Industry Intel

There’s a lot that happens in the security world, with many stories getting lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

MySpace Hack Could Be Largest in Recent History

Recently, LeakedSource announced that they had obtained the login credentials for over 300 million MySpace users. While the leaked database doesn’t show the full credentials for every user (as some usernames/passwords were missing), over 100 million of the passwords had a username attached. Along with posting the entire dataset, LeakedSource also posted the top 50 passwords being used and their frequency of use.

http://www.itnews.com.au/news/myspace-breach-potentially-the-largest-ever-420184#ixzz4A9aotQr4

Majority of Phishing Emails Contain Ransomware

This week, PhishMe published a report showing that a staggering 93% of all phishing emails contained a dropper for some version of ransomware. This number, which contributes to the overall steady increase in phishing attempts (which have risen nearly 800% since the end of 2015), is likely as high as it is thanks to ransomware becoming increasingly easy to deploy and having a high success rate for extortion. With these numbers always on the rise, it’s important to remain vigilant for any suspicious emails containing attachments, especially ones asking for sensitive information.

http://www.csoonline.com/article/3077434/security/93-of-phishing-emails-are-now-ransomware.html

TeamViewer Possibly Hacked, Main Site Goes Offline

In news that has spread quickly over the past week or so, many users have claimed to have been hacked via TeamViewer, which has led to thousands of dollars of fraudulent charges being attained in only a few hours. According to many of the victims, the attacks took place in the early morning hours, with PayPal transfers to offshore accounts ranging from several hundred to several thousands of dollars. TeamViewer’s response to these claims has been the denial of any security issue. Rather, they’re stating that a DNS issue was at fault for their site and services being offline.

http://www.csoonline.com/article/3078000/security/teamviewer-users-reporting-unauthorized-access-hack-suspected.html

New Ransomware Variant Acts Like Virus

In  the past week, a new form of ransomware, which behaves like a traditional computer virus by copying itself to new drive or network locations to continue propagating itself, was discovered. The variant, ZCrypt, comes through like typical ransomware via an email attachment from a seemingly harmless sender. It then requests downloading a zip file, which launches an executable of the same name (usually an Invoice or Order form), and displays the ransom splash screen.

https://nakedsecurity.sophos.com/2016/06/01/zcrypt-the-ransomware-thats-also-a-computer-virus/

Lenovo Warns of Security Flaw in Pre-Installed Software

This week, Lenovo has strongly recommended that all users should remove the pre-installed Accelerator Application from their computers, as the software makes no security checks when searching for and downloading updates. Amongst the flaws, the application doesn’t use encryption when making outside connections to download updates, nor does it check the validity of digital signatures for said updates, leaving users open for man-in-the-middle attacks during the time the system makes these update checks.

http://www.csoonline.com/article/3077935/security/lenovo-advises-users-to-remove-a-vulnerable-support-tool-preinstalled-on-their-systems.html

Government IT Systems Long Outdated

In a recent study done by the Government Accountability Office, a large portion of the US government’s critical business systems have been found to be requiring an increasing amount for maintaining their basic operation, but also they are a major security risk. From defense systems to scientific research systems, these agencies are constantly working to maintain the aging infrastructure with little to no plans for replacement or any significant overhauls.

http://arstechnica.com/information-technology/2016/05/government-agencies-keep-sacrificing-cash-to-zombie-it-systems-gao-finds/

Microsoft Steps In To Increase Business Security

With the recent news of LinkedIn’s security breach, Microsoft has announced that users of Azure Active Directory will no longer be allowed to use passwords that were found in the LinkedIn breach to be the most common, and therefore vulnerable. By stopping these weak passwords from being used, Microsoft hopes to stop the bad habits that form around password creation, and keep more businesses secure.

http://www.theregister.co.uk/2016/05/25/microsoft_password_policy/

Kansas Hospital Pays Ransomware, Remains Encrypted

In the past week, another hospital was the focus of a ransomware attack that was fortunately mitigated enough to allow continuing operations and maintaining patient data. Although the hospital did pay the ransom initially, not all of their data was restored and a second demand for additional payment was issued. The hospital refused the demand and was able to resume operations quickly as they had a plan in place for a possible cyber attack.

http://www.techspot.com/news/64954-hackers-demand-ransom-payment-kansas-heart-hospital-files.html

Employees Still Number One Security Risk

It comes as no surprise that the majority of security breaches are caused by employee negligence and lack of knowledge on potential security hazards. A study released in the last week shows that half of the nearly 600 companies had experienced some for of security issue due to employee negligence, and of those companies, 60% felt it unnecessary to require additional security training. The study also revealed that most companies provide neither incentive for following correct security procedures nor consequences for the employee found to be at fault for the breach.

https://www.experianplc.com/media/news/2016/dbr-ponemon-institute-managing-insider-risk/

Hong Kong Bitcoin Exchange Hacked

Recently, the Hong Kong firm, Gatecoin was hacked and the attackers made off with nearly $2 million worth of cryptocurrencies. The company is still unsure of how the breach occurred, though Gatecoin has already begun work on improving it’s cyber security to prevent or deter these types of attacks in the future. In addition, the company has also offered a bounty for the return of any bitcoins that were taken.

http://www.forbes.com/sites/robertolsen/2016/05/24/hackers-steal-2-million-from-bitcoin-exchange-in-hong-kong-bounty-offered-to-recover-funds/#3af2641611c7

A lot happens in the security world and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

TeslaCrypt Closing It’s Doors

Here’s a bit of good ransomware news, for once. This week, it was brought to the attention of the security world that TeslaCrypt, one of the largest ransomware creators/distributors, was shutting down their operation for good. Researchers from ESET contacted TeslaCrypt via their support chat function and requested the master decryption key, which was provided freely, along with an instruction guide on how to use it.

https://www.helpnetsecurity.com/2016/05/19/end-of-teslacrypt/

New World Hackers Group Continues With University Hack

The New World Hackers (NWH), a hacktivist group participating in the OpAfrica Anonymous campaign, have targeted Limpopo University in South Africa in response to the ongoing human rights violations that are occurring in the country. Along with replacing the university’s main webpage, the group was able to gain access to both alumni and faculty personal information, which was then released publicly online.

http://news.softpedia.com/news/anonymous-leaks-data-from-south-african-university-504081.shtml

LinkedIn User Data On Sale

Recently, it was reported that the user account information of nearly 167 million LinkedIn users was available on the dark web 5 bitcoins, a small price. The leaked data likely comes from the 2012 hack of LinkedIn, in which over 6 million user accounts were made available, and resulting in hackers working to successfully crack a majority of the hashed passwords. While this breach doesn’t affect all of LinkedIn’s customers, it is advisable that all users change their passwords to avoid any potential future attacks on personal accounts.

http://www.computerworld.com/article/3071916/security/a-hacker-is-selling-167-million-linkedin-user-records.html?

Apple Pushes Out High Volume of Security Updates

This week, Apple started sending out security updates for all platform versions of its operating systems, with iOS alone receiving 39 different patches. These updates come just months after Apple participated in Pwn2Own, a hacking event focused on finding security vulnerabilities in the products of several industry leaders. Many of the patches are around the ways Apple product users view web content, with the goal being to keep them safe from any malicious attachments or redirects that may be lurking around.

http://www.eweek.com/security/apple-makes-security-improvements-to-ios-and-os-x.html

Germany Blames Russia for Cyber Attacks

German intelligence officials are pointing their fingers at Russia in regards to attacks dating back to  2015 on the German parliament, as well as the the more recent attacks on Chancellor Angela Merkel. In the past year, attacks originating in Russia have become increasingly common and have a wide spread of targets, including Ukraine’s power grid, TV stations in France, and computer system in the Netherlands. While it’s impossible to know for sure, many of the victims believe it to be the work of the Russian government rather than individual hackers.

http://www.securityweek.com/evidence-russia-behind-cyber-attacks-germany-secret-service?

Hacker Selling Pornhub Shell Access was a False Claim

In the past week, a hacker claimed to be selling shell access to Pornhub’s site, though this information later proved to be false. When contacted by Pornhub in regards to the vulnerability, the hacker was unable to provide any evidence of his capability to gain access or execute any injected code on the site. Pornhub has an ongoing bug bounty program, which will pay out up to $25,000 USD for the discovery of vulnerabilities on their sites.

http://www.csoonline.com/article/3070420/security/pornhub-said-to-be-compromised-shell-access-available-for-1-000.html

A lot happens in the security world and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

Microsoft and Adobe Vulnerabilities Revealed

In the past week, Microsoft announced a vulnerability in Windows, which would allow attackers to target users visiting a specific site and execute malicious code automatically. In the same statement, Adobe also issued a warning for Flash users, as an exploit was discovered that could allow remote access to unsuspecting computers. Patches for both issues are in the works, and users are strongly encouraged to run these updates promptly.

http://arstechnica.com/security/2016/05/beware-of-in-the-wild-0day-attacks-exploiting-windows-and-flash/

Google Breach Attributed to Third-Party Vendor

Recently, Google sent out an email to its employees, notifying them of a data breach that occurred with their benefits management partner. Fortunately for Google employees, the recipient of the unauthorized data contacted the company and deleted the information that was sent. As a result of the incident, Google is providing its employees with credit monitoring to safeguard against any fraud that may occur.

http://www.csoonline.com/article/3066841/internet/google-suffers-data-breach-via-benefits-provider.html

British Retailer Hacked for Customer Information

Kiddicare, a British children’s retailer, was recently targeted by attackers who gained access to the personal information of nearly 800,000 customers. The issue stems from a test website that Kiddicare created in late 2015, which contained a large quantity of real customer information, and was never secured or disposed of properly after testing was complete. It is still unclear why the test site was publicly accessible, but some customers have claimed to have received multiple phishing messages via text and email.

http://www.informationsecuritybuzz.com/hacker-news/experts-comments-data-breach-british-retailer-kiddicare/

School District Hit With Ransomware Attack

In the steadily-rising trend of infrastructure cyber attacks, a Texas school district is seeing the impacts firsthand. Multiple district websites were taken down when the Education Services Center’s servers were struck with ransomware. The district refused to pay the ransom and has been reasonably successful at restoring their systems from secure backups. Fortunately, no data was compromised and the sites have been mostly restored to their previous states.

http://www.timesrecordnews.com/news/education/insidious-malware-cripples-school-district-websites-in-region-11-cyber-attack-32953919-206c-55c1-e05-379065281.html

GPS Security Still Major Concern

GPS is used around the globe by nearly 4 billion individuals on a daily basis, and while it has become a necessity for many, it’s susceptible to be jammed, which makes it a potential security issue. GPS jamming can range from a localized area to a much larger region, with the user having no knowledge that the jam is occurring, and can cause a large disruption in functionality. Currently, the U.S. Air Force is working on a better version of GPS, which uses a stronger signal that has less chance of being broadcast over by a signal jammer.

http://www.csmonitor.com/World/Passcode/2016/0510/Why-GPS-is-more-vulnerable-than-ever

Canadian Gold Mining Company Hit With Cyber Attack

In the past week it was discovered that Goldcorp, a major gold-mining company in Canada, had been hacked and employee information had been taken. The leak contains W2’s, dozens of bank account documents, and other sensitive  employee information coming to a total of nearly 15GB of data and spanning the last 4 years. In addition to the leaked information, the company also received a demand for money in exchange for not releasing further data.

https://www.hackread.com/canadian-gold-mining-company-hacked/

Hackers Target Dridex Botnet

Ransomware has been a major player in the past couple years, with the Dridex botnet being used for a good portion of the distribution. Recently, researchers discovered a dummy file, containing only the words “STUPID LOCKY”, as the main payload of what appeared to be a malicious email attachment. While not every recipient is so fortunate, it does show that even the hackers aren’t completely hidden and susceptible to their own schemes.

https://www.helpnetsecurity.com/2016/05/05/dridex-botnet-hacked/

US Utility Companies Face Growing Ransomware Concern

Recently, a Michigan utility company was targeted with a ransomware attack that left many of their system utilities non-functioning. It appears no customer data was stolen as only their internal systems were compromised, however they’re still operating under limited functionality. This attack is just one in a long string of growing threats to infrastructure, be it in America or abroad.

http://www.theregister.co.uk/2016/05/03/michigan_electricity_utility_downed_by_ransomware_attack/

NSA Announces Increased Spying on Employees

In an effort to increase national security, the NSA has determined that their agents should have all internet access be monitored, both in the office and at home. To ensure NSA agents aren’t doing illegal activities on their own time, the agency does occasional network scans to monitor sites visited, online transactions, and use of social media. While under the claim of verifying whether the employees can handle highly sensitive information, it appears to be just another reason to invade the privacy of the people who are presumably highly trusted to ensure the security of the country.

http://www.presstv.ir/Detail/2016/05/03/463838/NSA-child-pornography-Kemp-Ensor-Defense-Security-Service-Daniel-Payne/

Wendy’s Credit Card Breach Leads them to Court

In the months following Wendy’s data breach, a credit union has filed a class action suit stating Wendy’s failed to update it’s card processing systems and left itself and it’s customers vulnerable to fraud for months. It is still unconfirmed how many of their nearly 6,000 stores were affected by the breach, but Wendy’s is still working with law enforcement and credit card companies to come to a good resolution.

Bangladesh Bank Still Attempting to Recover

In the months following one of the largest cyber heists in history, the Bangladesh Central Bank is still in the process of retrieving the $81 Million that was stolen from it, and which remains unaccounted for. The latest update comes from SWIFT, the financial transaction co-op, that has publicly stated that the Bangladesh Central Bank incident was not singular, but rather part of a larger string of cyber attacks. With this declaration, SWIFT has also pushed out a security update that will hopefully make these types of attacks more difficult in the future.

http://www.reuters.com/article/us-cyber-banking-swift-exclusive-idUSKCN0XM2DI

Uber User’s Data Security is Not So Secure

With the rise in app-based ride services across the globe, Uber riders are seeing spikes in fraudulent charges from distant locations. In other words, users are getting charged for rides they couldn’t possibly have been on. While Uber is still confident they’ve had no security breach of user information, more and more accounts are popping up on the Dark Web, at surprisingly reasonable costs. The most likely explanation is that consumers are using the same usernames and passwords for multiple apps, an ill-advised practice that’s not secure by default, which could be causing the harvesting of these credentials.

http://www.csoonline.com/article/3059461/data-breach/uber-fraud-scammer-takes-the-ride-victim-gets-the-bill.html?

Qatar National Bank is the Latest Financial Target of Cyber Attacks

In the past week, Qatar National Bank has stated they were the victim of a cyber attack, which allowed 1.4GB-worth of sensitive customer information to be leaked onto the Dark Web. Among the data, researchers have found transactions and other financial records of many high profile clients, including the Qatar Royal Family, possible intelligence agents from around the world, and even data on Al Jazeera employees. Qatar National Bank has made no confirmation of a security breach, although the leaked information would appear to be legitimate.

http://abcnews.go.com/International/wireStory/large-qatari-bank-investigating-alleged-data-breach-38698362 

Lifeboat Breach Could Lead to More Vulnerabilites

Recently, it was reported that Lifeboat Network, a Minecraft server provider, was hacked, with usernames/passwords being compromised. While Lifeboat issued a password reset to all users, who aren’t required to enter any personal or financial information when creating a login, users should still be cautious if they have re-used their passwords for other sites and change their passwords if this is the case.

https://www.helpnetsecurity.com/2016/04/27/lifeboat-data-breach/

Dating Site Exposes User Data

This week, yet another online dating site has been hacked and this time, the personal information of over 1 million individuals has been leaked. The site in question, Beautifulpeople.com, has stated that the leaked data was from a test server containing no user data. The server, which had no admin password to access, has since been taken offline.

https://www.wired.com/2016/04/beautiful-people-hack/ 

Separate tags with commas

SWIFT, Uber, Bangladesh Central Bank Breach, Dating site breach, Uber data security, data security, Minecraft, Lifeboat breach, cyber attacks, financial breach

A lot happens in the security world and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

Quicktime for Windows No Longer Supported

This week, Microsoft announced they would no longer be supporting the Quicktime media player and strongly recommended to completely uninstall it in order to avoid any malicious attack through the software, which will no longer receive patches. Several flaws have been found that could leave users open for attackers to access and infect the system. At present, the Mac version of Quicktime is still being supported with security updates.

http://n4bb.com/uninstall-quicktime-windows-microsoft-stops-support/

Security Flaw Leaves Phone Users Vulnerable

Most telecom companies around the world use the same routing protocol, SS7, for allowing users to contact others around the globe. However, SS7 also allows access to an individual phone and can even be maliciously aimed at gaining call recordings, geographical locations, and other personal information. This flaw, while dangerous in the hands of cyber criminals, is also used by the NSA and other intelligence agencies for data gathering and monitoring for suspicious activities.

http://arstechnica.com/security/2016/04/how-hackers-eavesdropped-on-a-us-congressman-using-only-his-phone-number/

Cyber Security Lacking in Majority of Companies

In a recent threat intelligence report, it was discovered that over 75% of business organizations have no method of response for cyber attacks, and only obtain these critical services after they have been targeted. While individual sectors are seeing a steady rise in malware attacks on their systems, it’s difficult to believe that a large portion are still unprepared for the attacks being reported in the news on a daily basis. And yet, here we are.

http://www.channelpartnersonline.com/news/2016/04/most-businesses-have-no-cyberattack-response-capa.aspx

Latest Encrypting Ransomware Aims at Bitcoin

In the past week, a new ransomware variant known as CryptXXX has been spotted in the wild that will both encrypt your data and steal bitcoins and other sensitive information located on the system. It appears to be from the same creators as Reveton, an older variant of encrypting ransomware, but with several advances that help it access stored passwords and lock users out of the system.

http://bravenewcoin.com/news/cryptxxx-set-to-become-the-worst-bitcoin-stealing-ransomware-yet/

End-to-End Message Encryption On the Rise

With the recent news about the FBI breaking Apple’s encryption to access sensitive information, more and more companies are working towards enhancing their current encryption standards. Viber, which makes the popular messaging app, has just announced they will be providing full end-to-end encryption for any and all data sent in messages, though it will take some time for all of its 700 million users to update to the latest version. Moreover, with Viber being an Israel-based company, they will not be directly affected by any US Congress decisions regarding encryption and the governments ability to access encrypted information.

http://www.wired.com/2016/04/viber-encrytpion/

A lot happens in the security world and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

Credit Card Breach at Trump Hotels

It has recently been reported that the Trump Hotel chains have been the target of yet another credit card breach, which is currently affecting several locations around the world. This comes less than a year after their last report of suspicious payment activity, in which they confirmed their systems had been hit with info-stealing malware.

http://krebsonsecurity.com/2016/04/sources-trump-hotels-breached-again/

Panama Papers Released

In what is currently considered to be the largest data leak in history (containing over 2.6 TB of information), a laundry list of celebrities and major political figures have been tied to offshore bank accounts. While having an offshore corporation is perfectly legal, many of those listed were using tax havens to hide their considerable wealth by using an offshore law firm, Mossack Fonseca, to manage their funds.

http://www.theguardian.com/news/2016/apr/03/what-you-need-to-know-about-the-panama-papers

Updating Passwords Occurs Less Among IT Admins

Most people understand the importance of changing passwords for sensitive accounts regularly, but those who often recommend these changes are at times ending up as the worst offenders. In a recent survey, IT Admins were shown to insist users change their credentials more often than they changed the credentials themselves. Furthermore, an astounding 10% of IT Admins admitted to having never changed the administrative credentials used in their organizations.

http://www.techweekeurope.co.uk/security/security-management/lieberman-software-it-admins-passwords-189155

Visa Database Potential Identity Risk

In the past week, an internal study conducted by the U.S. State Dept. revealed vulnerabilities in the visa application database, which contains hundreds of millions of confidential personal records. Currently, there has been no indication of a breach, but work is being done to seek out any vulnerabilities that haven’t already been resolved. Many of the issues they’re facing are related to aging technical systems and lack of upgrades.

http://www.fiercegovernmentit.com/story/vulnerabilities-visa-database-could-put-290m-personal-records-risk/2016-04-04?

LA Times Confirms their Site was Hacked

On Wednesday, it was reported that someone was able to access the LA Times website using a vulnerability in WordPress, and was offering this access for purchase. According to the LA Times, the security flaw has been resolved and they have added additional security precautions to prevent future breaches.

http://www.csoonline.com/article/3051598/security/la-times-said-to-be-compromised-shell-access-offered-up-for-sale.html?

A lot happens in the security world and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

MedStar Health, Latest Medical Services Ransomware Target

Early this week, MedStar Health, one of the largest healthcare providers in Maryland, was the victim of a ransomware attack that lead to the complete shutdown of their computer systems. Fortunately, for patients, it appears no information was stolen and all of their facilities have remained open, though currently lacking access to digital patient records.

http://www.csoonline.com/article/3048825/security/ransomware-attack-hits-medstar-health-network-offline.html#tk.rss_news

College Board Reports Security Breaches Allow Leaked SAT Tests

Recently, it has been discovered that, due to many security vulnerabilities in the College Board, the most recent version of the SAT has been compromised in several Asian countries. The latest report confirms that many prep schools throughout China and South Korea are teaching past SAT questions that will likely be used again, allowing some students to attain perfect scores, by having studied the answers beforehand.

http://www.reuters.com/investigates/special-report/college-sat-one/

Phishing Attack Nearly Costs Mattel $3 Million

Last year, toy maker Mattel was the victim of a phishing attack that lead to $3 million USD being transferred to a bank in Wenzhou, China. In this case, the new CEO’s email was spoofed to a financial executive that requested a large transfer, that was luckily caught and the account frozen before it was withdrawn. With social engineering being a prevalent source of corporate information, authentication for highly sensitive transfers of information or funds should be mandatory.

http://www.csoonline.com/article/3049392/security/chinese-scammers-take-mattel-to-the-bank-phishing-them-for-3-million.html#tk.rss_news

Federal Court Phone Scams On the Rise

Many people have been the victims of a scam call asking for access to your computer, or scaring you into giving up credit card information, but lately a new call has people worried. It comes in the form of a demand to quickly pay a fine for missing a jury duty summons, or have a warrant issued for your arrest. This type of scare tactic has become more aggressive, but also more detailed with the information they seem to “know” about you.

https://nakedsecurity.sophos.com/2016/03/31/us-federal-court-you-didnt-show-up-for-jury-duty-scammers-slicker-than-ever/

Computer Science Student Finds Valve Vulnerability

This week, a 16-year old student from the University of Salford successfully exploited a vulnerability that allowed him to publish a game to Steam without being reviewed by a Valve employee. He also made a blog post explaining how he was able to go about exploiting the bug, which has since been fixed.

https://www.helpnetsecurity.com/2016/03/30/steam-review-bypass/

A lot happens in the security world and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

Microsoft Addresses Macro Malware Issue

With macros being a major vulnerability point in Microsoft Office software, the 2016 version of the product line will now offer protection against these infections. By allowing network admins to block execution of any macro that attempts to download content from the Internet, this will greatly reduce the number of systems that are compromised.

http://news.softpedia.com/news/microsoft-adds-new-feature-in-office-2016-that-can-block-macro-malware-502058.shtml

Ransomware Takes Aim At Healthcare

In the past week, three U.S. hospitals were targeted by ransomware attacks that left them in varying levels of functionality. Fortunately for patients, all hospitals have returned to full capacity, with little to no patient information being leaked. It is still unclear if the hospitals paid the ransom, however the cases are under FBI investigation.

http://www.bbc.com/news/technology-35880610

NASA Email Servers Hit with DDoS Attack

Recently, a group of hackers linked to Anonymous has made claims that they used a DDoS attack to take down NASA’s email servers all around the world. However, that claim appears to be unsubstantiated, as NASA’s main website was still accessible during the apparent outage. The attack was perpetrated because the hacker group claims that NASA is keeping important information regarding ISIS withheld from the public.

https://www.hackread.com/hackers-ddos-shutdown-nasa-website-email-server/

Local Utilities Need to Increase their Security Measures

In a recent study done by the Verizon RISK lab, it was determined that while many local utility services believe they are quite secure against an information-stealing attack, they are actually a major offender of vulnerabilities. The study also revealed that one customer, Kemuri Water Company, had a decade-old system infrastructure while also using a SCADA platform with direct internet access and no two-factor authentication.

http://www.zdnet.com/article/the-future-of-our-city-services-cyberattackers-target-core-water-systems/

Majority of IT Pros Use Basic AV Security Solutions

It was revealed recently that the vast majority of IT professionals believe that using only a basic Antivirus software is enough to defend against the latest cyber attacks. The study also showed that only 15% applied additional defensive measures. Fortunately for consumers, the trend is moving towards ever-improving security protocols and finding better ways to catch the latest malware variants.

http://www.computing.co.uk/ctg/news/2452094/ninety-seven-per-cent-of-it-professionals-think-standard-antivirus-software-will-stop-zero-day-attacks

A lot happens in the security world and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

Credit Card Fraud Now Quicker Than Ever

There are thousands of cases of credit card fraud that occur every year, usually through a merchant breach. Lately, however, a new process has emerged and has shown to take almost no time at all, while also being nearly foolproof. By quickly attaching a face-plate skimmer to a credit card processor, hackers can retrieve any customer data they collect later by simply removing the skimmer or remotely connecting to the device via bluetooth.

http://www.csoonline.com/article/3043662/security/credit-card-terminal-goes-from-safe-to-compromised-in-less-than-three-seconds.html#tk.rss_news

Bank Breach in Bangladesh

It recently came to light that hackers had breached Bangladesh’s central bank and attempted to withdraw $101 million USD from their US-held account. The U.S. Federal Reserve allowed the initial transactions to occur, but the overall attack was halted when Deutsche Bank employees noticed a spelling error for the recipient party. While some of the cash had already been transferred to offshore casinos, the remainder that had been withdrawn was returned.

http://www.bankingtech.com/455732/typo-spells-confusion-in-101m-cyber-bank-heist/

Anti-DDoS Firm Hit with DDoS Attack

It has been confirmed that in the past week, the cyber security firm Staminus, has been the latest target of a severe DDoS attack. The attack left the Staminus website down for several days and finally resulted in a large information dump, containing mainly customer information. The information dump was preceeded by a note from the hacker that listed off various “tips” for running a security company, a likely jab at the security flaws used to initiate the breach.

https://nakedsecurity.sophos.com/2016/03/15/attacker-leaves-security-tips-after-invading-anti-ddos-firm-staminus/?utm_source=Naked+Security+-+Sophos+List&utm_campaign=7230822a23-naked%252Bsecurity&utm_medium=email&utm_term=0_31623bb782-7230822a23-454898153

Major News Sites Target of Malvertising

Recently, several high-profile domains were infiltrated by cybercriminals with the intent to distribute ransomware via the Angler Exploit Kit. With ransomware being a simple method for attackers to affect a large audience (as well as bring in a nice profit), more companies should be taking a closer look at their own systems and patching any vulnerabilities. While the attack lasted less than 24 hours, thousands of daily visitors to high-traffic sites such as the New York Times, BBC, and Newsweek could be affected.

http://www.csoonline.com/article/3044588/security/malvertising-campaign-hits-new-york-times-bbc-others.html#tk.rss_news

Typosquatting, Latest Mac OS X Scam

Cybercriminals are always on the lookout for the next method of targeting end-users. This time, they’re focusing on poor spelling. By implementing a method called ‘typosquatting’, attackers have been registering common US company domains using the “.om” suffix (belonging to the country of Oman), in hopes that people misspelling “.com” will be redirected to one of their phony sites. Aimed mainly at Mac OS users, when they land on a fake site, users are directed to a fake Adobe Flash update that actually attempts to install Genieo, a common Mac adware variant.

https://threatpost.com/typosquatters-target-apple-mac-users-with-new-om-domain-scam/116768/