A lot happens in the security world and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.
Linux Distro Compromised
This week, one of the largest Linux distro’s for Mint was targeted by hackers, who were able to successfully alter a PHP script to allow redirection to a Bulgarian-based IP. Additionally, it has been confirmed that usernames and passwords from the Mint forum database have been compromised as well. Fortunately, for most Mint users, you would have needed to install Mint 17.3 in the past week to actually have a chance of becoming infected.
Read more: https://nakedsecurity.sophos.com/2016/02/22/worlds-biggest-linux-distro-infected-with-malware/
Phishing Still A Major Issue for Companies
Spear phishing attacks continue to be on the rise, but it is still surprising how many companies are successfully attacked annually. The main cause for the success of these attacks is the human component: employees, consumers, and management. Using a more precise version of spear phishing, known as BEC or Business Email Compromise, attackers are able to spoof a high-level employee’s email account and request highly sensitive information without much questioning.
Child Tracker Database Exposed
Recently, an independent researcher uncovered a database owned by uKnowKids (a company that provides child monitoring software). Within the information that was accessible online were over 1,700 profiles of children, and many millions of private messages. The researcher was able to contact uKnowKids and inform them of the vulnerability quickly, although it is still unknown how long it was available to the public.
Read more: https://www.helpnetsecurity.com/2016/02/23/sensitive-child-profiles-private-messages-exposed-online/
Nissan’s All-Electric Car Lacks Cloud Security
As electric cars continue their steady rise into the mainstream, it has become quite convenient to have an app that displays details about your car, and can even send basic commands. Unfortunately, this accessibility can come at a cost if it’s not well secured. Nissan’s Leaf has many of these features, including charging capabilites and climate control settings, but currently lacks any authentication, other than the username which is set as your car’s VIN. Without any further authentication, anyone with the app and the VIN can send commands to start/stop charging, or view any previous driving history.
Read more: https://nakedsecurity.sophos.com/2016/02/25/nissan-leaf-cloud-security-fail-leaves-drivers-exposed
Sony Hackers Likely Tied to S.E. Asian Attacks
When Sony Pictures was hacked in late 2014, many security companies were brought in to collaborate on discovering how, who, and when. Their research has brought to light a connection with North Korean nation-state hackers who also perpetrated attacks on South Korea and the US going as far back as 2009.
Read more: http://www.reuters.com/article/us-sony-cyber-idUSKCN0VX1IR
