There’s a lot that happens in the security world, with many stories getting lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.
First ‘Hack the Pentagon’ Event a Major Success
Several months ago, the Department of Defense launched a program designed to bring in registered hackers and have them attempt to breach several public-facing websites, for cash prizes. With over 1,400 hackers participating, the DoD was able to confirm 138 discovered vulnerabilities and paid out amounts up to $15,000. Furthermore, in the 3-week period, not a single malicious attack was attempted on DoD sites.
Apple Customers Targeted With Phishing Campaign
In the last week, many Apple users had received an email warning them of a virus in the iTunes Database that required all users to re-validate all of their user information, and threatened to delete accounts if the user delayed inputting the information. However, with a redirected splash page riddled with misspelling, this phishing attempt was quickly thwarted and the associated pages were taken down, though Apple still warns users to be vigilant for similar emails in the future.
https://www.helpnetsecurity.com/2016/06/21/itunes-database-phish/
Ded Cryptor, Latest Bilingual Ransomware Variant
Researchers have uncovered another ransomware variant, this time with a less-than-jolly Santa figure appearing alongside the ransom instructions, written in both English and Russian. The so-called Ded Cryptor replaces the user’s wallpaper with the ransom note and gives an email address to contact for further steps towards payment and decryption of their files, which are appended with a .ded extension upon encryption.
Court Rules FBI No Longer Needs Warrant to Hack Computers
In a recent court ruling surrounding a child pornography case, the FBI had granted a warrant to hack into certain computers and retrieve information that lead to multiple offenders being arrested. The presiding judge had determined that while the offenders had used Tor to anonymize their browsing, having a publicly accessible IP address removed the need for law enforcement to obtain a warrant when gaining unauthorized access to any computer, regardless of probable cause or any real suspicion.
Acer Security Breach
Recently, Acer has come forward and admitted to a breach in their systems that allowed hackers to access the sensitive information of over 34,000 customers, which ranges over a course of a year and contains a full year’s worth of transactions. This information includes names, addresses, and credit card information (that may or may not have been encrypted prior to the breach), and other private information that criminals could use to commit fraud.
