A lot happens in the security world and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

Credit Card Fraud Now Quicker Than Ever

There are thousands of cases of credit card fraud that occur every year, usually through a merchant breach. Lately, however, a new process has emerged and has shown to take almost no time at all, while also being nearly foolproof. By quickly attaching a face-plate skimmer to a credit card processor, hackers can retrieve any customer data they collect later by simply removing the skimmer or remotely connecting to the device via bluetooth.

http://www.csoonline.com/article/3043662/security/credit-card-terminal-goes-from-safe-to-compromised-in-less-than-three-seconds.html#tk.rss_news

Bank Breach in Bangladesh

It recently came to light that hackers had breached Bangladesh’s central bank and attempted to withdraw $101 million USD from their US-held account. The U.S. Federal Reserve allowed the initial transactions to occur, but the overall attack was halted when Deutsche Bank employees noticed a spelling error for the recipient party. While some of the cash had already been transferred to offshore casinos, the remainder that had been withdrawn was returned.

http://www.bankingtech.com/455732/typo-spells-confusion-in-101m-cyber-bank-heist/

Anti-DDoS Firm Hit with DDoS Attack

It has been confirmed that in the past week, the cyber security firm Staminus, has been the latest target of a severe DDoS attack. The attack left the Staminus website down for several days and finally resulted in a large information dump, containing mainly customer information. The information dump was preceeded by a note from the hacker that listed off various “tips” for running a security company, a likely jab at the security flaws used to initiate the breach.

https://nakedsecurity.sophos.com/2016/03/15/attacker-leaves-security-tips-after-invading-anti-ddos-firm-staminus/?utm_source=Naked+Security+-+Sophos+List&utm_campaign=7230822a23-naked%252Bsecurity&utm_medium=email&utm_term=0_31623bb782-7230822a23-454898153

Major News Sites Target of Malvertising

Recently, several high-profile domains were infiltrated by cybercriminals with the intent to distribute ransomware via the Angler Exploit Kit. With ransomware being a simple method for attackers to affect a large audience (as well as bring in a nice profit), more companies should be taking a closer look at their own systems and patching any vulnerabilities. While the attack lasted less than 24 hours, thousands of daily visitors to high-traffic sites such as the New York Times, BBC, and Newsweek could be affected.

http://www.csoonline.com/article/3044588/security/malvertising-campaign-hits-new-york-times-bbc-others.html#tk.rss_news

Typosquatting, Latest Mac OS X Scam

Cybercriminals are always on the lookout for the next method of targeting end-users. This time, they’re focusing on poor spelling. By implementing a method called ‘typosquatting’, attackers have been registering common US company domains using the “.om” suffix (belonging to the country of Oman), in hopes that people misspelling “.com” will be redirected to one of their phony sites. Aimed mainly at Mac OS users, when they land on a fake site, users are directed to a fake Adobe Flash update that actually attempts to install Genieo, a common Mac adware variant.

https://threatpost.com/typosquatters-target-apple-mac-users-with-new-om-domain-scam/116768/

Connor Madsen

About the Author

Connor Madsen

Threat Research Analyst

As a Threat Research Analyst, Connor is tasked with discovering and identifying new malware variants, as well as testing current samples to ensure efficacy. Don’t miss the latest security news from around the world in his weekly Cyber News Rundown blog.

Share This