PC PORTAL

Experienced. Trusted. Solutions.

Blog

By

Cyber News Rundown: WeChat Ransomware

Reading Time: ~2 min.

Touch ID Used to Scam Apple Users

Two apps were recently removed from the Apple App Store after several users reported being charged large sums of money after installing the app and scanning their fingerprint. Both apps were fitness-related and had users scan their fingerprint immediately so they could monitor calories or track fitness progress. But the apps launched a payment confirmation pop-up with the user’s finger still on the device to charge any card on file for the account. Luckily, the apps were only available for a brief period before being removed and refunds issued.

Signet Jewelers Expose Customer Order Data

Signet Jewelers, the parent company for Kay and Jared jewelers, was informed last month by an independent researcher of a critical flaw in their online sites. By simply altering the hyperlink for an order confirmation email, the researcher was able to view another individual’s order, including personal payment and shipping information. While Signet resolved the issue for future orders, it took additional weeks to remedy the flaw for past orders.

WeChat Ransomware Hits over 100k Chinese Computers

In the five days since December began, a new ransomware variant dubbed WeChat Ransom has been spreading quickly across China. With over 100,000 computers currently infected and thousands more succumbing each day, WeChat has made a significant mark. Though it demands a ransom of only roughly $16 USD, the variant quickly begins encrypting the local environment and attempts to steal login credentials for several China-based online services. Fortunately, Tencent banned the QR code being used to send ransom payments and disabled the account tied to it.

Nearly 100 Million Users Compromised in Quora Breach

Servers containing sensitive information for nearly 100 million Quora.comusers were recently compromised by unknown hackers. In addition to personal information about users, any posts or messages sent over the service were also breached. While informing affected users of the leak, Quora stated that all password data they store was fully encrypted using bcrypt, which makes it considerably more expensive and time-consuming for the hackers to break the algorithms and obtain the data. 

Marriott Hotels Breach Leaves Half a Billion Users Vulnerable

In one of the largest data breaches to date, Marriott International is under fire for exposing the personal data of nearly 500 million individuals. A class-action lawsuit has been filed against the hotel chain. For many victims, their names, home addresses, and even passport information was available on an unsecured server for nearly four years after the company merged with Starwood, whose reservation systems were already compromised.

The post Cyber News Rundown: WeChat Ransomware appeared first on Webroot Blog.

By

Introducing Microsoft 365 freelance toolkit—a solution to launch and scale your freelance workforce

Microsoft 365 freelance toolkit is a curated set of tools, templates, and best practices to help our customers launch, execute, and manage freelance programs at scale.

The post Introducing Microsoft 365 freelance toolkit—a solution to launch and scale your freelance workforce appeared first on Microsoft 365 Blog.

By

Cyber News Rundown: USPS Exposes Personal Data

Reading Time: ~2 min.

USPS Website Leaves Personal Data Available to Anyone

Within the last week, The U.S. Postal Service (USPS) has been working to resolve a vulnerability that allowed any authenticated user to view and modify the personal information for any of the other 60 million users. Fortunately, USPS was quick to fix the vulnerability before any detectable alterations were made, which could have included changes to social security numbers, addresses, and even live tracking information on deliveries.

Amazon Exposes Customer Data

Many Amazon shoppers recently received an email informing them that their personal information was released, though the announcement was light on details. To make matters worse, Amazon’s only response was that the issue has been fixed. It did not mention what the actual issue was or what may have caused it. Official Amazon forums have been bombarded with concerned customers in advance of the approaching holiday season.

IRS Audit Reveals Fraud Protection Failure

It was revealed during a recent audit of the IRS that victims of at least 89 unique data breaches received no fraud protection for their tax filings. The number of affected victims is just over 11,000, some of whom have already fallen victim to tax filing fraud for either their 2016 or 2017 tax return. IRS staff have made promises to include the missing breaches in their tracking systems as quickly as possible and to begin assisting the victims of these incidents.

Atrium Health Breach Involves 2.65 Million Patients

The names and other sensitive personal information have been compromised for over 2.65 million patients of Atrium Health after a third-party provider experienced a data breach. Over the course of a week in late September, several servers belonging to AccuDoc were illegitimately accessed, though none of the data was downloaded. Fortunately, the servers didn’t contain payment or personal medical records and Atrium Health was informed just 2 days after the incident was discovered.

New Jersey Police Computers Hit with Ransomware

Since Thanksgiving Day, the computer systems for one New Jersey police force have been taken completely offline after experiencing a ransomware attack. Computer and email systems normally used by office administrators were also shutdown as a precaution. It’s possible that the attack originated from one of the two official devices that have been missing for several months following the previous mayor’s abrupt passing.

The post Cyber News Rundown: USPS Exposes Personal Data appeared first on Webroot Blog.