There’s a lot that happens in the cybersecurity world, with many stories getting lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

Patch Tuesday Changing Update Format

In one of the largest changes that Microsoft has implemented, Patch Tuesday is being replaced with monthly batch updates. With the new method of releasing updates, Microsoft is removing the capability of users to choose which updates they install by just forcing the entire update, along with any updates from the previous month that may have been missed. For Windows 10 users, they will begin seeing this new update method first, with other OS support likely to follow.

Phishing Attack Strikes Augusta University

Early this week, employees and students of Augusta University were recommended to change their login credentials, as several of the faculty members fell victim to an email phishing scam. While state authorities are investigating the breach, the University is working to protect the staff members whose information was accessed through the payroll system.

ClixSense Breach Leaves Millions of Users Vulnerable

Recently, ClixSense (the popular paid-to-click site) was compromised along with a page redirecting anyone attempting to access the site to a gay porn site. The company has since forced a password reset for all of its registered users, which number nearly 7 million. After further review, it appears the attackers were able to use an older, unused server to access the main database which held user’s passwords in plaintext, rather than being properly encrypted.

DualToy USB Trojan Enhanced to Target iOS Users

When DualToy was first discovered in the early months of 2015, it was largely focused on Android devices located in China. DualToy is used to load malicious apps when an unsuspecting device is connected to an infected computer via USB. While users across the US and Europe are now seeing a wider spread of infected devices, even iOS users are affected as iTunes is being used to allow the trojan to steal user information.

Apple Switches to HTTPS for iOS Security Updates

In a big move by Apple, the company has finally made all iOS updates available over HTTPS, to ensure users are securely receiving them. This update comes along with the release of iOS 10, in addition to six other vulnerabilities that were patched. While some users experienced issues with the iOS 10 update putting their devices into a recovery mode, Apple was quick to resolve the issue and apologized for any inconveniences.

About the Author

Connor Madsen

Threat Research Analyst

As a Threat Research Analyst, Connor is tasked with discovering and identifying new malware variants, as well as testing current samples to ensure efficacy. Don’t miss the latest security news from around the world in his weekly Cyber News Rundown blog.