A lot happens in the security world, some big and some small, and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot ThreatBrief, highlighting 5 major security news stories of the week.
Fitbit Accounts Hacked
On Monday of this week, it was reported that dozens of Fitbit accounts had been accessed, with users information leaking to external sites. According to Fitbit, customer’s usernames, passwords, and location information were accessed, likely from customers reusing passwords for multiple website logins. Fitbit doesn’t currently use two-step authentication for account security, but that is likely to change in the coming months.
Industrial Sized Vulnerabilities
Having devices connected to a network is always a risky proposition, especially when the devices in question are industrial motors; running power plants, water treatment plants, and other large infrastructure systems. Recently, a vulnerability was found that would allow unauthorized read and write access to the drives, thus allowing the motor speed to fluctuate or rise to unsafe levels. The vulnerability has been found in several variable-frequency drives currently available on the market.
Read More: http://www.wired.com/2016/01/an-easy-way-for-hackers-to-remotely-burn-industrial-motors/
Japanese Banks Attacked
Recently, the Rovnix banking trojan, which has been quite prevalent in Europe, has bridged the language barrier and aimed itself at the Japanese banking system. The infection is commonly spread through email attachments, which contain the malicious payload in an otherwise unsuspecting email. Using web injection, Rovnix is capable of loading an imitation page of the targetted bank and allow users to login normally, while logging that information externally.
Nissan Sites Hit with DDoS Attack
With the Detroit Auto Show taking place this week, it could only be coincidental that Nissan’s global and Japanese sites have been the main focus of a DDoS attack, in response to whale and dolphin hunting by Japanese hunters. Nissan appears to have been targetted, not due to their stance on hunting, but because they are a major Japanese corporation and the attack would bring national attention to the whaling issue.
Read More: http://www.bbc.com/news/technology-35306206
NSA Code Found in Juniper Software
In the last week, Juniper Networks have announced they will no longer be using a particular piece of code that may have been linked to the NSA, to allow monitoring of private network sessions. The code used a mathematical constant that was generated using Dual Elliptic Curve, which is not only untrusted, but was widely distributed via government contracted software kits.
