PC PORTAL

Experienced. Trusted. Solutions.

data breach

By

Cyber News Rundown: Hookup App Exposes Users

Reading Time: ~ 2 min.

Hookup App Leaks User Locations

Geo-locating and other sensitive data has been leaked from the hookup app 3fun, exposing the information for more than 1.5 million users. While some dating apps using trilateration to find nearby users, 3fun showed location data capable of tracing a user to a specific building or floor. Though users had the option to disable coordinate tracking, that data was nevertheless stored and available through the app’s API. 3fun has since resolved the leak and has hopefully implemented stronger security measures considering the private nature of their client’s activities.

Ransomware Attacks on DSLR Cameras

Malware authors continue to find new victims, as a ransomware variant has been found to be remotely attacking Canon DSLR cameras and demanding a ransom to regain access to the device. Researchers have found multiple vulnerabilities that could allow attackers to perform any number of critical functions on the cameras, including displaying a ransom note and remotely taking pictures with the camera. Fortunately, Canon has already begun issuing patches for some of its affected devices, though it’s taking longer to fully secure others.

Take back your privacy. Learn more about the benefits of a VPN.

Google Drive Exploit Allows Phishing Campaign to Flourish

A new phishing campaign has been discovered that uses a legitimate Google Drive account to launch a phishing campaign that impersonates the CEO asking the victim to open the Google Docs file and navigate to the phishing site’s landing page. Luckily for victims, the campaign has a few tells. The phony CEO email address uses a non-conforming naming convention and the email itself appears to be a hastily compiled template.

British Airways Data Leak

British Airways has again come under scrutiny, this time after it was discovered that their e-ticketing system was leaking sensitive passenger data. The leak stems from flight check-in links that were sent out to customers containing both their surname and booking confirmation numbers completely unencrypted within the URL. Even more worrisome, this type of vulnerability has been well-known since last February when several other airlines were found to have the same issue by the same security firm.

Android Trojan Adds New Functionality

Following in the footsteps of Anubis, an Android banking Trojan for which source code was recently revealed, Cerberus has quickly filled the void without actually borrowing much of that code. One major change is that Cerberus implemented a new method of checking if the device is physically moving or not, in hopes of avoiding detection by both the victim and any researchers who may be analyzing it. Additionally, this variant uses phishing overlays from several popular sites to further collect any login credentials or payment card data.

The post Cyber News Rundown: Hookup App Exposes Users appeared first on Webroot Blog.

By

Cyber News Rundown: Hackers Expose US Colleges

Reading Time: ~ 2 min.

Vulnerability Exposes Dozens of U.S. Colleges

At least 62 U.S. colleges have been compromised after an authentication vulnerability was discovered by hackers, allowing them to easily access user accounts. At several of the compromised colleges, officials were tipped off after hundreds of fraudulent user accounts were created within a 24-hour period. The vulnerability that was exploited stemmed from a Banner software program that is very widely used by educational institutions; however, many colleges had already patched the flawed software versions and so were unaffected.

Data Breach Affects Lancaster University Applicants

Officials recently announced that a data breach compromised the personal records of all 2019 and 2020 applicants of Lancaster University. Additionally, some applicants have been receiving fraudulent tuition invoices, which the University recommends recipients delete immediately. The breach occurred sometime on Friday, and University officials quickly began contacting the affected parties and securing their IT systems.

Facebook to Pay $5 Billion in FTC Fines

Nearly a year after the Cambridge Analytica discovery, the FTC has issued a record fine of $5 billion to be paid by Facebook in recompense for their deceitful use of the private information from their hundreds of millions of their users. The staggering sum Facebook must pay sets a strong incentive for all industries to handle their customers’ sensitive data with the appropriate security and care, and also to address follow-up actions in the wake of a breach more adequately than Facebook did.

Remote Android Trojan Targets Specific Victims

A new remote-access Trojan, dubbed Monokle, has been spotted working through the Android™ community with a laundry list of dangerous capabilities, most of which are designed to steal information from the infected devices. To make Monokle even more dangerous, it can also install trusted certificates that grant it root level access and near total control over the device.

Fake Browser Update Distributes TrickBot

As TrickBot continues its multi-year streak of mayhem for computer systems and sensitive information, criminals created a new set of fake updates for the Google™ Chrome and Mozilla™ Firefox browsers that would push a TrickBot download. The updates appear to have originated at a phony Office365 site that does give users a legitimate link to a browser download, though it quickly prompts the user to install an update which installs the TrickBot executable.

The post Cyber News Rundown: Hackers Expose US Colleges appeared first on Webroot Blog.

By

Cyber News Rundown: Evite Data Breach

Reading Time: ~ 2 min.

Over 100 Million Accounts Exposed in Evite Breach

More than 100 million users of Evite were exposed after the company’s servers were compromised earlier this year. While the company doesn’t store financial information, plenty of other personally identifiable information was found in the leaked database dump. The initial figures for the breach were thought to be much lower, as another database dump of 10 million Evite users was found on an underground marketplace around the time they discovered the unauthorized access, though that site was shut down soon after.

American Express Suffers Phishing Attack

Many American Express customers recently fell victim to an email phishing attack that used the uncommon tactic of hiding the URL domain when hovering over the hyperlink. The attack itself, which requests the victim open a hyperlink to verify their personal information before re-routing them to a malicious site, was reliably full of spelling and grammar mistakes. The phishing landing page, though, looks nearly identical to the real American Express site and even has a drop-down list to catch multiple types of user accounts.

NHS Worries Over XP Machines

Over five years after Microsoft officially ceased support for Windows XP, the UK government has revealed that there are still over 2,000 XP machines still being used by its National Health Services (NHS). Even after becoming one of the largest targets of the 2017 WannaCry attacks, the NHS has been incredibly slow to roll out both patches and full operating sytem upgrades. While the number of effected systems, the NHS has over 1.4 million computers under their control and is working to get all upgraded to Windows 10.

Google Defends Monitoring of Voice Commands

Following a media leak of over 1,000 voice recordings, Google is being forced to defend their policy of having employees monitor all “OK Google” queries. After receiving the leaked recordings, a news organization in Belgium was able to positively identify several individuals, many of whom were having conversations that shouldn’t have been saved by the Google device in the first place. The company argues that they need language experts to review the queries and correct any accent or language nuances that may be missing from the automated response.

Monroe College Struck with Ransomware

All campuses of Monroe College were affected by a ransomware attack late last week that took down many of their computer systems. The attackers then demanded a ransom of $2 million, though it doesn’t appear that the college will cave to such exorbitant demands. Currently, the college’s systems are still down, but officials have been working to contact affected students and connect them with the proper assistance with finishing any coursework disrupted by the attack.

The post Cyber News Rundown: Evite Data Breach appeared first on Webroot Blog.

By

Cyber News Rundown: GPS Vulnerabilities in Tesla Vehicles

Reading Time: ~ 2 min.

Multiple Tesla Models Vulnerable to GPS Attacks

Though it’s not the only manufacturer to offer GPS navigation in their vehicles, Tesla has once again suffered an attack on their GPS autopilot features. These attacks were able to trick the car into thinking it had arrived at an off-ramp more than two miles early, causing it to start to merge and eventually turn off the road entirely, even with a driver attempting to stop the action. Using off-the-shelf products, the test conductors were able to gain control of Tesla’s GPS in less than a minute.

Oregon DHS Successfully Phished

The personally identifiable information for at least 645,000 Oregon Department of Human Services (DHS) patients was illicitly accessed after a successful phishing attack on nine DHS employees. The attack allowed the hackers to obtain 2 million emails from the accounts, which contained everything from names and birthdates to social security numbers and confidential health information. Fortunately, the DHS issued a password reset shortly after the initial breach that stopped the attackers from getting any further and began contacting potential victims of the attack.

IP and Computer Blacklisting in New Ryuk Variant

The latest variant of the Ryuk ransomware includes an IP blacklist and a computer name check prior to beginning encryption. The IPs and computer name strings were likely implemented to stop any encryption of Russian computer systems. After these checks, the ransomware continues as normal using .RYK as the appended file extension and a ransom note that points victims to make payments to one of two proton mail accounts.

EatStreet Ordering Services Breached

A data breach is affecting the food ordering service EatStreet and possibly all of its 15,000 partnered restaurants. Payment card information for millions of customers using the app, along with some banking information for the 15,000 business partners, is believed to have been compromised in the breach. Though EatStreet quickly began improving their security and implementing multi-factor authentication following the breach, the damage was already done.

Fake System Cleaners on the Rise

While phony system cleaner apps have been common for many years, a recent study shows that user numbers for these apps has doubled from the same time last year to nearly 1.5 million. These apps often appear innocent and helpful at the outset, while others have begun taking an outright malicious approach. To make matters worse, these apps are commonly installed to fix the very issues they later create by slowing the computer down and causing annoying popups. 

The post Cyber News Rundown: GPS Vulnerabilities in Tesla Vehicles appeared first on Webroot Blog.

By

Cyber News Rundown: Radiohead Hit by Ransomware Hack

Reading Time: ~ 2 min.

Radiohead Refuses Ransom, Releases Stolen Tracks

The band Radiohead recently fell victim to a hack in which 18 hours of previously unreleased sessions were ransomed for $150,000. Rather than pay the ludicrous fee, the band instead opted to release the tracks through Bandcamp for a donation to charity. The unreleased sessions were stored as archived mini discs the band created during the years surrounding their third album, “OK Computer.”

US Border Protection Breached by Contractor

A subcontractor for the US Customs and Border Protection (CBP) agency is under scrutiny after it was revealed that they had illicitly transferred thousands of images of both license plates and travelers that had crossed the US/Mexico border in the last month. In doing so, the subcontractor broke several mandatory security policies written into a legal contract. While there is no sign of the images leaking onto the dark web, there is very little redress for the exposed travelers without proving actual harm.

Billions of Spam Emails Sent Everyday

The latest industry report on spam emails revealed that around 3.4 billion fake/spam emails are distributed across the globe each day. More worrisome is that the majority of these emails originate in the US and regularly target US-based industries. While many industries have improved security measures, larger enterprises have struggled to implement strong protection for their entire staff.

Ransomware Hits Washington Food Bank

The Auburn Food Bank in the State of Washington recently fell victim to a ransomware attack that encrypted all but one of their computers, which was isolated from the internal network. Instead of paying the ransom, the nonprofit chose to wipe all computers, including their email server, and begin rebuilding from scratch. The ransomware variant has been claimed to be GlobeImposter 2.0, which requires the victim to contact the attacker to determine the ransom demanded.

Retro Game Site Breached

The account information was leaked for over 1 million users of EmuParadise, a retro gaming site that hosts all things gaming related. The breach, which took place in April of 2018, affected 1.1 million IP and email addresses, many of which were found in previous data breaches. It is still unclear how the breach actually took place, though given the use of salted MD5 hashes for storing user data it’s clear EmuParadise could have done more to properly secure their users information.

The post Cyber News Rundown: Radiohead Hit by Ransomware Hack appeared first on Webroot Blog.