A lot happens in the security world and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

Linux Distro Compromised

This week, one of the largest Linux distro’s for Mint was targeted by hackers, who were able to successfully alter a PHP script to allow redirection to a Bulgarian-based IP. Additionally, it has been confirmed that usernames and passwords from the Mint forum database have been compromised as well. Fortunately, for most Mint users, you would have needed to install Mint 17.3 in the past week to actually have a chance of becoming infected.

Read more: https://nakedsecurity.sophos.com/2016/02/22/worlds-biggest-linux-distro-infected-with-malware/

Phishing Still A Major Issue for Companies

Spear phishing attacks continue to be on the rise, but it is still surprising how many companies are successfully attacked annually. The main cause for the success of these attacks is the human component: employees, consumers, and management. Using a more precise version of spear phishing, known as BEC or Business Email Compromise, attackers are able to spoof a high-level employee’s email account and request highly sensitive information without much questioning.

Read more: http://www.csoonline.com/article/3036837/security/phishing-remains-top-attack-vector-for-criminals-both-novice-and-professional.html

Child Tracker Database Exposed

Recently, an independent researcher uncovered a database owned by uKnowKids (a company that provides child monitoring software). Within the information that was accessible online were over 1,700 profiles of children, and many millions of private messages. The researcher was able to contact uKnowKids and inform them of the vulnerability quickly, although it is still unknown how long it was available to the public.

Read more:  https://www.helpnetsecurity.com/2016/02/23/sensitive-child-profiles-private-messages-exposed-online/

Nissan’s All-Electric Car Lacks Cloud Security

As electric cars continue their steady rise into the mainstream, it has become quite convenient to have an app that displays details about your car, and can even send basic commands. Unfortunately, this accessibility can come at a cost if it’s not well secured. Nissan’s Leaf has many of these features, including charging capabilites and climate control settings, but currently lacks any authentication, other than the username which is set as your car’s VIN. Without any further authentication, anyone with the app and the VIN can send commands to start/stop charging, or view any previous driving history.

Read more: https://nakedsecurity.sophos.com/2016/02/25/nissan-leaf-cloud-security-fail-leaves-drivers-exposed

Sony Hackers Likely Tied to S.E. Asian Attacks

When Sony Pictures was hacked in late 2014, many security companies were brought in to collaborate on discovering how, who, and when. Their research has brought to light a connection with North Korean nation-state hackers who also perpetrated attacks on South Korea and the US going as far back as 2009.

Read more: http://www.reuters.com/article/us-sony-cyber-idUSKCN0VX1IR

Connor Madsen

About the Author

Connor Madsen

Threat Research Analyst

As a Threat Research Analyst, Connor is tasked with discovering and identifying new malware variants, as well as testing current samples to ensure efficacy. Don’t miss the latest security news from around the world in his weekly Cyber News Rundown blog.

Share This