A lot happens in the security world, and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

Tax Season Leads to Rise in Phishing Attacks

As we’ve seen in the past, corporations preparing their taxes for the April deadline are a lucrative target for phishing attacks. Most recently, Seagate Technologies had such a breach in which all current and former employees’ W-2 information was compromised. This incident follows a trend of attacks that target employees by spoofing the CEO’s email address and asking for highly sensitive information.

http://www.csoonline.com/article/3040626/security/three-more-firms-hit-by-targeted-phishing-attacks-seeking-w2-data.html#tk.rss_news

Ransomware Targets Mac OS X

In the past week, it was brought to light that a new form of ransomware had hit the market and was aimed specifically at Mac users. KeRanger comes bundled with the Transmission Bittorrent client and remains dormant for three days to avoid quick detection or suspicion of the torrenting app itself. After that time period, it gathers sensitive information about the Mac and uploads to a Command & Control server, thus starting the process of encryption.

https://www.webroot.com/blog/2016/03/07/18611/

Android Users Hit with Banking Malware

Recently, a new form of banking malware, labeled as Spy.Agent.SI, has been targeting Android mobile banking users. The program will lock the device until the user enters their bank login information from one of the targeted bank apps. Currently, it appears to be focused on several large banks in Australia and New Zealand, and only impacts users who downloaded the fake Adobe Flash Player app from a third-party app store.

http://www.csmonitor.com/World/Passcode/2016/0307/Sophisticated-banking-malware-targets-Android-users?mc_cid=db5948860e&mc_eid=aa7c64b687

Facebook Password Reset Vulnerability Found

A vulnerability was discovered this past week in Facebook’s password reset functionality. While a brute-force attack would be impossible on the facebook.com main website, due to a lock-out feature that triggers after a certain number of failed password tries, several of their other domains do not have this capability. This lack of security in the less trafficked sites within the facebook.com domain allowed the researcher to perform a brute-force attack on his own account, and successfully gain access to the account.

https://nakedsecurity.sophos.com/2016/03/08/how-one-man-could-have-broken-into-any-facebook-account/?

Hotel Chain Major Target for PoS Malware Attack

This week, Rosen Hotels & Resorts Inc. announced that they had fallen victim to a PoS malware infection on their credit card processing systems, which had first been discovered over a year earlier. The company is still unsure how many customers or locations were affected by the attack, which focused primarily on cardholder information, but have begun notifying customers whose information may be compromised.

http://news.softpedia.com/news/rosen-hotel-chain-had-a-pos-malware-infection-for-17-months-501530.shtml?

Connor Madsen

About the Author

Connor Madsen

Threat Research Analyst

As a Threat Research Analyst, Connor is tasked with discovering and identifying new malware variants, as well as testing current samples to ensure efficacy. Don’t miss the latest security news from around the world in his weekly Cyber News Rundown blog.

Share This