Industry Intel

First thing’s first—I’d like to introduce myself. I’m senior security analyst Randy Abrams, and I’m delighted to be part of the Webroot team and our online community.

Prior to joining the team, I was a research director responsible for analyzing and reporting the test results of antimalware products. I also helped create test methodologies and looked for anomalies in the testing process. Before that, I worked as a director of technical education, where my role was very similar to my mission here at Webroot: to help all users stay more secure on the internet. Everything else I do is the means to meet these ends.

Earlier in my career, I spent 12 years at Microsoft working closely with researchers from major antimalware companies, as well as from several smaller antivirus companies, to ensure we did not release infected software. As a result, I bring a unique perspective to my role here at Webroot. I am a consumer (I use Webroot on my laptop). In the past, I have been an enterprise customer, worked at a test lab, and served on the vendor side of the industry.

Testers are Human. They Do Not Always Get it Right.

One of the most contentious parts of working in the security industry is antimalware testing. I used to joke that the reason antimalware testers are so arrogant is because antimalware researchers created them in their own image. Relationships between the testers and vendors have improved quite a bit in the past few years, but there still is a lot of friction. Scoring poorly on a test not only affects sales, but when the reason for the poor score was due to mistakes in testing, users do not get the quality of information they need to properly compare products.

Unfortunately, antimalware testing is really, really hard to get right. And it is not because of incompetence. You will never hear me say, or even imply, that testers are incompetent. The reason that testing is so hard to get right is because antimalware products have become so complex. There are interdependencies on cloud-based protections, reputation systems, whitelisting and blacklisting, scanning and remediation, and in some cases, like ours, system rollback. Additionally, sample acquisition and selection are problematic.

In the past, I have seen some serious mistakes resulting in products offering high-quality protection appear mediocre or worse. For vendors, a deeper problem arises when trying to dispute the test results. The public tends to think that testers always get it right and that vendors are just whining because they didn’t receive the score they thought their product deserved. No vendor was ever acquitted of a bad test in the court of public opinion.

In coming blogs, I will discuss some of the challenges testers face, and the impact these have on accurately presenting the information needed to make informed choices when selecting security software. As a former research director for a test lab, I dealt with issues, like the selection of samples, that could seriously impact reported results. Sample selection and acquisition is much more difficult than it would seem. When you see vendors score 100 percent, then the sample selection was too small.

When measuring performance, the ratio of file types (exe, .bmp, .mp3, .docx, etc.), as well as compression methods used in the file set, make a huge difference in real-world performance results. Even the files selected for false positive testing can affect the perceived quality of a product. Which is more important, detection of a file we see attacking tens of thousands of users, or the file we saw three times six months ago and never again? Given equal protection scores, would you rather have a product with one false positive or one with three false positives? These are a few of the issues that affect the quality of testing and understanding of what was actually tested. Believe it or not, one of the biggest problems with testing is not the results, it is the lack of meaningful analysis.

Have any questions or comments? I look forward to continuing the discussion on the Webroot Community.

The Cyber News Rundown brings you the latest happenings in cybersecurity news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst and a guy with a passion for all things security. Any questions? Just ask.

Thanatos Ransomware Causing Major Damage for Victims

A new ransomware variant has recently appeared and is proving to be more troublesome than most that came before it. By using individual encryption keys for each file, which it does not save, decryption is nearly impossible, even after paying the relatively small ransom of $200. Thanatos is also the first ransomware to accept Bitcoin Cash as a payment method.

Cryptojacking Found on LA Times Site

Researchers have stumbled onto yet another unsecured Amazon AWS server running a cryptominer. This time, the LA Times’ Homicide Report is at fault. Initially, the researchers found that the widely-accessible server had public write access turned on, which they reported to the server’s owner. Unfortunately, the researchers weren’t the first to find the server, which is how the Monero miner was placed on a single, moderately trafficked site within the LA Times network.

UK School CCTV Feeds Popping Up on US Websites

Recently, surveillance videos from several UK schools made their way onto a US-based website that hosts unsecured camera footage from around the world. While the footage was mainly from the exterior of the schools, it still causes concern over the safety and privacy of the students the cameras are meant to protect. While the breach can be traced back to the camera manufacturers, who did not implement strong device security, responsibility also falls on the staff who set up the cameras in the first place. This news serves as a reminder to always take cybersecurity precautions and change manufacturer default settings.

Cryptocurrency Miner Packed with Annoying Adware

A new cryptocurrency miner named UpdateChecker has been making the rounds over the last few days. The program is distributed as a fake Flash Player update and comes with the bonus of ads that run at hour-long intervals. The malware itself is downloaded from fake Adobe update websites and will immediately begin optimizing itself for the local machine and checking for updates to its own files. Unfortunately for victims of UpdateChecker, it is rather troublesome to remove, as it will relaunch itself if you kill the process, and can restart the miner anytime you shut it off.

Apple Repair Center Generating Excessive Emergency Calls

Since late last year, emergency dispatchers and police departments in Sacramento County, California have received over 1,600 calls originating from a local Apple repair facility. The calls are likely from one of two devices Apple manufactures that can make emergency calls without a SIM card or service provider. While this isn’t the first case of Apple devices triggering hundreds of emergency calls, the company is working with local law enforcement agencies to find a resolution.

The Cyber News Rundown brings you the latest happenings in cybersecurity news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst and a guy with a passion for all things security. Any questions? Just ask.

Hackers Run Linux OS On Nintendo Switch

When gaming consoles get hacked, it’s usually by someone who wants to play pirated games. Not this time. Recently, a group of hackers found an exploit that allowed them to deploy a full Linux OS onto the Nintendo Switch. The flaw is contained within the specific Tegra X1 chips used by the Switch for core functionality. These are not easily patched and would likely require a recall if the flaw becomes a major problem.

California Employee Data Breach

Employees working in the Department of Fish and Wildlife for California were recently notified that their Social Security numbers had been exposed in a data breach from late last year. The breach appears to have stemmed from a former employee downloading the data and removing it from the premises, prior to having left the company. This type of breach is extremely common, as many companies don’t enforce more strict data policies for current and former employees.

Facebook Bug Spams Users With 2FA System

In the last week or so, several Facebook users have taken to other social media platforms to announce a nearly endless stream of spam being sent to the phone numbers they had used for 2-factor authentication. The spam then began posting the user’s replies to their Facebook wall, even after multiple attempts to stop the messages. While Facebook has since resolved the issue, they have remained vague about when they’ll finally discontinue the program functionality that caused the issue in the first place.

Crypto-miners Found on Tesla Servers

Following the breach of Tesla’s cloud server last year, company engineers have been discovering cryptocurrency miners on several of their internal servers. The initial breach occurred because their Kubernetes console lacked a password, and, once in, the hackers set up a complex mining operation that used multiple techniques to avoid detection.

FedEx Breach Exposes Personal Information

Over the last few days, officials have confirmed that over 119,000 individual forms of scanned identification belonging to Bongo International, an international sales broker that was bought by FedEx in 2014, were left exposed to the public. The data, which was found on an Amazon S3 server, was likely forgotten about amidst the acquisition and was available for an unknown amount of time.

In a month where matchmaking is in high demand, we took a look at recent trends around online dating sites using Webroot Brightcloud Threat Intelligence Platform. What did we find? Valentine’s Day sends cybercriminals on the prowl, and not for a soulmate.

On average, visits to dating websites increase by 53 percent in the month of February, relative to the three months prior. There is also a 342 percent increase in visits to greeting card domains on Valentine’s Day relative to Christmas Day.

Cybercriminals take advantage of this massive spike in dating interest to take advantage of victims. The heart-breaker: In the week leading up to Valentine’s Day, there is an astounding 220 percent increase in malicious URLs from the week prior. The week following Valentine’s sees a dramatic 50 percent drop in malicious URLs.

We’ve even found WordsOfHeart.com—a dating website that will find your perfect match based on your password! We can’t stress enough how much of a bad idea this is.

While the website does specify that you should not use the same password as your email or Facebook account, it’s still quite bizarre that your password would be a focal point for matching. At first glance, the appears to be a clever phishing attempt, but the site does indeed match you with other people. During initial sign up–using a weak password, no matches were found.

When trying again using the obviously weak password of password, we found hundreds of matches. Most of these “matches” appeared to be blank profiles that weren’t created for any real romance, but were rather just other people testing to see if this site was legitimate, and some were just trolling. Regardless of the functionality of the site, the entire premise behind it is something that everyone should steer clear.

Users should also exercise caution when dealing with more legitimate and established dating services. It has recently come to light that Tinder is not as secure as presumed. Tinder’s iOS and Android apps do not use basic HTTPS encryption for photos. What this means is that anyone using the same Wi-Fi network that your phone is on can potentially see your Tinder photo traffic.

Source: CheckMarx, Tinder drift demo on YouTube.

To make matters even creepier, it’s possible for hackers to actually inject photos into your Tinder photo stream, as seen in a YouTube video by security researchers at CheckMarx. Be sure to keep this in mind when connected to public WiFi at coffee shops, libraries, airports, etc. It is worth noting that this lack of encryption is only an issue on the mobile Tinder apps, and using Tinder on your laptop browser would be fully encrypted. A recent survey by Mozilla shows that still only 68% of the internet is HTTPS encrypted, which is basic level protection. We expect that Tinder will be updating their mobile apps to address this soon.

Another stigma with dating websites is the overwhelming presence of bots. This isn’t a new development and the Ashley Madison hack a couple years back revealed that overwhelming number of women on the site which led to 80% of men to purchase, according to Gizmodo. This year, China is trying to crack down on mobile apps with fake female user accounts that send automated messages to solicit new users for gifts and money, according to the BBC. Over 600 people were arrested for this lucrative “business model” that generated over $150 million for these apps. With artificial intelligence getting smarter and smarter, we expect scams like this to continue, so make sure to watch out for these tactics.

Practice safe online dating

Avoid swiping on dating apps when connected to public, unsecured networks. Make sure you’re using two-factor authentication to help ensure your online data is more secure. As soon as an account’s credentials have been compromised, it’s very common to then use that account to try and scam others since the profile is (up to that point) legitimate and not suspicious. Another option when browsing on public WiFi is to use a VPN (virtual private network).

Overall, use good judgement when it comes to online dating. Be extra vigilant about dating websites you visit, keeping note of the URLs and mobile apps you access.

The Cyber News Rundown brings you the latest happenings in cybersecurity news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst and a guy with a passion for all things security. Any questions? Just ask.

Multiple Dutch Banks Fall Victim to Week-long Cyberattack String

Over the last week, several of the largest banks in the Netherlands have been targeted by a string of DDoS attacks that have shut down much of the country’s banking services, affecting millions of customers. Officials have confirmed that no personal data has been compromised, and it appears they have been able to repair their website issues, allowing customers to slowly resume normal banking activity.

YouTube Removes ‘Cryptojacking’ Ads with Crypto Miners

Researchers recently discovered that YouTube has been displaying advertisements that come with a cryptocurrency miner, which is being used to generate revenue for the attackers. In addition to draining the victim’s CPU, the scripts used for the mining process were also generating ads for fake antivirus programs, in hopes of further cashing in on victims. Fortunately, Google was quick to respond and had the malicious ads taken down within a matter of hours.

Tracking Service Displays Military Bases Around the World

With the modern prominence of social media, less and less of our daily activities remains truly private. But how far will it go? When Strava, a fitness activity network that logs the activity of billions of users, posted a global “heat map” showing that activity, it also revealed the locations of dozens of military bases around the world. By viewing the map, it is easy to discover patrol routes, commonly visited locations, and the daily patterns for almost anyone using the app, from anywhere in the world.

Cisco VPNs Contain Severe Flaw

At least ten Cisco devices that run their Adaptive Security Appliance software were found with a flaw so severe that it was given the highest possible vulnerability rating. The vulnerability, which has since been patched, allowed for extremely simple remote exploitation and required no user authorization. Luckily, the flaw is only accessible if the user has enabled the WebVPN functionality on the device, and Cisco provided documentation on how to verify whether it is enabled, and if a device has been affected.

ATM Jackpotting Finally Arrives in the US

While it has spread through Europe and Asia for the past several years, the act of jackpotting an ATM has only recently made its way to the US. Jackpotting an ATM is as simple as gaining access to the device’s hard drive and either swapping it for a compromised drive, or infecting it with malware to give the attacker full control. By disguising themselves as ATM technicians, attackers gain easier access to the ATM and can even return later to quickly dispense the entirety of the ATMs cash reserves.

The Cyber News Rundown brings you the latest happenings in cybersecurity news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst and a guy with a passion for all things security. Any questions? Just ask.

New Trojan Alters Bitcoin Addresses

A newly discovered trojan variant targets Bitcoin users and, more specifically, any Bitcoin addresses that may be copied into the device’s clipboard. The trojan “Evrial” can alter the address in the clipboard so funds are transferred elsewhere when a user performs a Bitcoin transaction.[/inlinetweet] Additionally, Evrial is capable of stealing cookies and any credentials that are being stored within web browsersto further compromise any purchases made on the device.

Paradise Ransomware is Anything But

In a recent return, new attacks have been linked to Paradise ransomware, which had been relatively quiet since its initial burst of attacks last year. Not much has changed for the variant since its previous reveal; it still requires a user to open a phony email attachment and unzip the packed infection. Unfortunately, there is no easy way to decrypt any of the affected files, and the user would need to either restore everything from a clean backup or pay the ransom, which varies based on the victim’s reply time.

Top UK Law Firms Face Massive Breach

Researchers have recently discovered several data dumps that contain over a million email credentials from several of the largest law firms in the UK. Based on the information found in the dumps, roughly 2,000 credentials belonged to each of the companies; the largest company is responsible for over 30,000 of them. Even worse, many of the dumps were released just in the last six months, though most come from third-party breaches.

Major Twitter Accounts Hacked

Several high-profile Twitter accounts were compromised over the last week and used to spread Turkish and Palestinian propaganda while attempting to phish the credentials of related accounts. Along with the credentials, it appears that private messages and other sensitive information were breached as well, leaving the compromised accounts even more vulnerable.

Business Security Moving Forward

Following a Ponemon Institute study from late last year, many were shocked at the results from the companies who responded. Over half of the 1,000 IT professionals surveyed claimed to have suffered a ransomware attack within the last year, and the majority of those reported the cause to be phishing and social engineering tactics. Even more worrisome, the average data breach involved the compromise of an average of 9,000 unique records, costing victims several million dollars to return to normal.

Earlier this month, CES attendees got a taste of the future with dazzling displays of toy robots, smart assistants, and various AI/VR/8K gadgetry. But amid all the remarkable tech innovations on the horizon, one thing is left off the menu: user privacy. As we anticipate the rocky road ahead, there are three major pitfalls that have privacy experts concerned.

Bio hazard

Biometric authentication—using traits like fingerprints, iris, and voice to unlock devices—will prove to be a significant threat to user privacy in 2018 and beyond. From a user’s perspective, this technology streamlines the authentication process. Convenience, after all, is the primary commodity exchanged for privacy.

Mainstream consumer adoption of biometric tech has grown leaps and bounds recently, with features such as fingerprint readers becoming a mainstay on modern smartphones. Last fall, Apple revealed its Face ID technology, causing some alarm among privacy experts. A key risk in biometric authentication lies in its potential as a single method for accessing multiple devices or facilities. You can’t change your fingerprints, after all. Biometric access is essentially akin to using the same password across multiple accounts.

“Imagine a scenario where an attacker gains access to a database containing biometric data,” said Webroot Sr. Advanced Threat Research Analyst Eric Klonowski. “That attacker can then potentially replay the attack against a variety of other authenticators.”

That’s not to say that biometrics are dead on arrival. Privacy enthusiasts can find solace in using biometrics in situations such as a two-factor authentication supplement. And forward-thinking efforts within the tech industry, such as partnerships forged by the FIDO Alliance, can help cement authentication standards that truly protect users. For the foreseeable future, however, this new tech has the potential to introduce privacy risks, particularly when it comes to safely storing biometric data.

Big data, big breaches

2017 was kind of a big year for data breaches. Equifax, of course, reined king by exposing the personal information (including Social Security Numbers) of some 140 million people in a spectacular display of shear incompetence. The Equifax breach was so massive that it overshadowed other big-data breaches from the likes of Whole Foods, Uber, and the Republican National Committee.

It seems no one—including the government agencies we trust to guard against the most dangerous online threats—was spared the wrath of serious data leaks. Unfortunately, there is no easy remedy in sight, and the ongoing global invasion of user privacy is forcing new regulatory oversight, such as the upcoming GDPR to protect EU citizens. The accelerated growth of technology, while connecting our world in ways never thought possible, has also completely upended traditional notions surrounding privacy.

The months ahead beg the question: What magnitude of breach will it take to trigger a sea change in our collective expectation of privacy?

Talent vacuum

The third big issue that will continue to impact privacy across the board is the current lack of young talent in the cybersecurity industry. This shortfall is a real and present danger. According to a report by Frost & Sullivan, the information security workforce will face a worldwide talent shortage of 1.5 million by 2020.

Some of this shortfall is partly to blame on HR teams that fail to fully understand what they need to look for when assessing job candidates. The reality is that the field as a whole is still relatively new and is constantly evolving. Cybersecurity leaders looking to build out diverse teams are wise to search beyond the traditional background in computer science. Webroot Vice President and CISO Gary Hayslip explained that a computer science degree is not something on his radar when recruiting top talent for his teams.

“In cyber today, it’s about having the drive to continually educate yourself on the field, technologies, threats and innovations,” said Hayslip. “It’s about being able to work in teams, manage the resources given to you, and think proactively to protect your organization and reduce the risk exposure to business operations.

Beyond shoring up recruiting practices for information security roles, organizations of all types should consider other tactics, such as providing continual education opportunities, advocating in local and online communities, and inevitably replacing some of that human talent with automation.

The Cyber News Rundown brings you the latest happenings in cybersecurity news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any questions? Just ask.

Hospital Pays Ransom to Restore Systems, Despite Having Backups

In the first cyberattack of 2018 to hit a healthcare organization, an Indiana hospital’s entire network was taken offline. Despite having full backups on-hand, the hospital paid the $55,000 Bitcoin ransom right away. Officials stated they paid the ransom to get the systems back to normal as quickly as possible, since restoring everything from their backups could have taken weeks. Fortunately for patients, no data was stolen, and the staff could continue assisting new arrivals the old-fashioned way (that’s right: pen and paper) until system functionality was restored.

Audio Attacks Used for Damaging Hard Drives

A recent collaborative study performed by two universities proved that, within a reasonable proximity, an attacker could use acoustic signals to target a hard disk drive, leading to data corruption on the device. While many people could explain why this type of attack is possible, the study determined that the attacks required not only a specific frequency based on the hard drive in question, but also a precise distance from the drive and angle of sound projection to execute a successful attack.

New Android Platform Takes Spying to New Heights

A new Android spying platform has been discovered that puts all its predecessors to shame. By implementing several new features, such as location-based audio recording, compromising WhatsApp messages, and even allowing attackers to connect the device to malicious WiFi networks, this software platform gives attackers an all-new range of methods to target victims. The platform is based around five known exploits in the Android OS, and it uses them to gain administrative access to the device.

Latest Netflix Phish Asks for User Selfie

Within the last week, a new email phishing campaign has been spotted targeting Netflix users. The email informs users that a “hold” has been placed on their account pending further information. It requests users upload a photo of themselves with an ID card and prompts them to update their billing information, before redirecting them to the real Netflix login page.

RubyMiner Found on Older Linux and Windows Servers

A new cryptocurrency miner variant has been targeting outdated system servers that run both Linux and Windows. The variant, known as RubyMiner, identifies the unsecured servers using a web server tool, then gains access via a variety of exploits to install a modified Monero miner. RubyMiner deviates from similar miners in that it focuses on machines that have likely been forgotten about, and so remain on without being regularly patched.

“How to buy Bitcoin” dominated Google how-to searches in 2017, ranking third overall. With the hype surrounding cryptocurrency at an all-time high, now is a better time than ever to cover the essentials of keeping cryptocurrencies safe.

If you are just getting into the crypto space or you’ve known what ‘HODL’ means for a while now, there are some basics everyone should know about protecting their holdings.

Need-to-know: private keys

Let’s start with the basics. First and foremost, you should know the difference between your public and private wallet addresses (aka keys). A convenient analogy here is that most cryptocurrency wallets essentially operate like a postal box.

Each wallet has a unique public address that can be given out freely to anyone, much like you would give out your P.O. box address at a post office. This public address will only allow people to send coins to the wallet.

You also have a private address that unlocks your wallet and allows you to send coins out of it, similar to how your mail key allows you to unlock your P.O. box and withdraw your mail. This key is yours and yours only. Never share your private address with anyone.

Keeping up with your wallets’ private addresses is an exercise in personal responsibility. You don’t have a physical key to save you, and instead need to carefully store your private address (which is simply a long string of characters). Above all, storing private keys insecurely on your computer is an easy target for cybercriminals who use malware capable of sniffing out and copying your private keys.

If you choose to store private wallet addresses on your devices, never keep them in plain text format, and instead store them on a password-protected, encrypted drive. For maximum security, only print paper versions of your wallet and store multiple copies in secure places, such as a home safe or a bank safety deposit box. This technique is referred to as cold-storage, as your wallet is not stored on an internet-connected device. Hardware wallets, such as those made by Trezor or Ledger, are other options for secure storage of your crypto assets.

Risky business

Buying and storing coins on an exchange such as Coinbase is inherently risky, especially the storage part as you don’t have access to your wallets’ private addresses on an exchange. The convenience factor may be great—user-friendly apps, pretty charts, and a multitude of coins to explore—but on an exchange, you do not have access to your private wallet addresses.

To be fair, that’s part of the ease-of-use exchanges provide since you don’t have to worry about copy and pasting a private address every time you want to unlock a wallet to send from. But this also means that you are not in full control of your coins and if you were to violate any terms of the exchange (knowingly or unknowingly), they could ban your account and you would lose access to your coins. The same is true if the exchange was hacked. If they were improperly storing private keys, you could lose your coins forever.

Staying in full control of your wallet also has additional perks. In the case of a ‘hard fork’ or ‘airdrop’ to holders of a certain coin, you would be able to claim those. As it currently stands, most exchanges do not give you hard fork coins or airdrops, and instead keep those assets for themselves to increase profitability.

‘All your Bitcoin are belong to us’

Perhaps only one thing is certain in the crypto-world: hackers can and WILL try to steal your cryptocurrency.

While blockchain technology is considered an incredibly reliable, real-time database that’s proven resistant to attack and manipulation, wallet- and exchange-side security have shown numerous vulnerabilities over the years. Perhaps you’ve heard of the infamous Parity wallet hack in which an attacker exploited a wallet vulnerability to steal over 150,000 ETH (today that’s $165 million USD).

Just last week, a Google researcher discovered a bug in the popular Electrum wallet that would allow websites to steal the wallet’s contents, causing the Electrum team to quickly release a patch to fix the bug. Case in point—do your homework on any desktop, browser, or mobile wallets you plan to use. Don’t trust blindly.

Phish food

Beware of tried-and-true phishing attacks. Phishing attempts to steal private keys are abundant and targeted specifically toward unwitting investors chasing the crypto rush. Below is a phishing site that visually copies a legitimate site belonging to the wallet app Bread. Notice that the malicious URL (hxxp://breadtokenapp.com/sign.php) is just barely different than the legitimate URL (hxxps://token.breadapp.com/en/).

Dead giveaway. No website should ever ask for your private address. The same is true for exchanges as they manage wallets on their side and would never need your private keys either. The only circumstance where your private address needs to be inputted is to access a wallet. It’s a good idea to bookmark wallet sites such as the popular myetherwallet.com to make sure that you are always using the correct URL and not a phishing site.

It might seem obvious, but making sure your computer is free from malware is mission critical when dealing with cryptocurrencies. A trusted antivirus solution, secure password manager, and browser security can help protect you from would-be crypto thieves.

Have questions or concerns specific to cryptocurrency wallet security? Drop me a line in the comments below.

Update 2/8/2018:

Reports have surfaced recently that Ledger Nano S hardware wallets are susceptible to potential man-in-the-middle attacks.

Man in the Middle Attack – Am I at risk? Our answers and actions to address the threat https://t.co/ms5LAnAR2O

— Ledger (@LedgerHQ) February 5, 2018

The Ledger, while safe in offline storage, must still be connected to the internet to make transactions. Ledger has confirmed that their device is vulnerable to man-in-the-middle attacks (using malware that scans for the recipient’s address and changes it to the hacker’s own address). This reiterates the importance of always double-checking the wallet address that you intend to send to, as well as ensuring your computer is free from malware.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst with a passion for all things security. Any questions? Just ask.

Exploitable Backdoor Found in Western Digital NAS Drives

Western Digital has recently released numerous patches for the vulnerabilities that were found and reported to the vendor nearly six months ago. The prominent issue revolved around a hard-coded administrative backdoor that could allow attackers to remotely execute files on the drives. Unfortunately for Western Digital, this series of vulnerabilities comes not long after the same generation of drives were found with 85 different exploits (and the company waited to push out patches until after the exploits had come to public attention.)

Welsh Restaurant Closes After Cyberattack

In the past month, the owner of a Welsh restaurant has been struggling to keep the doors open on the Seafood Shack following a cyberattack that completely cleared out the restaurant’s reservation system in the weeks before to Christmas. The restaurant is currently closed after nearly a month without patronage. The systems weren’t being monitored manually, so every diner’s booked tables were left empty. In addition to the cyberattack, the restaurant also faced licensing issues after a supervisor left their employ.

Winter Olympics Organizers Targeted by Phishing Attacks

Officials working on the Pyeongchang Winter Olympics have been under a constant stream of phishing attacks disguised as Microsoft® Word documents from a South Korean intelligence agency. The documents work like normal ones, but request that the user enable macros to launch a PowerShell script. Another version of the malware even bypassed the need for user permission, and instead waited for the user to click the .docx icon to change the language to Korean before launching the same PowerShell script.

Older Zero-Day Exploit Released on New Year’s Eve

In an unusual finish for 2017, one researcher chose to release a 15-year-old macOS® exploit into the wild. The exploit requires local access to the device, but, once active, would give any attacker full root access to the machine after the user logged out of their session. Even though all Mac® operating systems are susceptible to this vulnerability, it’s only a matter of time until Apple steps in and corrects the issue and give their massive client-base some piece of mind.

Opera Browser Implements Anti-Cryptojacking Functions

With the recent emergence of cryptojacking (i.e., exploiting an unwitting user’s CPU to mine cryptocurrency while they visit a hijacked website), Opera has taken a stand and implemented crypto-mining protection called “NoCoin” in their current ad blocking filter. NoCoin works by detecting any mining activity on a visited website and stops the mining, freeing up the system’s processor for actual user-initiated applications.