of the issue and is working to resolve the vulnerability.

Bell Canada User Data Leaked

In their public statement earlier this week, Bell Canada revealed that a large number of users’ email addresses had been compromised, along with several thousand names and phone numbers. The breach is currently under investigation, and all affected users have been notified to be on the lookout for resulting email phishing scams.

The post Cyber News Rundown: Edition 5/19/17 appeared first on Webroot Threat Blog.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

Samsung’s Latest Iris Scanners are Easily Fooled

Recently, ethical hackers have been able to bypass Samsung’s latest attempt at iris recognition with minimal effort. Would you believe the tech is fooled by simply scanning a high-res picture of the right pair of eyes? While the vendor who supplies Samsung with the recognition software assures users that their security is infallible, the opposite seems to be true. The group that discovered the hack was also responsible for finding the workaround for Apple’s Touch ID locking system.

University Twitter Account Hacked, Tweets Racist Remarks

Unfortunately, Salem State University in Massachusetts has joined the ranks of notable organizations, institutions, and individuals who have fallen victim to social media hacks. In the past week, officials at Salem State having been dealing with the aftermath of a hack that caused their Twitter account to post highly offensive, racist messages. For the time being, the account has been suspended, the tweets in question have been deleted, and the university has issued public apologies through all regional means.

Tech Support Scammers Using WannaCry to Leverage Payment

While tech support scams aren’t new, it seems that scammers are now shifting their tactics to use cyberattacks that have made the news as an extortion tool. After launching an annoying popup that informs victims of their (fake) WannaCry infection, the scammers prompt users to call the (fake) support number for assistance. They then demand an outrageous payment just to run the free Microsoft Malicious Software Removal tool.

Yahoobleed Vulnerability Leaks User Data

Security researchers have been warning Yahoo! about its numerous security vulnerabilities around user data for years, and have gotten only silence in response. The flaw comes from ImageMagick, an image processing system used by Yahoo, which didn’t receive a crucial patch that was released in early 2015. This flaw allowed criminals to send an email containing a malicious image file which, once opened, would enable the end user access to Yahoo! server information. Rather than patching the bug that cybercriminals could exploit, Yahoo! simply discontinued using ImageMagick.

Bank Biometrics Bypassed by Twin Brother

Recently, a reporter for the BBC discovered that his HSBC bank credentials could be falsified by his non-identical twin brother using the voice-recognition password system. The system allowed the reporter’s brother no fewer than 8 attempts to correctly match the voice patterns necessary to access the account, though it only offered him limited viewing access. HSBC has stated that they will decrease the number of failed attempts allowed, and will work to add more layers of security.

The post Cyber News Rundown: Edition 5/26/17 appeared first on Webroot Threat Blog.

“What are our cybersecurity protocols?” This question is one that has, undoubtedly, been top of mind for CTOs at numerous corporations and government agencies around the world in the wake of recent ransomware attacks. Given the hundreds of thousands of endpoint devices in more than 150 countries that were infected in the latest global attack, WannaCry, can you blame them?

Cybersecurity stock buying trends are on the rise. According to CNN Money, the PureFunds ISE Cyber Security ETF (HACK), which owns shares in most of the big security companies, was up more than 3 percent in early trading the Monday following the first WannaCry attacks. Positive performance in cybersecurity stocks comes as no surprise as organizations shore up their defenses in preparation for future attacks—big or small. This is the security climate in which we live.

While the numbers have been rising on both fronts, do the affected organizations truly understand what to look for when addressing cybersecurity? Where should the protection start? What obstacles might organizations need to overcome? How can they be better prepared?

Hal Lonas, chief technology officer at Webroot, takes us beyond the sobering wake-up call that attacks like WannaCry bring, and discusses actionable advice companies should consider when fortifying systems against cybercriminals.

Where should an organization start when thinking about combating malicious files entering the network?

Organizations should think about their security in terms of layers. Between the user sitting in the chair and the sites and services they access from their workstations, every level of security is equally important. The vehicles malicious files use to infiltrate the network shouldn’t be ignored either. Is it a URL? Is it a USB key that’s physically carried into the office? Or maybe it’s an employee who takes their laptop home and uses it on an unsecured network—the possibilities are endless. We’re in a very interesting era in which mobility has become the norm, there are more internet-connected devices than ever, and there are more angles every day for cybercriminals to launch attacks. Essentially, the perimeter is dissolving. That means organizations need to rethink how they approach protecting their networks.

We’ve heard the term “dissolving” a number of times recently when talking about the traditional notion of the network. Can you speak more on that?

Let’s use my phone as an example. Right now, it’s connected to the secure employee wireless in this office. When I hit the coffee shop later for a meeting, it might be on their public Wi-Fi. While I’m driving to the airport this afternoon, it’ll be on a cellular network. By tonight, it’ll be on the guest Wi-Fi in a hotel. With each movement and interaction, perimeters converge and overlap, and this phone is exposed to different levels of security across a variety of networks. Each step means I’m carrying data that could be exposed, or even malware that could be spread, between those different networks. These days, company work happens everywhere, not just on a corporate computer within the security of an organization’s firewall. That’s what we mean by dissolving perimeters.

We’re in a very interesting era in which mobility has become the norm, there are more internet-connected devices than ever, and there are more angles every day for cybercriminals to launch attacks.

One line of defense is endpoint protection. Whether you’re using a mobile device or laptop, that protection goes with the device everywhere. Even as you switch between networks, you know that’s one layer of protection that’s always present. Network or DNS-level security is also key, to help stop threats before they even make it as far as the endpoint.

How does Webroot BrightCloud® Streaming Malware Detection fit into the layered approach? Is it cutting edge in terms of protecting against malicious files at the perimeter?

Streaming Malware Detection is pushing the boundaries of network protection. As files stream through network devices—i.e., as they’re in the process of being downloaded in real time—Streaming Malware Detection determines whether the files are good or bad at the network level. That means the solution can analyze files in transit to stop threats before they ever land on the endpoint at all. We partner with the industry’s top network vendors, who have integrated this and other Webroot technologies as part of their overall approach to stopping malicious files at the perimeter.

In terms of what we’re doing with Webroot products, we’re expanding the levels in which you can be protected—looking at more and more different aspects of where we can protect you. We’re tightening the reigns from endpoint protection, which we’ve traditionally done extremely well, and branching further into the network with Streaming Malware Detection, as well as network anomaly detection with FlowScape® Analytics. We aim to bring value to our customers by protecting holistically. We’re adapting as a company with our product offerings to this new reality we find ourselves in.

What cutting edge approaches is Webroot taking to combat what has already infiltrated the network?

We hear a lot about advanced persistent threats. The reality is that those long-resting, largely undetected threats do make their way through and land in an environment with the intention of wreaking havoc, but doing it low and slow to avoid detection. The malware authors are very smart, which is something we try to anticipate. Webroot is really good at a couple of different things, not least of which is that we’re incredibly patient on our endpoint products. Essentially, we’ll monitor something that’s unknown for however long it takes, journaling its behavior until we’re absolutely sure it’s malicious or not, and then handling it appropriately.

In addition, we’ve recently added a product that does the independent network anomaly detection I mentioned earlier: FlowScape Analytics. Essentially, it analyzes day-to-day activity within a network to establish a baseline, then if something malicious or abnormal happens, FlowScape Analytics instantly recognizes it and alerts us so that we can track it down. In conjunction with our other layers of protection, it’s a solid cybersecurity combination.

What technology do you see helping to protect networks at the same scale and velocity threats are coming?

Streaming Malware Detection is a big one. Traditionally, malware has been sent into a sandbox where it has to execute and takes up resources. The sandbox also has to simulate customer environments. This approach comes with a lot of complexities and ends up wasting time for customers and users while awaiting a response. For scalability, analyzing the malicious files in transit at network speed frees up time and resources.

Is there anything else organizations should take into consideration? Machine learning at the endpoint level?

We’re always asking ourselves, “where’s the right juncture to layer in more security?” I’d like to see more organizations asking the same. You can look at our history, during which we developed a lightweight agent by moving the heavy lifting to the cloud, and that’s the theme we’ll continue to follow. The detection elements of machine learning can fit on our client, but we’ll do the computing-intensive and crowd protection work for machine learning in the cloud. That gives you the best efficacy, shares threat discoveries with all of our products and services in real time, and keeps devices running at optimal levels.

The post Webroot CTO Hal Lonas on Rethinking the Network Perimeter appeared first on Webroot Threat Blog.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

Hackers Blackmail Surgery Patients

Hackers have begun contacting victims of a March data leak that exposed a database containing photos and other sensitive patient information. The majority of victims are linked to a Lithuanian cosmetic surgery clinic, and have received demands ranging from $40 to a full Bitcoin to prevent their photos from being released. Unfortunately for some of the patients, at least 25,000 photos have already been published, likely in an attempt to incite other ransom victims to pay.

Chipotle Payment Systems Hacked

Over the past few months, officials have been sorting out the severity of the Chipotle data breach that occurred between March and April of this year. As of the most recent statement, restaurants in 48 US states have been affected. The data that has been compromised consists of customer names and credit card information, but the company is working with multiple banks to assist any impacted customers.

Judy Malware Wreaks Havoc on Google Play Store

In the past week, Google has removed over 40 apps from the Play Store that were infected with “Judy” malware. Most of the apps were available in the store for quite some time, meaning the number of affected users could be in the millions. Fortunately, Google has recently released a new service that will continuously scan Android® devices for any malicious activity.

Phishing Study Reveals Interesting Results

A recent study conducted by Ironscales monitored 500,000 unique mailboxes from 100 different companies. The study revealed that, over the course of nearly 8,500 attacks on the boxes, many focused on only a small percentage. Additionally, nearly 80% of phishing attacks were able to bypass the email filter and remain undetected, while those with more brand-oriented themes were caught almost immediately. It also pointed out that, while less than half of these attacks lasted longer than 24 hours, the ones that made it past 30 days were capable of sustaining themselves for up to a year or more.

Game Hackers Mod Nintendo Game Cartridges

While the practice of hacking games is nothing new, several hackers in the community have found a way to create a full Hex editor within Super Mario World, using nothing more than standard controller inputs. By jailbreaking the cartridge to store user-written data in the small game save files, they have been able to mod the game, giving players a wide variety of special perks, and even changing the color schemes of game levels.

The post Cyber News Rundown: Edition 6/2/17 appeared first on Webroot Threat Blog.

It’s been an exciting week for our partner ConnectWise – they started offering customers Webroot SecureAnywhere DNS Protection. To get insight into why this matters, I sat down with George Anderson, Webroot’s product marketing director for business solutions, and Gavin Gamber, vice president of Channel Sales and Alliances at ConnectWise.

Can we start with the basics? What is DNS?

George: DNS stands for Domain Name System. The Basic job of DNS is to turn a human-friendly domain name like webroot.com into an Internet Protocol (IP) address like 66.35.53.194. Computers use IP addresses to identify each other. When a user accesses an external website or downloads files, their computer uses a DNS server to look up the domain name and then directs the user to that website.

Ok, kind of like a phone directory for the internet. That helps me understand the power DNS can hold.

George: That’s right. DNS is a powerful part of making the internet work. It also can be an equally powerful avenue for protecting a business. According to our data, many infections are generated through web browsing. Implementing web filtering security at the DNS layer can have a very significant impact on infection rates.

Wow. The internet is a big, beautiful, and scary place.

George: It can be. Using the internet is a high-risk activity for every business, regardless of size. Sometimes good sites can contain bad content. Users can fall victim to drive-by ransomware, employees can click on malvertising, and the list goes on.

Can you give us an example of what security at the DNS layer can stop?

Gavin: Let’s say, for example, you work with medical clients. Most of the end users are protected, but when guests come onto the network there is no way to monitor their web traffic. Since you don’t control the device, you don’t have any antivirus protecting the guest’s endpoint. With DNS filtering, you can protect the network and prevent guests from knowingly or unknowingly going to harmful or sensitive websites.

George: Using a web filtering solution at the DNS layer lets businesses do a few things. First, it creates policies for web usage that can be applied globally or by client. An MSP can decide, for example, whether to block certain content or social media sites. Second, it filters URLs for security risks, preventing infections by automatically sifting out known malicious websites. Finally, it allows a partner to monitor overall web usage and its security risk posture. What’s really different is that this all happens outside the network at the domain layer, so most infections are stopped at the earliest possible stage.

In a nutshell?

George: DNS Protection allows organizations to configure their router or firewall to point to Webroot’s secure DNS resolver servers for granular web filtering. Then, partners simply configure an acceptable internet usage policy. By doing so, they can block malicious URLs, restricted content, social media, or streaming sites they don’t want employees perusing at work.

ConnectWise, what are you hearing from partners about web filtering and its need?

Gavin: This is just one more layer of end user security that is typically time and labor intensive to set up. Our partners and their clients want to mitigate all attack vectors whether they manage all the devices on the network or not. As security risks persist, this is a must-have tool.

So what will all this mean for our ConnectWise partners?

George: First and foremost, it’s simple and easy for ConnectWise partners to deploy and manage. The new DNS Protection service has been fully integrated into the same Global Site Manager (GSM) console they use today for Webroot’s endpoint security. It also benefits from the same pillars of Webroot’s other security services.

• No hardware or software to install
• Includes robust reporting options for easy management
• Direct benefits from Webroot BrightCloud Web Classification Service

ConnectWise, why are you excited for this new product?

Gavin: When we first saw Webroot SecureAnywhere DNS we were blown away by the ease of use and straightforward deployment. Our initial reaction was that our partners would find this incredibly valuable. Additionally, this really leverages the threat intelligence that Webroot has collected over the years and gives that control to our partners in a very powerful and consumable product.

Thank you, both. Glad we could chat all things web filtering.

Interested in learning more? We have additional resources. You also can discover everything Webroot is doing with ConnectWise at Automation Nation, June 19-21 in Orlando, FL. Visit us at booth #201, where you can see a demo of DNS Protection.

The post Talking DNS Protection with ConnectWise appeared first on Webroot Threat Blog.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

Internet Cameras Showcase Major Security Flaws

Researchers recently discovered as many as 18 different vulnerabilities with Foscam cameras. Among the exploits are several methods of gaining remote access to the cameras, as well as viewing active feeds, and searching through locally stored files. Although the researchers reported these issues months ago, the manufacturer has not yet addressed the issues. Unfortunately for consumers, Foscam makes devices for at least 14 different brands, all of which come with the same security risks.

EternalBlue Exploit Port to Windows 10

The notorious EternalBlue exploit, which was used in the WannaCry attacks, has been ported to Windows 10, which means all current versions of Windows are susceptible to the exploit, if not properly patched. In addition to the port, another exploit module was created, which slims down network traffic and allows the infection to remain undetected by current detection criteria. While researchers are still learning and understanding the full capabilities of EternalBlue, it has also opened the door for less skilled hackers to modify the otherwise well-written exploit for their own purposes.

Car Owner Database Publicly Available

In the last week, researchers found a publicly-facing database containing the customer and vehicle information for nearly 10 million cars in the US. The database, which had been actively available for around four months, has no known owner, though several dealerships named in the database have been contacted with inquiries. Unauthorized access to the information could give criminals more than enough information to have extra keys made for the vehicles, and could even lead to identity theft issues.

Turla Hacking Group Changing Methods of Attack

The cybercriminal group Turla has executed numerous cyberattacks on major corporations and government agencies over the last few years. Now, however, they’ve switched their focus to individual attacks, typically using Firefox browser extensions to create backdoors into personal systems. The attacks are coordinated by placing comments on highly-trafficked Instagram pages and pictures. The browser extension hashes the comment values until the malicious hash is discovered, at which point it contacts a C&C server for instructions. Fortunately for many social media users, the APIs used to create the malicious extension will be phased out in future versions of Firefox.

Edmodo Data Breach Confirmed

Officials at Edmodo, an education technology company that works with K-12 schools and teachers, have been working to discover the source of a breach that affects over 77 million individual accounts. The majority of affected users were children who used various Edmodo programs for school, as well as educators across the country. Although the freshness of the data would indicate that the breach occurred very recently, and Edmodo did attempt to notify its users quickly, not all users received word that their accounts had been breached. Thankfully, the company used strong encryptions to protect passwords, so it’s unlikely that attackers will invest the time and effort necessary to decrypt them to access accounts.

The post Cyber News Rundown: Edition 6/9/17 appeared first on Webroot Threat Blog.

The Cyber News Rundown brings you the latest happenings in cybersecurity news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any questions? Just ask.

Hospital Pays Ransom to Restore Systems, Despite Having Backups

In the first cyberattack of 2018 to hit a healthcare organization, an Indiana hospital’s entire network was taken offline. Despite having full backups on-hand, the hospital paid the $55,000 Bitcoin ransom right away. Officials stated they paid the ransom to get the systems back to normal as quickly as possible, since restoring everything from their backups could have taken weeks. Fortunately for patients, no data was stolen, and the staff could continue assisting new arrivals the old-fashioned way (that’s right: pen and paper) until system functionality was restored.

Audio Attacks Used for Damaging Hard Drives

A recent collaborative study performed by two universities proved that, within a reasonable proximity, an attacker could use acoustic signals to target a hard disk drive, leading to data corruption on the device. While many people could explain why this type of attack is possible, the study determined that the attacks required not only a specific frequency based on the hard drive in question, but also a precise distance from the drive and angle of sound projection to execute a successful attack.

New Android Platform Takes Spying to New Heights

A new Android spying platform has been discovered that puts all its predecessors to shame. By implementing several new features, such as location-based audio recording, compromising WhatsApp messages, and even allowing attackers to connect the device to malicious WiFi networks, this software platform gives attackers an all-new range of methods to target victims. The platform is based around five known exploits in the Android OS, and it uses them to gain administrative access to the device.

Latest Netflix Phish Asks for User Selfie

Within the last week, a new email phishing campaign has been spotted targeting Netflix users. The email informs users that a “hold” has been placed on their account pending further information. It requests users upload a photo of themselves with an ID card and prompts them to update their billing information, before redirecting them to the real Netflix login page.

RubyMiner Found on Older Linux and Windows Servers

A new cryptocurrency miner variant has been targeting outdated system servers that run both Linux and Windows. The variant, known as RubyMiner, identifies the unsecured servers using a web server tool, then gains access via a variety of exploits to install a modified Monero miner. RubyMiner deviates from similar miners in that it focuses on machines that have likely been forgotten about, and so remain on without being regularly patched.

The post Cyber News Rundown: Healthcare Ransomware appeared first on Webroot Threat Blog.

From Facebook to LinkedIn, social media is flat-out rife with phishing attacks. You’ve probably encountered one before… Do fake Oakley sunglasses sales ring a bell?

Phishing attacks attempt to steal your most private information, posing major risks to your online safety. It’s more pressing than ever to have a trained eye to spot and avoid even the most cunning phishing attacks on social media.

Troubled waters

Spammers on social media are masters of their craft and their tactics are demonstrably more effective than their email-based counterparts. According to a report by ZeroFOX, up to 66 percent of spear phishing attacks on social media sites are opened by their targets.  This compares to a roughly 30 percent success rate of spear phishing emails, based on findings by Verizon.

Facebook has warned of cybercriminals targeting personal accounts in order to steal information that can be used to launch more effective spear phishing attacks. The social network is taking steps to protect users’ accounts from hostile data collection, including more customizable security and privacy features such as two-factor authentication. Facebook has also been more active in encouraging users to adopt these enhanced security features, as seen in the in-app message below.

Types of social phishing attacks

Fake customer support accounts

The rise of social media has changed the way customers seek support from brands, with many people turning to Twitter or Facebook over traditional customer support channels. Scammers are taking advantage of this by impersonating the support accounts of major brands such as Amazon, PayPal, and Samsung. This tactic, dubbed ‘angler phishing’ for its deepened deception, is rather prevalent. A 2016 study by Proofpoint found that 19% of social media accounts appearing to represent top brands were fake.

To avoid angler phishing, watch out for slight misspellings or variations in account handles. For example, the Twitter handle @Amazon_Help might be used to impersonate the real support account @AmazonHelp. Also, the blue checkmark badges next to account names on Twitter, Facebook, and Instagram let you know those accounts are verified as being authentic.

Spambot comments

Trending content such as Facebook Live streams are often plagued with spammy comments from accounts that are typically part of an intricate botnet. These spam comments contain URLs that link to phishing sites that try to trick you into entering your personal information, such as a username and password to an online account.

It is best to avoid clicking any links on social media from accounts you are unfamiliar with or otherwise can’t trust. You can also take advantage of security software features such as real-time anti-phishing to automatically block fake sites if you accidently visit them.

Dangerous DMs

Yes, phishing happens within Direct Messages, too. This is often seen from the accounts of friends or family that might be compromised. Hacked social media accounts can be used to send phishing links through direct messages, gaming trust and familiarity to fool you. These phishing attacks trick you into visiting malicious websites or downloading file attachments.

For example, a friend’s Twitter account that has been compromised might send you a direct message with a fake link to connect with them on LinkedIn. This link could direct to a phishing site like the one below in order to trick you into giving up your LinkedIn login.

While this site may appear to look like the real LinkedIn sign-on page, the site URL in the browser address bar reveals it is indeed a fake phishing site. 

Phony promotions & contests 

Fraudsters are also known to impersonate brands on social media in order to advertise nonexistent promotions. Oftentimes, these phishing attacks will coerce victims into giving up their private information in order to redeem some type of discount or enter a contest. Know the common signs of these scams such as low follower counts, poor grammar and spelling, or a form asking you to give up personal information or make a purchase.

The best way to make sure you are interacting with a brand’s official page on social media is to navigate to their social pages directly from the company’s website. This way you can verify the account is legitimate and you can follow the page from there.

The post Just Keep Swimming: How to Avoid Phishing on Social Media appeared first on Webroot Threat Blog.

Earlier this month, CES attendees got a taste of the future with dazzling displays of toy robots, smart assistants, and various AI/VR/8K gadgetry. But amid all the remarkable tech innovations on the horizon, one thing is left off the menu: user privacy. As we anticipate the rocky road ahead, there are three major pitfalls that have privacy experts concerned.

Bio hazard

Biometric authentication—using traits like fingerprints, iris, and voice to unlock devices—will prove to be a significant threat to user privacy in 2018 and beyond. From a user’s perspective, this technology streamlines the authentication process. Convenience, after all, is the primary commodity exchanged for privacy.

Mainstream consumer adoption of biometric tech has grown leaps and bounds recently, with features such as fingerprint readers becoming a mainstay on modern smartphones. Last fall, Apple revealed its Face ID technology, causing some alarm among privacy experts. A key risk in biometric authentication lies in its potential as a single method for accessing multiple devices or facilities. You can’t change your fingerprints, after all. Biometric access is essentially akin to using the same password across multiple accounts.

“Imagine a scenario where an attacker gains access to a database containing biometric data,” said Webroot Sr. Advanced Threat Research Analyst Eric Klonowski. “That attacker can then potentially replay the attack against a variety of other authenticators.”

That’s not to say that biometrics are dead on arrival. Privacy enthusiasts can find solace in using biometrics in situations such as a two-factor authentication supplement. And forward-thinking efforts within the tech industry, such as partnerships forged by the FIDO Alliance, can help cement authentication standards that truly protect users. For the foreseeable future, however, this new tech has the potential to introduce privacy risks, particularly when it comes to safely storing biometric data.

Big data, big breaches

2017 was kind of a big year for data breaches. Equifax, of course, reined king by exposing the personal information (including Social Security Numbers) of some 140 million people in a spectacular display of shear incompetence. The Equifax breach was so massive that it overshadowed other big-data breaches from the likes of Whole Foods, Uber, and the Republican National Committee.

It seems no one—including the government agencies we trust to guard against the most dangerous online threats—was spared the wrath of serious data leaks. Unfortunately, there is no easy remedy in sight, and the ongoing global invasion of user privacy is forcing new regulatory oversight, such as the upcoming GDPR to protect EU citizens. The accelerated growth of technology, while connecting our world in ways never thought possible, has also completely upended traditional notions surrounding privacy.

The months ahead beg the question: What magnitude of breach will it take to trigger a sea change in our collective expectation of privacy?

Talent vacuum

The third big issue that will continue to impact privacy across the board is the current lack of young talent in the cybersecurity industry. This shortfall is a real and present danger. According to a report by Frost & Sullivan, the information security workforce will face a worldwide talent shortage of 1.5 million by 2020.

Some of this shortfall is partly to blame on HR teams that fail to fully understand what they need to look for when assessing job candidates. The reality is that the field as a whole is still relatively new and is constantly evolving. Cybersecurity leaders looking to build out diverse teams are wise to search beyond the traditional background in computer science. Webroot Vice President and CISO Gary Hayslip explained that a computer science degree is not something on his radar when recruiting top talent for his teams.

“In cyber today, it’s about having the drive to continually educate yourself on the field, technologies, threats and innovations,” said Hayslip. “It’s about being able to work in teams, manage the resources given to you, and think proactively to protect your organization and reduce the risk exposure to business operations.

Beyond shoring up recruiting practices for information security roles, organizations of all types should consider other tactics, such as providing continual education opportunities, advocating in local and online communities, and inevitably replacing some of that human talent with automation.

The post 3 Pitfalls Facing Privacy in 2018 appeared first on Webroot Threat Blog.

The Cyber News Rundown brings you the latest happenings in cybersecurity news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst and a guy with a passion for all things security. Any questions? Just ask.

New Trojan Alters Bitcoin Addresses

A newly discovered trojan variant targets Bitcoin users and, more specifically, any Bitcoin addresses that may be copied into the device’s clipboard. The trojan “Evrial” can alter the address in the clipboard so funds are transferred elsewhere when a user performs a Bitcoin transaction. Additionally, Evrial is capable of stealing cookies and any credentials that are being stored within web browsersto further compromise any purchases made on the device.

Paradise Ransomware is Anything But

In a recent return, new attacks have been linked to Paradise ransomware, which had been relatively quiet since its initial burst of attacks last year. Not much has changed for the variant since its previous reveal; it still requires a user to open a phony email attachment and unzip the packed infection. Unfortunately, there is no easy way to decrypt any of the affected files, and the user would need to either restore everything from a clean backup or pay the ransom, which varies based on the victim’s reply time.

Top UK Law Firms Face Massive Breach

Researchers have recently discovered several data dumps that contain over a million email credentials from several of the largest law firms in the UK. Based on the information found in the dumps, roughly 2,000 credentials belonged to each of the companies; the largest company is responsible for over 30,000 of them. Even worse, many of the dumps were released just in the last six months, though most come from third-party breaches.

Major Twitter Accounts Hacked

Several high-profile Twitter accounts were compromised over the last week and used to spread Turkish and Palestinian propaganda while attempting to phish the credentials of related accounts. Along with the credentials, it appears that private messages and other sensitive information were breached as well, leaving the compromised accounts even more vulnerable.

Business Security Moving Forward

Following a Ponemon Institute study from late last year, many were shocked at the results from the companies who responded. Over half of the 1,000 IT professionals surveyed claimed to have suffered a ransomware attack within the last year, and the majority of those reported the cause to be phishing and social engineering tactics. Even more worrisome, the average data breach involved the compromise of an average of 9,000 unique records, costing victims several million dollars to return to normal.

The post Cyber News Rundown: Evrial Trojan Targets Bitcoin Users appeared first on Webroot Threat Blog.

The Cyber News Rundown brings you the latest happenings in cybersecurity news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst and a guy with a passion for all things security. Any questions? Just ask.

Multiple Dutch Banks Fall Victim to Week-long Cyberattack String

Over the last week, several of the largest banks in the Netherlands have been targeted by a string of DDoS attacks that have shut down much of the country’s banking services, affecting millions of customers. Officials have confirmed that no personal data has been compromised, and it appears they have been able to repair their website issues, allowing customers to slowly resume normal banking activity.

YouTube Removes ‘Cryptojacking’ Ads with Crypto Miners

Researchers recently discovered that YouTube has been displaying advertisements that come with a cryptocurrency miner, which is being used to generate revenue for the attackers. In addition to draining the victim’s CPU, the scripts used for the mining process were also generating ads for fake antivirus programs, in hopes of further cashing in on victims. Fortunately, Google was quick to respond and had the malicious ads taken down within a matter of hours.

Tracking Service Displays Military Bases Around the World

With the modern prominence of social media, less and less of our daily activities remains truly private. But how far will it go? When Strava, a fitness activity network that logs the activity of billions of users, posted a global “heat map” showing that activity, it also revealed the locations of dozens of military bases around the world. By viewing the map, it is easy to discover patrol routes, commonly visited locations, and the daily patterns for almost anyone using the app, from anywhere in the world.

Cisco VPNs Contain Severe Flaw

At least ten Cisco devices that run their Adaptive Security Appliance software were found with a flaw so severe that it was given the highest possible vulnerability rating. The vulnerability, which has since been patched, allowed for extremely simple remote exploitation and required no user authorization. Luckily, the flaw is only accessible if the user has enabled the WebVPN functionality on the device, and Cisco provided documentation on how to verify whether it is enabled, and if a device has been affected.

ATM Jackpotting Finally Arrives in the US

While it has spread through Europe and Asia for the past several years, the act of jackpotting an ATM has only recently made its way to the US. Jackpotting an ATM is as simple as gaining access to the device’s hard drive and either swapping it for a compromised drive, or infecting it with malware to give the attacker full control. By disguising themselves as ATM technicians, attackers gain easier access to the ATM and can even return later to quickly dispense the entirety of the ATMs cash reserves.

The post Cyber News Rundown: DDoS Attacks Take Down Dutch Banks appeared first on Webroot Threat Blog.

Who doesn’t like a good mobile game? Especially a free one! They allow you to blow off steam while fine-tuning your skills, competing with others or maybe even winning bragging rights among friends.

Free games can be fun to play, yet there are some common-sense guidelines to make sure these apps don’t surprise you with unexpected costs or other problems.

Like anything digital, opportunities for malware and other cyber threats do exist. Here are some things to beware of as you protect your privacy, well-being and wallet.

In-app purchases and unauthorized transactions

Free game providers make revenue by selling upgrades to the games’ cosmetic value or the means to advance to another level of play. For example, on a popular kids’ game, players can buy special coins that help boost their overall gaming experience.

But according to a 2017 Tech Crunch article, Amazon recently agreed to refund millions of these types of in-app purchases because they were technically unauthorized – made by children on mobile devices linked to its site. Much to the parents’ regret, these transactions did not require passwords.

Apple and Google have settled similar agreements with the Federal Trade Commission.

So, keep an eye on transactions, banking records and your kids as they play. Most mobile devices even have the option of disabling or PIN-protecting in-app purchases so the little ones aren’t able to make purchasing decisions on their own.

Little extras can add up to a big cost for mom or dad. Or, in a more malicious case, someone with bad intentions could be purposely adding unwanted charges to your credit card.

Malware and privacy threats

Free mobile apps typically feature advertising and, of course, users can pay a premium to turn that off. That’s another transaction-based upgrade that turns free into not-so-free.

However, beyond the clutter and interruptions caused by real ads, malware can deliver a darker spin on free-to-play games through fake ads.

The Economic Times reports that Google has removed nearly 60 games, many of which were aimed at children, from its Play Store. The games were found to be infected with malware and bogus ads.

The malware displayed images that looked like real advertisements, causing concern and prompting users to download fake security software. The users were then encouraged to click on other links that would require payment.

Along with encouraging users to download scareware and pay for premium services, the malware also stole personal information. Those types of sensitive, personal records could include passwords, device ID’s and credit card information.

And that can lead to identity theft and even larger financial threats.

So remember, only use trusted providers, read the reviews before installing the game and there’s never any need to allow extensive access to your device or personal information. You’re just playing free mobile game apps after all.

Free-to-Play mobile gaming security tips

Transaction-based issues and malicious malware are two of the most common concerns associated with free-to-play mobile games. But by no means do they make up a complete list of potential risk factors.

This doesn’t mean you shouldn’t play free games online. But use caution. Scrutinize games labeled as free and realize that paying a reasonable price for software versus getting it for no charge is sometimes worth it.

Here are some more detailed security tips from US-CERT, the United States Government Computer Readiness Team:

• Use antivirus software
• Be cautious about opening web files
• Verify download authenticity
• Configure web browsers securely
• Back up personal data
• Use strong passwords
• Update operating and application software

With the proper care, free-to-play-games can be an entertaining, social experience. And one might even learn a few things with some of the problem-solving apps available. But as the old saying goes, there’s no such thing as a free lunch. So, be smart about what you play and how you engage with free mobile apps.

The post Use Caution with Free-to-Play Mobile Games appeared first on Webroot Threat Blog.

The Cyber News Rundown brings you the latest happenings in cybersecurity news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst and a guy with a passion for all things security. Any questions? Just ask.

New Variant of Scarab Ransomware

With a few interesting changes to the original Scarab ransomware, Scarabey is quickly targeting Russian-speaking users with brute force attacks on unsecured RDP connections, rather than with the spam email campaigns used by its predecessor. Additionally, Scarabey takes the ransom a bit further by deleting 24 files from the encrypted machine for every 24 hours that the ransom remains unpaid.

Botnets Used to Spread Cryptocurrency Miners

Following the Shadow Brokers release of NSA exploits last summer, the use of EternalBlue continues with the latest trend of using the exploit to compromise machines and turn them into cryptocurrency miners. By expanding the botnet to cover over 500,000 unique machines, the attackers have successfully brought in more than $3 million since May of 2017. The use of such a large-scale botnet can effectively mine for the more resource-intensive currencies with ease and even disrupt businesses from their normal workflow for days at a time.

Bitcoin Ads Circumvent Facebook Ban

In the past week, Facebook officially implemented a ban on all cryptocurrency-related advertisements on their site. However, the ads have continued to appear for many users with characters in the phrase ‘bitcoin’ simply misspelled. The ban was initially set to block misleading financial services and products that unknowing users might click on due to the apparent legitimacy of the ads.

Mac Software Sites Distributing Crypto Miners

As crypto miners continue to gain popularity among cyber criminals, it was inevitable that they would begin focusing on Macs. MacUpdate, a well-known software download site, was recently found to be bundling miners with commonly used applications. Luckily, some of these bundles are poorly written and often fail to launch the decoy app, which is intended to draw users’ attention away from the malicious activity. To make matters worse, several other download sites were also affected and waited far too long to remove the malicious download links from their servers.

Tech Scammers Exploit Chrome Flaw

Tech scammers have long been the bane of legitimate software companies and their support teams. The latest trick, however, can easily bring an unsuspecting user to a full panic attack by simply rendering a Chrome browser completely unusable. First it displays an error message and then silently forces the browser to save a random file to disk at such a pace that the machine’s CPU maxes out and leaves the computer in a ‘locked’ state in the hopes that the victim will actually contact the phony support number being displayed.

The post Cyber News Rundown: Scarab Ransomware Strikes Back appeared first on Webroot Threat Blog.

In a month where matchmaking is in high demand, we took a look at recent trends around online dating sites using Webroot Brightcloud Threat Intelligence Platform. What did we find? Valentine’s Day sends cybercriminals on the prowl, and not for a soulmate.

On average, visits to dating websites increase by 53 percent in the month of February, relative to the three months prior. There is also a 342 percent increase in visits to greeting card domains on Valentine’s Day relative to Christmas Day.

Cybercriminals take advantage of this massive spike in dating interest to take advantage of victims. The heart-breaker: In the week leading up to Valentine’s Day, there is an astounding 220 percent increase in malicious URLs from the week prior. The week following Valentine’s sees a dramatic 50 percent drop in malicious URLs.

We’ve even found WordsOfHeart.com—a dating website that will find your perfect match based on your password! We can’t stress enough how much of a bad idea this is.

While the website does specify that you should not use the same password as your email or Facebook account, it’s still quite bizarre that your password would be a focal point for matching. At first glance, it appears to be a clever phishing attempt, but the site does indeed match you with other people. During initial sign up–using a weak password, no matches were found.

When trying again using the obviously weak password of password, we found hundreds of matches. Most of these “matches” appeared to be blank profiles that weren’t created for any real romance, but were rather just other people testing to see if this site was legitimate, and some were just trolling. Regardless of the functionality of the site, the entire premise behind it is something that everyone should steer clear.

Users should also exercise caution when dealing with more legitimate and established dating services. It has recently come to light that Tinder is not as secure as presumed. Tinder’s iOS and Android apps do not use basic HTTPS encryption for photos. What this means is that anyone using the same Wi-Fi network that your phone is on can potentially see your Tinder photo traffic.

Source: CheckMarx, Tinder drift demo on YouTube.

To make matters even creepier, it’s possible for hackers to actually inject photos into your Tinder photo stream, as seen in a YouTube video by security researchers at CheckMarx. Be sure to keep this in mind when connected to public WiFi at coffee shops, libraries, airports, etc. It is worth noting that this lack of encryption is only an issue on the mobile Tinder apps, and using Tinder on your laptop browser would be fully encrypted. A recent survey by Mozilla shows that still only 68% of the internet is HTTPS encrypted, which is basic level protection. We expect that Tinder will be updating their mobile apps to address this soon.

Another stigma with dating websites is the overwhelming presence of bots. This isn’t a new development and the Ashley Madison hack a couple years back revealed that overwhelming number of women on the site which led to 80% of men to purchase, according to Gizmodo. This year, China is trying to crack down on mobile apps with fake female user accounts that send automated messages to solicit new users for gifts and money, according to the BBC. Over 600 people were arrested for this lucrative “business model” that generated over $150 million for these apps. With artificial intelligence getting smarter and smarter, we expect scams like this to continue, so make sure to watch out for these tactics.

Practice safe online dating

Avoid swiping on dating apps when connected to public, unsecured networks. Make sure you’re using two-factor authentication to help ensure your online data is more secure. As soon as an account’s credentials have been compromised, it’s very common to then use that account to try and scam others since the profile is (up to that point) legitimate and not suspicious. Another option when browsing on public WiFi is to use a VPN (virtual private network).

Overall, use good judgement when it comes to online dating. Be extra vigilant about dating websites you visit, keeping note of the URLs and mobile apps you access.

The post Valentine’s Day Sends Mobile, Online Dating Scammers on the Prowl appeared first on Webroot Threat Blog.

The Cyber News Rundown brings you the latest happenings in cybersecurity news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst and a guy with a passion for all things security. Any questions? Just ask.

Winter Olympics Disrupted by Malware Attack

The Winter Olympics are in full swing, and cybercriminals seem to be working just as hard as the athletes. Their nefarious minds are focused on distributing malware that targets several internal WiFi and television systems. In addition to a delay during the opening ceremonies, the malware caused major damage to the networks by wiping non-critical network files and using stolen credentials to traverse the networks with ease. With plenty of international information on hand, it’s surprising the attack focused more on destruction over data collection.

Cryptocurrency Scams from Celebrities on Twitter

At least two dozen fake Twitter accounts impersonating celebrities, and others closely tied to cryptocurrencies, have been promising to distribute various currencies to followers. These accounts are all very similar to the real celebrities’ user accounts, barring small spelling changes, and can be found commenting amongst their target’s posts. Although Twitter appears to be working swiftly to remove these types of accounts, more continue to appear.

News Site Offers Compromise to Disabling Ad-Blockers

With the increasing popularity of cryptojacking—the process of using cryptomining scripts on highly-trafficked sites to generate revenue—Salon.com is now offering a choice to visitors: disable your ad blocker or let them use your CPU for cryptomining. While this new offering may seem unusual, it’s likely to become more prevalent, since many sites depend on ad revenue to remain operational. The logic is that most users would prefer to allow mining scripts to run over being subjected to ads.

Telegram Leaves Zero-Day Bug Unfixed for Months

Researchers discovered a vulnerability within the Telegram messenger client that would allow attackers to send malware by using a specific character to mask the actual file without making any additional changes to it. This method can be used to fully commandeer a system by sending victims a simple downloader over SMS. The downloader deploys a variety of malicious tools onto the system itself. Telegram has since resolved documented issues, which appear to have targeted mainly Russian victims from as long ago as March 2017.

Canadian Telecom Firm Faces Security Flaw

A hacker has contacted Canadian Telecom firm Freedom Mobile to inform them of the security risks that their nearly 350,000 customers could face if a flaw in their system isn’t fixed. The flaw would allow any attacker to use a brute force attack on the account login page to compromise customer information. The hacker doesn’t appear to be acting maliciously, and he has posted proof of his findings, along with a strong recommendation that Freedom Mobile re-examine its security offerings.

The post Cyber News Rundown: Malware Attack Targets 2018 Winter Olympics appeared first on Webroot Threat Blog.