There’s a lot that happens in the security world, with many stories getting lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.
Rio Olympics: A Cyberthreat Goldmine
With the 2016 Olympic games right around the corner, it’s already being anticipated as a highly targeted event for cyber criminals. With lax cyber-crime laws in Brazil coupled with hackers that are well versed in banking data theft, visitors to Rio should be cautious of any suspicious emails they might receive and of the many ATMs and card-reading machines that could contain malware. Additionally, mobile users should be wary of accessing unsecured WiFi networks as there is no way to tell who else may be monitoring the traffic being sent through.
Pokémon Go Spawn Locations Revealed
In the weeks since Pokémon Go’s release, the game has brought a sweeping wave of change over the world, providing players the incentive to explore the world around them and to interact with others also playing the game. However, some users have taken the hunt for Pokémon a step further – by monitoring the data traffic being sent to and from the Pokémon Go servers and producing a Google Maps layout showing all local Pokémon that are currently spawned. While this does breach Niatic’s terms of service, the users in question believe it to be more of a service to other players, rather than for personal gain.
Two-Factor Authenticated Calls Exploited for Major Profits
Many service providers offer VoIP calls, but one researcher found a method to make hundreds of calls to a premium-rate number that he owned at a profit nearing $750,000 before the process would be terminated. By exploiting this bug from Google, Microsoft, and Instagram, the researcher could have turned an annual profit well into the millions. Fortunately, he was able to contact the bug bounty programs for each company and ensure the vulnerabilities were patched before any hacker exploited them.
Ransomware ‘Customer Service’ Willing to Haggle
Thousands of users become the victims of ransomware annually, and while law enforcement agencies argue both for and against paying the ransom, the fact is that customer support for these criminals has improved immensely. This increase likely stems from the malware authors knowing they can still make money, although the amount may be less than their initial ransom, if they are willing to work with their victims to pay it. In a recent study, 3 out of 5 ransomware variants’ ‘customer support’ agents (aka employed cybercriminals) were willing to negotiate a lower ransom if the victim remained firm against paying a high amount in order to get something rather than nothing.
Oracle Patches Record Number of Bugs
In what might be their biggest patch update ever, Oracle has pushed a critical patch that covers 276 different bugs found across hundreds of their products. Many of the vulnerabilities were remotely exploitable and could have been extremely damaging had they been discovered in the wild. While some of the updates are based around non-network connected applications, Oracle still advises to push the updates quickly to ensure against any unauthorized access.
https://www.helpnetsecurity.com/2016/07/20/oracle-squashes-276-bugs/
Hi, would be nice to have Threat Recap as a weekly newsletter. It’s possible to subscribe it?
Update: with the release of our new Consumer Website, they have added the functionality to Subscribe to our Threat Blog with an RSS Feed! 🙂
https://www.webroot.com/blog/feed
If you are unfamiliar, there are many ways to Subscribe to RSS Feeds. You can use an extension directly in your browser (Chrome or FireFox) or there are many Websites that allow you to subscribe to feeds for free.
How to Subscribe to a RSS Feed
I’m not super familiar with the differences between all of the choices available to you, but I can say from my personal experience that I used one named Feedly on my Phone that was great and had a super straightforward interface.
Feedly’s Website
Please let me know if you have any Questions, Filipe!
I’m hacked in a large way, info sold on the black market…yet no one has picked up on the key logging programs the hackers have installed on my computers…how am I to find them in the registry??? they don’t show up in programs or control panel.
Kathy, any issues involving any type of Threat on your System should be dealt with through our Support Team directly. We don’t want you going through the registry, as any changes could have severe consequences.
Please reach out to our Technical Support Team at your own convenience and we can have one of our Advanced Malware Professionals review your Computer.
Support Number: 1-866-612-4227 M-F 7am−6pm MT
Send us a Support Ticket: https://detail.webrootanywhere.com/servicewelcome.asp
Would LOVE a newsletter option! Subscribed.
Got one for next week, Connor, thanks for putting this together:
http://exstreamist.com/half-of-illegal-sports-live-streams-contain-viruses-or-malware/
Half of all Live Streaming Sports sites contain malware/viruses.
Yikes!
Thanks again.
Jacob
Great point, Jacob! 🙂
We actually recently added the ability to Subscribe to our Threat Blog with an RSS Feed!
https://www.webroot.com/blog/feed
Then you can use a service like MailChimp (or anything similar) to have it delivered right to your Email’s Inbox!
https://mailchimp.com/features/rss-to-email/
Regards,
Josh P.
Webroot Community Support