The Cyber News Rundown brings you the latest happenings in cybersecurity news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst and a guy with a passion for all things security. Any questions? Just ask.
MoviePass Subscription Service Tracks More Than Your Viewing Habits
The CEO of MoviePass recently revealed the full extent of its tracking functionality, which was originally thought to use your location to find a nearby theater. The application can track any user from their home to the theater, and then onward through the rest of their journey, keeping notes on businesses and restaurants the user may visit. While this data is said to only be used to help enhance the user’s evening, it does seem to be a massive breach of privacy given that there is nothing in the terms of service that mentions the full extent of the tracking.
Latest Crypto-Miner Introduces Kill List for Competitive Processes
A new cryptocurrency miner has recently been discovered that seems to have an edge over its competition: the ability to terminate conflicting processes to maintain control over the device’s processing power. While the use of a ‘kill list’ isn’t new to malware in general, this does seem to be the first program that uses it for mining purposes, rather than continuing to propagate.
MacOS Users Getting Browsing Security Update
Within the last week, Google has announced it will begin rolling out a new security feature for MacOS that will give Chrome users additional warnings when attempting to access malicious or compromised websites. While these features have been functional for Windows users for quite some time, it will begin implementing them for MacOS in April of this year. As Mac malware continues to proliferate, the necessity of these features grows right alongside it.
ComboJack Malware Targets Multiple Cryptocurrencies
Recently, researchers have spotted a new email spam campaign that downloads ComboJack, malware that seeks out several types of cryptocurrency wallet addresses currently stored on the device’s clipboard. By running endless checks on the clipboard for any cryptocurrency wallet address information, ComboJack will immediately replace any found address with one belonging to the attacker, while it continues to check for others.
School Employee W-2 Info Stolen in Phishing Scam
Officials have recently been contacting employees of an Alabama school district after a successful phishing attempt led to tax information being sent to a fake email address supposedly belonging to the superintendent of the district. The phishing scam affected at least 30 employees and has forced them to file their taxes manually, rather than electronically, as some returns had already been illicitly filed by the attacker.