The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
USAF Leaks Highly Sensitive Data
Our government is back at it again. Researchers discovered the exposure of an unsecured backup drive containing names, addresses, ranks, and Social Security numbers of over 4,000 United States Air Force officers and top security clearance information of other high-ranking officials. Personal records for several celebrities who had undergone security clearance checks prior to visiting foreign military bases were also exposed. It sounds like this breach could prove to be disastrous if the information gets into the hands of enemies to the United States.
Ohio County Facing Massive Ransom
In recent weeks, Ohio County officials have been recovering from a cyber-attack that forced the county to shut down over 1,000 computers to prevent the infection from spreading. The ransom for the return of their files was 28 bitcoins, roughly $35,000 at the time of writing, which the county correctly chose to ignore and instead restored their systems from backups. While the whole process cost the county nearly $50,000, the situation could have been worse if they paid and received nothing in return for paying the ransom.
Instagram Credentials at Risk
Researchers discovered 13 seemingly harmless apps on the Google Play Store that function as data collectors for your personal information. The apps themselves claim to increase your Instagram follower numbers by simply having users log into their accounts, only to be greeted with an error message. Fortunately, Google has already been made aware of the Turkish-based apps and has removed them.
PetrWrap Circumvents Ransomware Authors’ Cut of Ransom
As ransomware continues to evolve, some malware authors have begun acting against their peers, who wish to piggyback off the creations. By exploiting a bug found in the Petya ransomware variant, a new collection of cybercriminals have created a workaround to insert their own encryption keys over the Petya authors’ and collect the ransom themselves. This workaround comes months after Petya creators implemented methods to stop this very exploitation of their software.
New Updates on Phishing Tactics
People have been on the watch for tax-related phishing scams, as they appear around this time every year. The latest trend, however, appears to be PDF files that do not contain malicious code and use social engineering to direct victims towards compromised websites to input sensitive information. Additionally, there has been a recent influx of phishing attacks due to fake friend requests through email, as users are exceedingly likely to click on these types of links and attempt to “log in” to view the request.