The Cyber News Rundown brings you the latest happenings in cybersecurity news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst and a guy with a passion for all things security. Any questions? Just ask.
Comcast Router Bug Leaves Credentials Unsecured
Researchers recently found a flaw in the Comcast user authentication process that would allow anyone with an account number and partial address to illicitly access WiFi networks and alter any credentials found there. Fortunately, Comcast was quick to take down the entire site and make the necessary changes so such detailed information can no longer be gathered without proper verification.
Scam Email Warns Users of Other Scammers
A new phishing campaign is gaining traction throughout the US, with users receiving emails regarding a bank transfer of several million dollars currently being held by the Bank of England. The email itself continues by listing off a respectable number of other “scammers,” warning the victim of potential fraud linked to the listed names. While bank transfers are relatively common, it should be clear that a suspiciously large amount of money offered without context should always be approached with caution.
Teen Monitoring Software Left Available Online
Recently, a mobile app that allows parents to monitor their child’s internet browsing has left two internal servers completely accessible to the internet. While the contained information did not include any payment data, it did have email addresses and passwords for nearly all the app’s clients. TeenSafe has since taken both servers offline, though the Amazon cloud buckets were available for an undocumented amount of time with no mention of unauthorized access during that period.
Fraudulent Fortnite Apps Preceding Official Launch
As Fortnite continues its steady rise in popularity following its latest release on iOS, hundreds of phony apps have already flooded the Google Play store in advance of the Android release. One specific was downloaded over 5,000 times before researchers reported the app to the Google Security team. By promising in-game currency for downloading and rating fake apps, the spyware-laden apps quickly begin gathering call and message logs from the device while simply displaying a Fortnite icon.
Sensitive Information Found on 200 Million Japanese Citizens
Likely accumulated from several data breaches over the last few years, a dataset has been found containing the personal information of at least 200 million individuals living in Japan. The data appears to have been gathered from dozens of websites with login credentials for up to 50 unique sites and stems back to 2013. While the source of the information is still unclear, researchers have found several previous attempts to sell smaller datasets on Chinese dark web pages.