The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
Ransomware Exploits Safari Bug
Apple fixed a flaw earlier this week that allowed scammers to exploit a pop-up redirecting porn viewers to a fake law enforcement page. Once there, further access was blocked, and a demand for an iTunes gift card as ransom was made. While many unsuspecting users fell victim to the scam, Apple was able to promptly issue a patch that resolved the vulnerability. Apple has also recommended that anyone affected by the scam should clear their browser cache, to remove any possibility of relaunching the malicious sites.
Microsoft’s Docs.com Sharing Documents Publicly
Researchers have discovered that a vast majority of the documents posted to Docs.com are fully searchable and indexed into several search engines. This wouldn’t be such an issue if the many users posting content to the site were aware of the public availability of the possibly-sensitive documents they had unwittingly sent through their organizations and out into the public domain. While Microsoft has since removed the search bar from the main site page, anything uploaded prior is still available through multiple search engines.
Hong Kong Voter Records Leaked
As the Hong Kong elections took place over the weekend, two laptops containing sensitive information for Hong Kong’s nearly 3.7 million voters were stolen from a backup location for the elections. While the data on the laptops was encrypted, it could only be a matter of time until it is broken and that data is exposed. If released, it would be the largest data breach to ever come out of Hong Kong.
Crusader Adware Replaces Tech Support Search Results
A new browser extension has been discovered that can modify a user’s search results, launch additional ads, and even display pop-ups for other scams. Usually installed with a bundle of other software, the extension known as Crusader is able to monitor all Internet traffic and rewrite tech support numbers to continue the cycle by having the victim contact yet another tech support scammer for “assistance.”
WoW Users Targeted with Phishing Attack
Many avid World of Warcraft players have received emails offering an in-game pet that was “gifted” to them by a fellow gamer. Unfortunately for the recipients, the link directing them towards the Battle.net site to claim their gift actually sent them to a phishing site set up to capture all of their login information. While the scam site is already blocked by Google’s Safe Browsing, users are still urged to proceed with caution, should they receive any suspicious emails.