Quantcast
Channel: Webroot Blog
Viewing all 1110 articles
Browse latest View live

Twitter is a Hotbed for Crypto Scam Bots

0
0
Reading Time: ~3 min.

The brazen theft of cryptocurrency has been an ongoing issue for years now, mostly affecting exchanges and users who fail to store their private keys securely. But what about scams purporting to be giving free cryptocurrency away? It seems a little ridiculous, but there is a serious problem with this new incarnation of the classic “Nigerian letter” scam.

How crypto scams work

The scam is very simple. It asks victims to send fairly small amounts of cryptocurrency in return for a larger amount to be sent back later. The scammers often target influential Twitter accounts that likely have followers interested in cryptocurrency. After a popular account tweets—Elon Musk, for example—the scammer immediately replies to that tweet from an account imitating the influencer. So, @eloonmusk is impersonating @elonmusk, and @officialmacafee is impersonating @officialmcafee.

The biggest red flag here is that tweets pretending to be giving away crypto are not from verified accounts. They don’t have the blue checkmark badge next to their account name, which means they are NOT who they say they are. Usually, these imposter tweets will be supported by an entire botnet of fake accounts working in cahoots to increase the perceived legitimacy of the scam tweets. The tactics these bots use include liking and following each other’s posts and making fraudulent replies to these posts saying they received their Ethereum or Bitcoin successfully. They will even host scam websites that show “proof” this scheme is legitimate.

In an attempt to thwart such scammers, leaders in the crypto community have gone as far as to change their Twitter account names to include explicit warnings that they are not giving away cryptocurrency. Ethereum founder Vitalik Buterin is an example of this method, as well as one of the users most commonly targeted by the scam.

Despite the bold disclaimer, scammers refuse to be shaken and continue to adapt their profiles and language to deceive victims.

What can be done to combat crypto scams?

Recently, Twitter attempted to remedy crypto scams by shadow banning the spammer accounts, but several cryptocurrency influencers were caught amid the ban and experienced temporary issues with their accounts.

“People just started DMing me that they couldn’t see my tweets in threads,” Twitter user @cryptomom told CoinDesk. “It would say ‘tweet unavailable.’ Others said they aren’t getting notifications when I tweet. But no word from Twitter. There is some really weird shit going on for crypto Twitter people right now. A rash of permanent bans and suspensions.”

Adding to confusion, Twitter mistakenly verified an account posing as Tron founder Justin Sun.

Cryto scams could prove to be a hurdle for Twitter and its users who’re active in the crypto space. It’s important for people to understand that these scams will NEVER pay you. These fake accounts will do their best to prove their legitimacy, but they are just preying on the greed of victims.

Twitter will need to introduce new methods for combatting this type of spam. Twitter CEO Jack Dorsey recently announced a new verification process is coming that will make it easier for all users to obtain verification, according to the Chicago Tribune. This change will help the numerous crypto organizations and influencers on Twitter establish a verified presence. It is important for users to be protected from predatory scammers, while also protecting the integrity of a platform that has become a major hub for cryptocurrency discussion and information sharing.

What do you think can be done to stop cryptocurrency scams on Twitter? Join me in the Webroot Community or drop me a line in the comments below!

The post Twitter is a Hotbed for Crypto Scam Bots appeared first on Webroot Blog.


Cyber News Rundown: Atlanta Ransomware Attack

0
0
Reading Time: ~2 min.

The Cyber News Rundown brings you the latest happenings in cybersecurity news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst and a guy with a passion for all things security. Any questions? Just ask.

City of Atlanta Faces Ransomware Roadblock

In the past week, the city of Atlanta has been dealing with the aftermath of a ransomware attack that effectively halted the police department’s Special Operations Section, which monitors non-emergency city functions. In a surprising twist, however, the ransomware author’s contact portal was leaked through several media outlets, prompting the author to remove the portal entirely and leaving the city with no means of paying the ransom. While the city was able to quickly return to normal operations for most employees, the recovery process will likely be ongoing for some time.

Facebook’s Data Collection Larger Than First Thought

Over the past week or so, researchers have been taking a deeper look into the data being collected by Facebook, with or without users’ permission. It was revealed that, due to lax API permissions for the Facebook installation on older versions of Android, Facebook was allowed to gather both call and SMS logs without user opt-ins. For some, extensive details of calls made by users were meticulously stored for up to several years. Details included call duration, recipient, and the date and time of the call. While Facebook claims any stored data is deleted if the user chooses to revoke permissions, users have been able to download their own data after removing the app, as the opt-in feature is the default setting when installing Facebook for the first time.

UK Anti-Doping Agency Hit By Cyber Attack

Recently, the UK’s anti-doping agency was targeted by an attack attempting to access drug testing and medical records for athletes. A Russian hacking group is believed to be responsible, as the attack comes not long after a doping scandal that affected several Russian athletes. Fortunately, the anti-doping agency has confirmed that no data was compromised in the attack and a simple reboot of their servers was all the remediation necessary.

Facebook Boosting Bounty Hunter Program After Data Handling Debacle

Following the latest scandal regarding the misuse of user data by third-party apps, Facebook has begun a complete overhaul of their bug bounty hunter program. In addition, they are reworking the company’s app review system to better determine permissions needed by apps that request access to a user’s friends list. Finally, any apps running on the Facebook platform that have been found to misuse customer data will be permanently blocked from accessing the development platform.

Sanny Malware Receives Multi-Step Delivery System

While Sanny has been well known and documented for several years, a new update has completely changed the delivery method of the malware. By portioning out the steps in the attack, rather than deploying everything in one drop, Sanny is capable of bypassing any UAC prompts and making multiple checks for the operating system version. Once the malicious macro is launched from within the email attachment, it checks for the specific OS and begins downloading additional files to bypass any OS security checks and executes its final payload.

The post Cyber News Rundown: Atlanta Ransomware Attack appeared first on Webroot Blog.

Re-Thinking ‘Patch and Pray’

0
0
Reading Time: ~3 min.

When WannaCry ransomware spread throughout the world last year by exploiting vulnerabilities for which there were patches, we security “pundits” stepped up the call to patch, as we always do. In a post on LinkedIn Greg Thompson, Vice President of Global Operational Risk & Governance at Scotiabank expressed his frustration with the status quo.

Greg isn’t wrong. Deploying patches in an enterprise department requires extensive testing prior to roll out. However, most of us can patch pretty quickly after an announced patch is made available. And we should do it!

There is a much larger issue here, though. A vulnerability can be known to attackers but not to the general public. Managing and controlling vulnerabilities means that we need to prevent the successful exploitation of a vulnerability from doing serious harm. We also need to prevent exploits from arriving at a victim’s machine as a layer of defense. We need a layered approach that does not include a single point of failure–patching.

A Layered Approach

First off, implementing a security awareness training program can help prevent successful phishing attacks from occurring in the first place. The 2017 Verizon Data Breach Investigations Report indicated that 66% of data breaches started with a malicious attachment in an email—i.e. phishing. Properly trained employees are far less likely to open attachments or click on links from phishing email. I like to say that the most effective antimalware product is the one used by the best educated employees.

In order to help prevent malware from getting to the users to begin with, we use reputation systems. If almost everything coming from http://www.yyy.zzz is malicious, we can block the entire domain. If much of everything coming from an IP address in a legitimate domain is bad, then we can block the IP address. URLs can be blocked based upon a number of attributes, including the actual structure of the URL. Some malware will make it past any reputation system, and past users. This is where controlling and managing vulnerabilities comes into play.

The vulnerability itself does no damage. The exploit does no damage. It is the payload that causes all of the harm. If we can contain the effects of the payload then we are rethinking how we control and manage vulnerabilities. We no longer have to allow patches (still essential) to be a single point of failure.

Outside of offering detection and blocking of malicious files, it is important to stop execution of malware at runtime by monitoring what it’s trying to do. We also log each action the malware performs. When a piece of malware does get past runtime blocking, we can roll back all of the systems changes. This is important. Simply removing malware can result in system instability. Precision rollback can be the difference between business continuity and costly downtime.

Some malware will nevertheless make it onto a system and successfully execute. It’s at this point we observe what the payload is about to do. For example, malware that tries to steal usernames and passwords is identified by the Webroot ID shield. There are behaviors that virtually all keyloggers use, and Webroot ID Shield is able to intercept the request for credentials and returns no data at all. Webroot needn’t have seen the file previously to be able to protect against it. Even when the user is tricked into entering their credentials, the trojan will not receive them.

There is one essential final step. You need to have offline data backups. The damage ransomware does is no different than the damage done by a hard drive crash. Typically, cloud storage is the easiest way to automate and maintain secure backups of your data.

Greg is right. We can no longer allow patches to be a single point of failure. But patching is still a critical part of your defensive strategy. New technology augments patching, it does not replace it and will not for the foreseeable future.

The post Re-Thinking ‘Patch and Pray’ appeared first on Webroot Blog.

Cyber News Rundown: Breaking Panera Bread

0
0
Reading Time: ~2 min.

The Cyber News Rundown brings you the latest happenings in cybersecurity news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst and a guy with a passion for all things security. Any questions? Just ask.

Panera Ignores Security Flaw for Months

This week it was revealed that Panera failed to disclose or resolve a data breach affecting nearly 37 million customers for more than eight months. When researchers initially reached out to the company in August of last year, Panera officials believed the e-mail to be spam and ignored it until the researcher followed up about the leak. While a resolution has finally been put forth by Panera, their attempts to downplay the leak to the media and extreme delay in taking action are unacceptable for an organization of that size.

Indian Utility Company Facing Ransom

A regional power utilities system in India was recently breached and now finds their billing data held hostage for nearly 20 Bitcoins. While officials are the cause of the attack, the billing systems are already back to normal, as there were several methods for backing up the data. The affected site was one of two that monitor many districts’ electricity billing throughout the region.

Under Armour Fitness Tracking App Breached

Under Armour announced this past week that their MyFitnessPal app had been subject to a data breach potentially affecting nearly 150 million users. Fortunately, the breach seems to contain only usernames, email addresses, and passwords for the app. Customers’ more sensitive information is stored beneath another layer of encryption. Under Armour has since released a full FAQ site along with a public statement in less than a week from the initial discovery.

Employee Info Leaking from Live Chat Widgets

Several live chat widgets have been found to expose a considerable number of personal details for employee conducting the chats. What’s more worrisome, the offending widgets can be found on hundreds of the largest websites, though the data being leaked varies based on company data policies. At least one of the notified widget creators has acknowledged the issue and will hopefully resolve it quickly.

High-end Retailers Have Payment Data Stolen

At least three separate high-end retailers recently disclosed a payment system breach that could impact millions of recent customers. A few hundred thousand cards have already been released, with the hacker group known as JokerStash promising to release more than 5 million in total, likely split amongst the stored data of the three retailers.

 

The post Cyber News Rundown: Breaking Panera Bread appeared first on Webroot Blog.

Cyber News Rundown: Hacktivists Strike YouTube Music Videos

0
0
Reading Time: ~2 min.

The Cyber News Rundown brings you the latest happenings in cybersecurity news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst and a guy with a passion for all things security. Any questions? Just ask.

Music-Oriented YouTube Channels Hacked

Within the last week, hackers have defaced multiple YouTube music videos, focusing largely on Vevo channels with high view counts. Most of the videos were quickly taken down after suspicious upload activity was found on several accounts, leaving some videos with the statement “Free Palestine” in the description. Vevo worked quickly to resolve the defacement and is in the process of returning the affected videos to viewable status.

Pen Test Reveals Security Risks for Radar

Researchers have recently been working to determine if radar is truly secure, as industry professionals have claimed, since it doesn’t interact with the Internet. Unfortunately, after a bit of effort, these same researchers were able to successfully breach the core systems for radar on a Navy vessel and modify it enough to set the ship off course without raising alarms. The system, had it been maliciously compromised, could have easily run the ship aground or sent off on a dangerous interception course. In addition to taking control of the vessel, the researchers were also able to remove all radar detections and leave the ship effectively blind in the water.

Majority of Android Users Denied Consent to Facebook over Data Collection

In a recent survey, nearly 90% of the 1,300 users had refused consent to Facebook for collecting SMS and call data. Unsurprisingly, Facebook has replied that the choice was an opt-in rather than out and users should have been asked, though many agree that no choice had ever been presented to them. Some users have even reported seeing over two years worth of call and SMS data saved within their Facebook account’s data.

Facebook Announces Permissions Change

In the wake of the Cambridge Analytica fiasco, Facebook has made multiple changes to its policy on app permissions that collect user data. Any app that hasn’t been accessed within the last 90 days will require the user to go through the Facebook login page and re-consent to any data collection that may take place. These changes will not be immediate, but instead rolled out over a two-week period, giving users time to decide which apps they want to use and letting expired data tokens be deleted.

Department of the Interior Faces Malware Infection

Nearly three years after the data breach within the Office of Personnel Management, the Interior Department is still having issues with properly securing their systems. The latest internal threat stems from a US Geological Survey employee who was found to be watching pornography and saving the videos to an external hard drive, which led to their computer hosting Russian malware. This likely ties back to the department relying on automated security systems, rather than having trained personnel actively monitoring for malicious activity.

The post Cyber News Rundown: Hacktivists Strike YouTube Music Videos appeared first on Webroot Blog.

Cyber News Rundown: Russia Bans Telegram

0
0
Reading Time: ~2 min.

The Cyber News Rundown brings you the latest happenings in cybersecurity news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst and a guy with a passion for all things security. Any questions? Just ask.

Russia Blocks Millions of IPs to Halt Use of Telegram

Recently, Russia has been putting pressure on Telegram, an end-to-end encrypted messaging service, to release a master key that would allow Russian officials to monitor suspected terrorist communications. Many of the blocked IPs belong to Amazon and Google, which have prompted Telegram users to switch to VPN services to continue using the app.

Facebook Accounts Breached by Stress Relief App

Within the last week, nearly 40,000 Facebook accounts have been compromised after users installed a stress relief painting program that silently steals available browser data. Likely being spread through spam emails, the malware itself runs a fully functional painting program that closely imitates the recently defunct Microsoft Paint and continues to gather data anytime its host computer restarts.

New Cryptominer Bypasses Open Browser Requirement

A recently discovered cryptominer functions like most previous miners, though its XMRig has been updated to no longer require an open internet browser session to begin its This change is significant, as it means the malware itself has been changed from being internet-reliant to endpoint-based, which allows it to function on the infected device without user interaction. While XMRig is still not the most prolific cryptominer currently operating, it’s believed to have spread to over 15 million unique endpoints around the world.

Tax Season is Open Season for Cyber Criminals

As the 2018 tax season wraps up, officials are working hard to determine if high volumes of tax returns being sent from individual computers are from tax professionals or criminals. While the IRS does have methods for stopping massive quantities of returns from being issued from a single device, tax professionals regularly file up to hundreds of returns per year. So how do they determine if they are legitimate or not? Now, cybercriminals have also recognized this loophole and have begun targeting pros, rather than individuals, to stay undetected while submitting fraudulent tax returns.

Microsoft Engineer Charged for Ransomware Money Laundering

A Microsoft employee was charged this week with laundering money accrued from a Reveton ransomware variant that was used as a prominent screen-locker several years ago. The engineer is accused of transferring over 100,000 USD to a partner in the UK that had been extorted as ransom for restoring the system to its normal functionality.

The post Cyber News Rundown: Russia Bans Telegram appeared first on Webroot Blog.

After the Hack: Tips for Damage Control

0
0
Reading Time: ~4 min.

According to the Identity Theft Research Center, in 2017 alone, nearly 158 million social security numbers were stolen as a result of 1579 data breaches. Once a cybercriminal has access to your personal info, they can open credit cards, take out loans that quickly ruin your credit, or leave you with a giant bill. But that’s not all. Many people don’t realize that, depending on how much information a hacker gets and what their intentions are, you could lose a lot more than money. From sending malware to your contacts from your account to spamming your coworkers with phishing attacks to compromise your employer’s network, the damage a hacker can wreak on your personal and professional life can extend far beyond the monetary bounds.

Additionally, according to Dave Dufour, VP of Engineering and Cybersecurity at Webroot, we’re seeing more evolution in cybercriminal tactics that take advantage of internet users and their trust:

“What’s happening lately is that people are hacking social media accounts. Why would anyone want your social media information? One reason is that, if I have access to one of your social media accounts, I can spread malware to all your followers who trust you. Pretending to be you, I can send out a link, your followers click it, and my malware is now on all of their devices.”

So, what do you do if you’ve been hit with malware, ransomware, phishing, or a social media attack? First, don’t panic. Second, follow these steps to deal with the fallout.

You’ve been hacked. Now what?

Change your passwords
The first step is one you’ve probably already heard: change all your passwords. Yes, all of them. Don’t forget make them strong by using at least 12 characters, changing out at least two or three of the characters to uppercase, using numbers or symbols (e.g., replacing an A with a @ or an S with a 5), avoid using places you’ve lived, acquaintances names, your pets, birthdays, or addresses—and don’t even think about using ABC or 123. If you have trouble keeping track of your passwords, we recommend you use to a secure password manager application that saves your credentials in an encrypted database and automatically fills them in when you log into a site.

Turn on two-factor authentication
Most accounts that house your personal information, such as email or banking, offer two-factor authentication. This provides an additional layer of security that goes beyond your username and password by asking you to confirm your login with an extra step, such as a short-term security code sent via text message or phone call. You can turn on two-factor authentication from the login screen of the account.

Check for updates
One of the best ways to keep your devices protected is to update your operating system regularly and ensure that any applications you use are patched and up to date. If you have questions, you can always call your device provider’s helpline. To make things even easier, most systems and software allow you to set up Automatic Updates, so you don’t have to worry about remembering to check for them manually.

Install antivirus protection and run a scan
Antivirus software is an extremely beneficial tool that doesn’t just help detect and remove malicious software that could be lurking on your computer, it can also stop threats before they infect your device in the first place. But be careful: avoid the temptation to download a free antivirus program, as these often come bundled with malware or potentially unwanted applications. Instead, invest in a reputable option. Once installed, be sure to run a scan and turn on automatic scans and updates.

Delete sensitive data from the compromised account
As soon as you realize you’ve been hacked, go to the compromised account and delete any sensitive data you can. For example, if you know you’ve stored your credit card information, bank statements, social security number etc. in your email or on any retail site, immediately delete them from those locations. This also goes for any personal photos or information you wouldn’t want released. And don’t forget to clear out your folders on any cloud services, such as Dropbox, Google Drive™ or iCloud®.

Monitor bank statements and account activity
One of the top motivations of a cyberattack is to steal your money or identity to go on a shopping spree or use your financial accounts in some way. Be vigilant about monitoring your accounts for recent activity and check to make sure no new shipping addresses, payment methods, or accounts have been added. Also, call your bank and let them know about the incident so they can have their fraud department monitor your accounts.=

Deauthorize apps on Facebook, Twitter, Google, etc.
To protect your accounts and remove malicious individuals, check which apps are connected to your social media accounts and deactivate all of them. Did you sign into a site using your Facebook so you could see which historical figure you look like? That’s an example of something you should deactivate. You can find directions on how to do this for each account in its help or settings section or by contacting the associated customer service line.

Tell friends you’ve been hacked, so they don’t become victims, too
Another important step to take after you’ve been hacked is to alert your contacts. Many social media and email attackers will send messages from your account that contain malicious links, attachments, or urgent requests for money. Letting contacts know right away that your account has been compromised, and what to watch out for, can save them from the same fate.

Because technology continues to advance and the number of connected devices is growing exponentially, being the target of a cyberattack or identity theft is becoming more commonplace. But we’re here to help. Learn more about protecting yourself and your family online, and what you can do to stay safe from modern cybercrime.

The post After the Hack: Tips for Damage Control appeared first on Webroot Blog.

The STEM Pipeline: What Can You Do?

0
0
Reading Time: ~2 min.

Take Our Daughters And Sons To Work Day is today, and while your initial reaction may be to make a note to call in sick that day (heck, that was my gut instinct), resist the urge.

It’s one day that is a great reminder for the entire year. We all need to do more to fill the pipeline for STEM careers. That’s Science, Technology, Engineering, and Mathematics.

You may be asking, what do you mean by “do more”? You may not work in tech yourself or perhaps your kids aren’t interested in science, or maybe you don’t even have kids.

That’s no excuse.

According to the Pew Research Center, employment in STEM occupations has grown 79 percent since 1990, from 9.7 million to 17.3 million, outpacing overall U.S. job growth. And companies are feeling the pinch. ESG Research conducted a study that found 51 percent of respondents were dealing with a skills shortage. They simply can’t find the talent to fill the roles.

That’s where it gets concerning for everyone, whether they are a parent, a business owner, or a techie. We need bodies to fill the technical roles of today, let alone the future.

Now that I have your attention, here is some advice for what you can do to help create the STEM leaders of tomorrow.

  1. Realize not everyone is going to want to be an engineer. And that’s okay. You need marketing people, communicators, project managers that like working in the field and can bridge the gap with their soft skills between the true data heads and the rest of the world.
  2. I’m not pushing for a PhD. There are many paths to a technical career that don’t start with a four-year college degree. But they all do start with curiosity. I know many cybersecurity professionals who came to the field with a networking certification or other technical program background and even more that were self-taught. They watched a lot of YouTube videos, read a lot of blogs, and took apart their computers. There also is a lot of opportunity for those in the military who were trained to handle various programming tasks. Encourage people from all walks of life and backgrounds to tap into STEM fields.
  3. Take your kids (or the neighbor’s kids) to work with you. Really. Even if you don’t work in tech, try to show the kids what you do every day, then ask if someone in your IT department can chat with them too.
  4. You didn’t think I’d get through this without mentioning LEGOS, did you? LEGOS are the ultimate toy for sparking interest in STEM fields. Once kids graduate from basic blocks, there are many options like the BOOST line. They have a robot you can build and control via a mobile app. Enough said.
  5. Snap Circuits. Another awesome toy that makes building electronics fun.
  6. Programming can be for all ages. Prime younger kids to program with fun tools, like Scratch, Blockly, and Alice. You might even learn something!

This is a small list of ideas. I know there are many more out there. But I challenge everyone to think about what they can do to help create the next generation of STEM professionals. I know Webroot is participating in Take Your Sons and Daughters to Work Day this year and I look forward to chatting with the participants about what I do each day to make the internet a little bit safer.

The post The STEM Pipeline: What Can You Do? appeared first on Webroot Blog.


Cyber News Rundown: Amazon DNS Service Hijacked

0
0
Reading Time: ~2 min.

The Cyber News Rundown brings you the latest happenings in cybersecurity news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst and a guy with a passion for all things security. Any questions? Just ask.

Amazon IPs Rerouted for Several Hours

Early Tuesday morning attackers compromised an ISP that allowed them to reroute 1,300 IP addresses belonging to Amazon’s Route 53 DNS service. Amazon quickly released a statement on the issue and clarified that it was a specific vendor’s domain that was sharing the traffic across multiple peer networks. In doing so, the attackers were able to masquerade as MyEtherWallet.com, which netted them over $150,000 in cryptocurrency.

Middle East Ride-Hailing App Compromised

In an announcement at the beginning of this week, the ride-hailing app Careem addressed a data breach that occurred in mid-January. The breach could affect nearly 14 million customers, though officials have stated that no payment information was amongst the compromised data, as it is stored off-site. Fortunately, the breach shouldn’t affect anyone who signed up for the app after January 14.

Complaints of Tech Support Scams on the Rise

Over the course of 2017, Microsoft saw a 24% rise in the number of complaints regarding tech support scams their customers fell victim to. This increase is similar to the findings of the FBI’s Internet Crime Complaint Center, which saw an 86% change from the previous year. While the tactics used have not varied much, the number of scam calls have gone up significantly and have branched out to include both Mac and Linux users.

City of Atlanta Closing in on $3 Million Mark for Ransomware Recovery

It was recently revealed the City of Atlanta has spent close to $3 million to recover from a ransomware attack nearly a month ago. Though the original ransom was set at $51,000, paying it would not guarantee a swift resolution. Even now, Atlanta is still working on returning its systems to full working order. The delay may have been lengthened by the unknown amount of time the hackers had access to its system.

Malicious Crypto-miner Disables System Security

The newly dubbed PyRoMine, a cryptocurrency miner, which uses the EternalRomance NSA exploit to propagate, has been spotted in the wild over the past month. By disabling any security services it encounters, as well as Windows Updates, the malicious VBScript is able to compromise RDP to allow consistent traffic through port 3389. Even though it hasn’t spread widely, the number of unpatched machines still accessible to malware authors is a goldmine just waiting to be found.

The post Cyber News Rundown: Amazon DNS Service Hijacked appeared first on Webroot Blog.

RSAC 2018: “Clearing A Path for More Conversation and Context”

0
0
Reading Time: ~2 min.

Two big trends stood out at RSAC 2018. Many organizations that once thought all threat intelligence was created equal have gained appreciation for quality data feeds that deliver real-time information vs. crowdsourced or static lists. Endless alerts and flashy numbers are no longer enough. Companies want to know the “why?” and “what actions they can take?”

“What this tells me is that Webroot is in the right place at the right time with the best solution, and that is a great place to be,” said Michael Neiswender, vice president, embedded security sales.

The subtle messages of small-to-medium businesses (SMBs) and managed service providers (MSPs) demanding a certain focus didn’t fall on deaf ears. The question asked over and over was “how do you get into the SMB space?” There was a clear understanding that it’s a hot market, hard to penetrate, and has specific needs. SMBs require solutions architected from the ground up for multitenancy, high efficiency, and ease of use—customer experience cannot be neglected.

David Dufour, vice president, engineering said, “MSPs are a big business. A lot of people are aware of it, but they don’t know how to attract that market. We’re in a really good position as a company because we understand them.”

Big Conversations

As Webroot spoke with industry peers during the four-day cybersecurity conference, the conversations led to a few more themes.

Real Threat Intelligence is King

Security professionals have a desire for real-time, quality threat intelligence. They are looking for insights that draw from multi-geo, -device, and -businesses. How the updates are delivered to the customer is also of importance. The reality is the scale of threats and the associated risks facing organizations is increasing at a rate companies are finding difficult to manage.

Security is Everyone’s Responsibility

The idea of inherent security will become more mainstream. All companies will have to start thinking and acting like security companies, putting user education first. Loosely handling personal data is no longer an option. GDPR will make sure of that. Simple: your weakest link can be your strongest defense if properly trained.

Getting Back to Basics

Fundamental concepts of cybersecurity are as relevant as ever. The basics at their core address security as a requirement for businesses today in our connected environment. To be effective using cybersecurity start by following the basic fundamental concepts of protect, detect, respond, recover, and user training.

Into the Future

Threat intelligence will continue to offer a powerful position for those who choose to listen to the industry. As Webroot prepares for greater growth in the coming months and years, we are uniquely positioned for the future. You can expect more threat intelligence insights via our Annual Threat Report and Quarterly Threat Trends; continued investigation into our partners’ needs; and solutions that will meet partners where they are.

More companies will realize their customers want them to look at them in a new light. They will also begin to ask the right questions to provide solutions that uniquely address the concerns security professionals have when building their own internal security programs.

“There were companies that I could tell had methodically built out platforms to address specific threats,” said Gary Hayslip, chief information security officer. “These vendors differed from their competitors, because they knew what issues to solve and their technologies were uniquely focused on providing value by integrating with broader platforms to manage risk.”

The post RSAC 2018: “Clearing A Path for More Conversation and Context” appeared first on Webroot Blog.

‘Smishing’: SMS and the Emerging Trend of Scamming Mobile Users via Text Messages

0
0
Reading Time: ~3 min.

Text messages are now a common way for people to engage with brands and services, with many now preferring texts over email. But today’s scammers have taken a liking to text messages or smishing, too, and are now targeting victims with text message scams sent via shortcodes instead of traditional email-based phishing attacks.

What do we mean by shortcodes

Businesses typically use shortcodes to send and receive text messages with customers. You’ve probably used them before—for instance, you may have received shipping information from FedEx via the shortcode ‘46339’. Other shortcode uses include airline flight confirmations, identity verification, and routine account alerts. Shortcodes are typically four to six digits in the United States, but different countries have different formats and number designations.

The benefits of shortcodes are fairly obvious. Texts can be more immediate and convenient, making it easier for customers to access links and interact with their favorite brands and services. One major drawback, however, is the potential to be scammed by a SMS-based phishing attack, or ‘Smishing’ attack. (Not surprisingly given the cybersecurity field’s fondness for combining words, smishing is a combination of SMS and phishing.)

All the Dangers of Phishing Attacks, Little of the Awareness

The most obvious example of a smishing attack is a text message containing a link to mobile malware. Mistakenly clicking on this type of link can lead to a malicious app being installed on your smartphone. Once installed, mobile malware can be used to log your keystrokes, steal your identity, or hold your valuable files for ransom. Many of the traditional dangers in opening emails and attachments from unknown senders are the same in smishing attacks, but many people are far less familiar with this type of attack and therefore less likely to be on guard against it.

Text messages from shortcodes can contain links to malware and other dangers.

Smishing for Aid Dollars

Another possible risk in shortcodes is that sending a one-word response can trigger a transaction, allowing a charge to appear on your mobile carrier’s bill. When a natural disaster strikes, it is common for charities to use shortcodes to make it incredibly easy to donate money to support relief efforts. For instance, if you text “PREVENT” to the shortcode 90999, you will donate $10 USD to the American Red Cross Disaster Relief Fund.

But this also makes it incredibly easy for a scammer to tell you to text “MONSOON” to a shortcode number while posing as a legitimate organization. These types of smishing scams can lead to costly fraudulent charges on your phone bill, not to mention erode aid agencies ability to solicit legitimate donations from a wary public. A good resource for determining the authenticity of a shortcode in the United States is the U.S. Short Code Directory. This site allows you to look up brands and the shortcodes they use, or vice versa.

Protect yourself from Smishing Attacks

While a trusted mobile security app can help you stay protected from a variety of mobile threats, avoiding smishing attacks demands a healthy dose of cyber awareness. Be skeptical of any text messages you receive from unknown senders and assume messages are risky until you are sure you know the sender or are expecting the message. Context is also very important. If a contact’s phone is lost or stolen, that contact can be impersonated. Make sure the message makes sense coming from that contact.

The post ‘Smishing’: SMS and the Emerging Trend of Scamming Mobile Users via Text Messages appeared first on Webroot Blog.

DNS Protection Gets Major Updates

0
0
Reading Time: ~1 min.

Our most recent release of the DNS Protection agent provided customers with added features and enhancements designed to improve the overall product experience and its capabilities delivered to end users. We revamped the network detection functionality to improve accuracy and speed for roaming and off-site clients who frequently change networks.

We also addressed a variety of small bug fixes and performance improvements, such as SSL certification installation on Firefox Quantum and improvements to the agent update process.

VPN & TCP support

The Webroot DNS Protection agent now supports Juno Pulse Secure v 3.5 and Private Internet Access (client version 7.5) VPN types. This new feature enables roaming clients to access intranet assets and ensure clients benefit from DNS Protection while using a VPN.

Additionally, we added TCP Traffic support filtering. While the majority of DNS traffic is handled via UDP, certain domains and applications only use TCP. This update allows the agent to filter both UDP and TCP traffic.

Policy Configuration

We have also enhanced policy configuration with more granular policy control.  Custom policy configurations can now be applied to groups, sites, individual devices or network IP.  We’re also working to improve internet usage visibility, and are excited to make our Top Active Report available for .csv export so it can be easily integrated into other reporting tools in use.

Finally, we’re updating the GSM console to give users the availability to initiate trials and/or purchase products directly within the console.

The post DNS Protection Gets Major Updates appeared first on Webroot Blog.

Cyber News Rundown: Facebook Reveals “Clear History” Feature

0
0
Reading Time: ~2 min.

The Cyber News Rundown brings you the latest happenings in cybersecurity news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst and a guy with a passion for all things security. Any questions? Just ask.

Cyberattack Shuts Down Mexico Central Bank

Within the past week, several payment systems associated with Mexico’s central bank were compromised for an unspecified amount of time. The impacted systems led to delays with money transfers and processing of transactions for central bank customers, but officials claim no funds or data were stolen. It is still unclear how the attackers accessed the systems, though the issue has heightened awareness of possible security flaws.

Facebook Implementing History Removal Tool

In the wake of the data mishandling scandal that tarnished Facebook’s privacy standards, the company announced it’s working on a new tool that will allow users to clear browsing history and cookies from within Facebook, along with opting out of allowing Facebook to gather future browsing data. While this tool is still being created, Mark Zuckerberg has said Facebook hopes to give more privacy controls back to the users who trust the site.

Fitbit Adopts Google Healthcare API

Recently, Fitbit announced they will be integrating their current systems to incorporate the Cloud Healthcare API from Google in order to give healthcare providers better access to important data. Fitbit has been working towards this for some time by constantly improving their data analysis and providing better feedback to users and their health professionals. The partnership with Google’s API allows them to use an industry-compliant system, without the trouble of creating one from the ground up.

Northeast School District Pays Hefty Ransom

Following the April 14 cyberattack that encrypted much of a Massachusetts school district’s computer systems, local police recommended the district pay the $10,000 ransom to restore the system. While it paying ransoms is normally suggested only as a last resort, it would appear that the district wasn’t capable to restoring the systems on their own. In the end, it opted to pay the requested amount in hopes the criminals stay true to their word.

DVRs Being Compromised

A researcher recently released a tool that would allow anyone access to several brands of DVRs and illicitly obtain both device credentials and live video recordings. Using Shodan, the researcher was able to identify nearly 55,000 unique, accessible DVR devices that could be exploited with his tool using a previously discovered flaw for DVR devices.

The post Cyber News Rundown: Facebook Reveals “Clear History” Feature appeared first on Webroot Blog.

Cyber News Rundown: GDPR Edition

0
0
Reading Time: ~3 min.

As the EU’s General Data Protection Regulation (GDPR) edges closer, we’re looking back on the five most significant stories during the lead up to its implementation. Read about GDPR’s impact on data security and find out how to get prepared with five steps to compliance.

What aspect of GDPR will have the biggest impact on you or your business? Let us know in the comments below!

GDPR Myths

On April 14, 2016, the EU received its final legislative approval for GDPR, making the changes official as of May 25, 2018. Many myths surround the legislation, stirring confusion among those affected. One major myth is that GDPR compliance is focused on a fixed point in time, similar to the Y2K bug. However, GDPR will be an ongoing journey that requires a complete change to many company procedures. The regulation will begin in May 2018, so businesses may not be pleased to discover they are currently in the “grace period,” and there will not be another one after the implementation date.

Data Breached

We discovered in 2017 that many corporations are far too negligent when it comes to securely storing sensitive consumer data. It seemed like hardly a week passed without another major data breach making headlines. The year saw Equifax fall victim to the largest data breach in corporate history, Uber conceal a breach affecting 57 million users for over a year, and more than a million patients’ records stolen from the NHS’s database, to name just a few high profile cases. GDPR will not stop data breaches entirely, but the introduction of fines as high as €20 million, or 4% of annual turnover, for noncompliance should force companies to take their data responsibilities more serious.

Brexit

Britain’s decision to exit the European Union has added confusion concerning GDPR compliance for companies within the UK. In September, however, the UK updated their data protection legislation, which brings GDPR wholesale into UK law. This confirms that the UK also recognises the importance of data protection and suggests UK companies will need to be at least as careful as their EU peers. Also, any company dealing with EU citizen data (even those located outside of the EU), will be expected to comply with these standards.

Google and the Right to be Forgotten

Google received 2.4 million takedown requests under the EU’s updated ‘right to be forgotten’ laws, which have been in place for search engines since 2014. GDPR will now expand on this right to certain data subjects- giving people more control over deletion of their data once it’s no longer necessary for a company to have. Data subject rights have been enhanced, so companies that process personal data will be expected to have procedures in place to act on requests in the proscribed timeframes.

Facebook

Facebook have been in the news a lot over data rights, most recently for allegedly allowing Cambridge Analytica to harvest the data of more than 50 million Facebook users. Previously, the ICO had gotten WhatsApp to sign an undertaking in which it committed publicly to not share personal data with its parent company Facebook until the two services could do it in a GDPR-compliant way. GDPR is clearly bearing down on big companies that have been negligent with customer data previously.

How to get prepared

Are you prepared for GDPR? A company can take the following steps to help become GDPR-ready:

  1. Know the facts: GDPR is coming, so make sure everyone in your company is aware of the important components and are fully trained to comply. Examine what data your company has and who you share it with. Auditing your data will help you to understand how you can meet the terms.
  2. Privacy Information:  Revisit the procedures governing how you inform individuals about personal data your company may be holding. Make amendments to those procedures as necessary to meet GDPR requirements.
  3. Individuals Rights: Verify your procedures cover the rights of individuals, including your processes for deleting or responding to a subject access request.
  4. Enforcement and Sanctions: It should be noted that GDPR will simplify enforcement for supervisory authorities and significantly increase fines.
  5. Consent: Data must be processed lawfully. There are many legitimate bases for processing personal data. However, most companies will use consent, contractual necessity, or legitimate interest as a basis for doing so.

Did You Know?

Webroot Security Awareness Training offers GDPR-specific compliance training modules to help ensure your employees are up to speed with the new regulations, in addition to industry-specific compliance courses. Learn more at webroot.com/awareness.

The post Cyber News Rundown: GDPR Edition appeared first on Webroot Blog.

Tech Support Scams: From Bad to Worse

0
0
Reading Time: ~2 min.

Fake tech support scams aren’t going anywhere. In fact, recent data shows this type of social engineering attack is on the rise—with phony tech support calls, emails, and pop-ups peddling the digital equivalent of snake oil to unsuspecting internet users around the world.

While many people have grown wise enough to spot the warning signs of the typical tech support scam, a significant percentage fall victim, and exploiting their naivety can prove quite profitable for cybercriminals. A recent report from Microsoft describes a growing global problem: 153,000 reports were received from Microsoft customers involved in tech support scams in 2017, leading to a 24 percent rise in tech scams reported by Microsoft from the previous year. Those who lost money forked over an average of $200 and $400.

“It doesn’t require a great deal of technical knowledge to carry out a support scam, so it’s easy to see why criminals are choosing to jump into this field,” said Marcus Moreno, Supervisor of Threat Research at Webroot. “All that’s is needed is gaining the user’s trust and knowing more than they do about their computer. Whether criminals pay websites to host their fake support banners, or they proactively reach out to you, it doesn’t take much expertise.”

Due to the lucrative nature and relative success rate of these social engineering tactics, tech support fraud continues to propagate. The FBI’s Internet Crime Complaint Center (IC3) received around 11,000 cases of tech support scams in 2017, with victims claiming nearly $15 million in losses. That’s a shocking 86 percent increase from 2016!

The IC3 report also noted new variations of the typical tech support scam, with attackers resorting to posing as law enforcement to re-target previous victims by offering phony recovery assistance in exchange for a fee. Tech support scams are also turning to target cryptocurrency users, where the stakes can be higher, netting potentially thousands of dollars from a single victim.

Cold calls? Hold the phone!

The number one thing to keep in mind is that major tech companies—whether that’s Microsoft, your security software provider, or your device manufacturer—will never call you out of the blue. Beyond attempting to dupe a victim out of a fee for fake support services, cybercriminals can also try to gain remote access to your computer to steal personal information and install malware that can carry on the attack after the phone call has ended.

It’s also important to know that tech support scams also appear in the form of malvertising, such as pop-ups that can be found even on legitimate websites. These scam ads try to trick users with various fake system errors or malware infection warnings. Thousands of websites were recently discovered to be infected with malicious ads that lock users’ browsers and display a fake infection warning, according to SC Magazine. Web-based threats like this highlight the importance of keeping your devices updated and secure, as well as practicing safe browsing habits.

Visit our Cybersecurity Education Resources to understand more about common tech support scams and how to avoid falling victim. There you can also find blacklists of URLs and phone numbers known to impersonate Webroot and target our customers.

The post Tech Support Scams: From Bad to Worse appeared first on Webroot Blog.


Cyber News Rundown: Excel JavaScript Support May Open Door to Exploits

0
0
Reading Time: ~2 min.

Crypto Mining Makes the Jump to Excel

With the recent Microsoft release supporting JavaScript within Excel, it was only a matter of time before the scripting service was manipulated to mine cryptocurrency. Mere hours after the release, the first proof of concept appeared, with easy-to-replicate steps to get CoinHive functioning. While this proof of concept does require an Office Insider build to accomplish, it will likely be just as feasible when JavaScript is introduced into the publicly available version of Excel.

SynAck Ransomware Employs Unique Evasion Tactics

A relatively new ransomware variant, known as SynAck, has recently been spotted using an uncommon method for evading security measures. Using a procedure called Process Doppelganging, the malware can create a copy of a legitimate process and inject malicious code to be executed without running anything suspicious. Additionally, the malware is heavily obfuscated and targets numerous programs before encryption to shut down any running processes or tasks that may be necessary to encrypt.

Japanese Security Cameras Defaced

Over the past several weeks, Japanese officials have been dealing with complaints from victims whose security cameras have been hacked. These attacks arose due to negligence on the part of the camera owners, who disregarded proper security practices and failed to update the default passwords on the devices. To make matters worse, the frequency of these attacks has been steadily climbing in the last couple days, and have begun to include government-owned devices on secured networks.

Facebook Exploit Used for Crypto Mining

Researchers have recently discovered a malicious Chrome browser extension that attempts to steal account credentials for any cryptocurrency trading platform it finds on the system. By spreading through Facebook Messenger, FacexWorm can propagate quickly and begin any data gathering or cryptocurrency mining with relative ease. While most of its victims have been located in Southeast Asia, numerous occurrences have been spotted in Western European countries as well, demonstrating the extension’s reach and speed.

Phishing is Still Leading Mobile Infection Rates

In a recent report based on phishing statistics over the past year, officials found that Apple iOS® users had a significantly higher chance of receiving a phishing attempt than downloading malware. With over 4000 new phishing sites being created daily and over half of all internet usage occurring on mobile devices, it’s no surprise that attackers have shifted their focus to this immense group of users, who typically lack security software for their devices and typically don’t consider mobile security necessary.

The post Cyber News Rundown: Excel JavaScript Support May Open Door to Exploits appeared first on Webroot Blog.

Bad Apps: Protect Your Smartphone from Mobile Malware

0
0
Reading Time: ~2 min.

Smartphone apps make life easier, more productive, and more entertaining. But can you trust every app you come across? Malicious mobile apps create easy access to your devices for Android and iOS malware to wreak havoc. And there are many untrusted and potentially dangerous apps lurking around in app stores determined to outsmart your smartphone. With the average user having 35 apps installed on their phone, according to Google, it’s easy to see why smartphones can be such a easy target.

But my iPhone is safe, right?

Both Apple iOS and Android devices are targeted by hackers, and while the latter is a more popular target,  both platforms are both susceptible to various types of cyberattacks. After all, Apple’s latest version of iOS 11 was cracked just one day after its release via vulnerabilities in the Safari web browser, according to ZDNet.

Protect yourself from bad apps:

All of this means that unprotected smartphones are soft targets for cybercriminals, with weaknesses that hackers can ultimately exploit to generate revenue. The first defense is knowing that you can’t trust all apps. These tips will also help you stay protected as you search for the good ones:

  1. Download apps from reputable stores. The major, reliable providers are Galaxy Apps (Samsung), the App Store (iOS), Amazon App Store, and Google Play (Android).
    Google Play, for example, scans 50 billion apps daily to detect malware before publishing new ones.
  2. Disable “Unknown Sources” for Android devices, which prevents installing apps from sources other than the Google Play Store. So, if you use Amazon App Store, you’ll need to enable “Unknown Sources”. In that case, be mindful before allowing any other app or website to install something on your phone. It should also be noted that changes to this functionality are coming with the latest update to Android’s Oreo operating system.
  3. Keep Android USB debugging off. It can prevent outside malware from accessing your phone through corded connections, such as from a public charging station.
  4. Don’t jailbreak your iPhone. Allowing access and changes to your phone’s software can allows outsider apps that may not be trustworthy.
  5. Beware of any website, text, email, or anything asking you to install an app. Search for your own apps at the store and research all apps before installing.
  6. Beware of granting excessive permissions. Apps that perform basic functions, such as a flashlight, don’t need to access your personal information, for example.
  7. Read app reviews before installing, and review and report sinister apps. Users working together as a community can help alert unsuspecting victims to phony apps.
  8. Be cautious about providing your credit card or banking information. Avoid making transactions over apps that are not well known to you or the user community and be careful about hidden charges such as microtransactions.
  9. Install OS and other software updates. It always recommended to keep your OS and apps updated with the latest patches. It’s also smart to consider phones from vendors that release prompt security patches. Many software updates are designed to defend against malware and other emergent threats.
  10. Use trusted internet security software. No matter how careful you are, it is wise to employ a reputable layer of online security.

Prevention, prevention, prevention.

Sometimes free mobile apps, including free security software apps from unknown providers, are suspect. The convenience of a quick download and excessive trust are not worth saving a few seconds or cents. Do your research, follow these 10 tips, and protect your well-being on any mobile device.

 

The post Bad Apps: Protect Your Smartphone from Mobile Malware appeared first on Webroot Blog.

Cyber News Rundown: Chili’s PoS Breached

0
0
Reading Time: ~2 min.

Chili’s Restaurant Reveals Payment Card Breach

In the last week, officials have discovered a data breach that affects an unknown number of the chain’s 1,600 restaurants across the country. It is believed that the breach could affect customers who visited the restaurant between March and April of this year, and likely includes all payment information, though Chili’s doesn’t retain any additional customer data.

StalinLocker Requires Puzzle Code to Stop Deletion

A new screen-locking malware has been spotted that avoids the ransom and moves quickly to locking the entire screen. Once the lock screen is in place, a 10-minute countdown begins, and requests the user enter a specific code or it will begin deleting the contents of every mapped drive on the computer. Along with running a countdown timer, a picture of Joseph Stalin is displayed across the screen and the USSR anthem plays in the background.

Mexican Bank Funds Transferred Illicitly

Within the past month, the Interbank payment systems of the Mexican Central Bank were compromised, leaving millions of dollars unaccounted for. Abusing the interbank payment system allowed the attackers to immediately make the transfers and withdraw in cash. Even though some of the transfers were stopped for being suspicious, the final estimate rests at over $20 million. Fortunately for the bank’s customers, it appears that the stolen funds were from the bank’s accounts, not their clients.

Latest Dharma Ransomware Variant Uses .bip Extension

The most recent variant of the Dharma/Crysis ransomware has made some subtle changes since its previous iteration. Using a compromised RDP service, attackers are able to manually install the Dharma variant, which begins encrypting all files, including mapped and unmapped network drives with a .bip extension. Even though decryption hasn’t yet been made freely available, victims are still encouraged to attempt restoring from an external backup, as this variant will completely remove all shadow copies from the system.

Danish Train Network Hit with DDoS Attack

Thousands of Danish passengers found themselves unable to purchase train tickets from multiple sources after a DDoS attack took down the purchasing system. Some were fortunate enough to be able to purchase tickets directly from train officials, as even their staff was having difficulties communicating both internally and externally regarding the issue. Luckily, the systems were quickly restored to normal operation with no residual problems.

The post Cyber News Rundown: Chili’s PoS Breached appeared first on Webroot Blog.

Cyber News Rundown: Comcast Router Bug

0
0
Reading Time: ~2 min.

The Cyber News Rundown brings you the latest happenings in cybersecurity news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst and a guy with a passion for all things security. Any questions? Just ask.

Comcast Router Bug Leaves Credentials Unsecured

Researchers recently found a flaw in the Comcast user authentication process that would allow anyone with an account number and partial address to illicitly access WiFi networks and alter any  credentials found there. Fortunately, Comcast was quick to take down the entire site and make the necessary changes so such detailed information can no longer be gathered without proper verification.

Scam Email Warns Users of Other Scammers

A new phishing campaign is gaining traction throughout the US, with users receiving emails regarding a bank transfer of several million dollars currently being held by the Bank of England. The email itself continues by listing off a respectable number of other “scammers,” warning the victim of potential fraud linked to the listed names. While bank transfers are relatively common, it should be clear that a suspiciously large amount of money offered without context should always be approached with caution.

Teen Monitoring Software Left Available Online

Recently, a mobile app that allows parents to monitor their child’s internet browsing has left two internal servers completely accessible to the internet. While the contained information did not include any payment data, it did have email addresses and passwords for nearly all the app’s clients. TeenSafe has since taken both servers offline, though the Amazon cloud buckets were available for an undocumented amount of time with no mention of unauthorized access during that period.

Fraudulent Fortnite Apps Preceding Official Launch

As Fortnite continues its steady rise in popularity following its latest release on iOS, hundreds of phony apps have already flooded the Google Play store in advance of the Android release. One specific was downloaded over 5,000 times before researchers reported the app to the Google Security team. By promising in-game currency for downloading and rating fake apps, the spyware-laden apps quickly begin gathering call and message logs from the device while simply displaying a Fortnite icon.

Sensitive Information Found on 200 Million Japanese Citizens

Likely accumulated from several data breaches over the last few years, a dataset has been found containing the personal information of at least 200 million individuals living in Japan. The data appears to have been gathered from dozens of websites with login credentials for up to 50 unique sites and stems back to 2013. While the source of the information is still unclear, researchers have found several previous attempts to sell smaller datasets on Chinese dark web pages.

The post Cyber News Rundown: Comcast Router Bug appeared first on Webroot Blog.

Cyber News Rundown: Hackable Mercedes

0
0
Reading Time: ~2 min.

The Cyber News Rundown brings you the latest happenings in cybersecurity news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst and a guy with a passion for all things security. Any questions? Just ask.

Mercedes Keyless Entry Leads to Car Theft

It was discovered this week that criminals are using an unusual technique to steal late-model that are equipped with keyless entry. By using a frequency relay box, the criminals can boost the signal from keys, often still within the home, to trick the car into thinking they are nearby and unlocking or starting the vehicle remotely. Unfortunately, this trick is also capable of deactivating pre-installed tracking systems, leaving the owner unable to locate the stolen vehicle.

Former Employee Cause of Coca-Cola Data Breach

Coca-Cola officials announced this week that a breach had taken place that could affect the personal data of at least 8,000 employees. The breach was discovered after law enforcement contacted the company regarding a mishandled hard drive. The drive itself was removed from the company by a former employee before he left, though it is still unclear if the information was used maliciously.

Honda India Leaves Unsecure Data on Thousands of Customers Online

It was recently revealed that two Amazon S3 buckets were left publicly exposed, leaving the sensitive information on over 50,000 customers widely accessible. The buckets, originally created for users of the Honda Connect app, contain everything from names and addresses to specific car details such as the VIN and Honda Connect login credentials. Additionally, the researcher who reported the exposed S3 servers also found a note from another researcher who discovered the leak and attempted to inform the owners nearly three months prior.

VPNFilter Botnet Nearing 500,000 Units Strong

Researchers have been monitoring a new botnet as it gains significant strength across the globe, currently affecting upwards of 500,000 unique devices. Using a multi-step process, VPNFilter can access the command and control server to begin gathering and sending data, along with allowing remote code execution. Unfortunately, it is nearly impossible to detect VPNFilter, as it remains relatively hidden while running its processes.

Major Canadian Banks Faced with $1 Million Ransom

Recently, officials from two of Canada’s largest banks announced that the financial information for almost 100,000 customers had been compromised and hackers are demanding $1 million to stop its public release. To make matters worse, neither bank was aware their client’s information had been stolen until the hackers demanded ransom payment, which raises concerns about what, if any, security measures they had in place.

The post Cyber News Rundown: Hackable Mercedes appeared first on Webroot Blog.

Viewing all 1110 articles
Browse latest View live




Latest Images