The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
Microsoft Patches Critical Zero-day Vulnerability
On Tuesday of this week, Microsoft released a patch for a relatively unknown zero-day vulnerability that allowed attackers to distribute malware through malicious Word documents. Opening the infected document allows it to contact a remote server to begin downloading malware to a victim’s system via a script file embedded in the document. While the Microsoft patch does resolve the issue, we still encourage you to use caution when opening any documents attached to emails, even if they appear to be from a trusted sender.
Legit IRS Online Tool Used Illegitimately
In the past few months, investigators have been looking into some fraudulent activity that was occurring in their Data Retrieval Tool. By using the tool as intended, criminals were able to impersonate legitimate users to begin a tax return form and access that user’s data, thereby creating fraudulent returns. From the initial investigation, it appears nearly 100,000 different user accounts have been tied to this method of identity theft. The scam itself has cost the IRS over $30 million.
Sneaky CIA Malware Uses Pop Culture References
When the Wikileaks Vault 7 post revealed numerous spying tools from a CIA dump, many researchers began digging through the treasure trove of information. Researchers at Kaspersky Lab found several malware programs with code referencing Star Trek, Flash Gordon, and other recent pop culture icons. The malware in question has been linked to a long-standing malware campaign that hit multiple targets across Europe and Asia.
Ex-Employee Hacks Hotel System, Slashes Room Rates
Ever daydream about getting back at a bad boss? One NYC Marriott hotel found itself on the receiving end of a disgruntled ex-employee’s revenge. A few weeks after being fired from his job, Juan Rodriguez hacked into the hotel’s reservation systems and cut prices down by up to 95%, costing Marriott over $50,000 before the intrusion was discovered. Unfortunately for Juan, while he was smart enough to infiltrate their network, he forgot to mask his own IP, which led authorities straight to his apartment.
Patient Records Available Online
As prices for medications and health treatment continue to rise, a lot of people are looking for cheaper ways to obtain prescriptions and services. Unfortunately, this leads to increased risk, particularly in the case of elderly citizens on a fixed income. Recently, a researcher found a database with the medical and personal records for nearly 1 million senior citizens, freely available to the public. But the database in question didn’t belong to a healthcare facility. Instead, it was owned by a telemarketing firm who had gathered a large quantity of sensitive information on the promise of providing cheaper deals on medication.