The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
New Mobile Phishing Attacks are Using URL Padding
In an attempt to trick mobile browsing users into accessing malicious sites, attackers have begun adding multiple hyphens to URLs that keep the false address out of the mobile browser’s small address bar. This “URL padding” has even been spotted targeting high-traffic sites such as Facebook and Craigslist, to increase criminals’ chances of stealing user login credentials. We strongly recommend that users enter the desired URL manually, rather than clicking links, while also trying to maintain the same security standards for their mobile devices as for PCs.
Airline Traveler Data Remains Unsecured
While physical security around air travel has greatly increased over the last decade and a half, the data security of the nearly 8 million travelers is still at risk. The trouble stems largely from antiquated airline systems in general, which are currently exempt from the current Payment Card Industry Data Security Standards that are compulsory for all other online-sales industries. For the sake of airline travelers everywhere, we hope these systems will soon receive the updates they so desperately need to keep passenger and employee data safe.
Mazda Cars’ Infotainment Systems are Totally Hackable via USB
Over the past several years, many Mazda owners have been modifying their car’s entertainment systems using USBs that are pre-loaded with a specific code that allows high-level access to the system. While your imagination could run wild with the cybercriminal possibilities, for the time being, the code only operates when the car is running. This minor defense mechanism stops attackers from accessing the car remotely. The initial USB vulnerability has been well documented since the 2014 model year, so it’s somewhat surprising that it hasn’t been exploited further.
London University Hit with Ransomware
Within the last week, officials at University College London have been attempting to discover the origin of an attack that left large portions of their networks encrypted. It’s likely it began with a phishing email which then propagated throughout the university’s shared networks over the next couple of days. Fortunately for students and staff, it appears the encrypted data was securely backed up and will be used to restore the file structures once the infection is fully removed.
Dark Web Service Offers SS7 Access for Cheap
Recently, a service has popped up on the Dark Web that would give several functionalities to anyone interested in tracking or monitoring any smart device. The service offers several different levels of monitoring, ranging from a basic report on a specific device to full tracking and message interception (for a larger fee, of course). While the exact method used to access these networks is still unknown, the manager of the service claims that it is surprisingly easy, even with all of the security and prevention techniques today’s telecom providers use.