The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
Amazon Echo Resolves Security Flaw
Researchers have recently discovered a major security flaw that affects several generations of the Amazon Echo. The flaw itself involved being able to physically access the device to install malware that records conversations, all while retaining normal usability. Fortunately for consumers, only the 2015 and 2016 devices appear to be susceptible; the flaw was fixed for the 2017 production.
New Features Added to Banking Trojan
As more banking customers use their devices to conduct an increasing number of transactions, authors of banking Trojan, Svpeng, have added in a new enhancement: keylogging. After checking the device’s set language, the malware gives itself full administrative permissions and starts propagating itself as the default SMS app for the phone. Once it gains full access, it starts gathering as much information as it can, from messages to contacts to browsed websites, and then contacts its C&C server to pass along the data.
Next Major Broadcaster Breach: HBO
In the past week, officials at HBO have announced that a breach occurred, exposing not only proprietary information, but also several unaired TV episodes and even an upcoming Game of Thrones script. While the company is unsure how it happened, the breach has brought the security of the entire industry into the spotlight.
Third Party Breach Hits Anthem Healthcare, Again
The nation’s largest healthcare provider, Anthem, has spent the last couple weeks notifying nearly 18,000 customers who may have been a part of a recent data breach. The breach comes from a third party insurance company employee who emailed a sensitive document containing Anthem customer’s medical information to their personal email address. While not directly Anthem’s fault, this news comes not long after the company settled on their last data breach, which affected nearly 80 million customers.
German Development Team Hacked
Recently, the Chrome Web Store belonging to German web development team a9t9 was hacked. Along with the initial breach, the team later found that one of their key web extensions had been injected with malicious software, and had been subsequently moved from their account to the attackers’. Unfortunately for anyone using the current extension, a9t9 are unable to deactivate or remove it, as they no longer have control.