Cyber News Rundown
January 5, 2018Connor Madsen By Connor Madsen: Threat Research Analyst

Cyber News Rundown: Edition 1/5/18

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst with a passion for all things security. Any questions? Just ask.

Researchers Find Major Security Flaws in Modern Processors

Newly discovered bugs, Meltdown and Spectre, exploit critical flaws in the architecture of many modern processors to leak system memory and view information that should remain hidden at the application level. This vulnerability would allow hackers to steal secret information, such as stored passwords, although there are no known exploits currently in use. Operating system makers such as Microsoft, Apple, and Linux scrambled on Wednesday to release security updates to protect users. Experts speculate these flaws will impact the security industry for many years to come.

‘Trackmageddon’ Bugs Leave GPS Data Open to Hackers

Two security researches have uncovered several vulnerabilities that affect GPS tracking services, including those used in child and pet trackers. These vulnerabilities range from weak passwords and unsecured folders to unprotected API endpoints, according a report issued by the research team. Hackers could potentially exploit these flaws to collect private data from these location-tracking services.

Clothing Retailer Finds Malware on PoS Devices

The LA-based fashion retailer Forever 21 revealed that a recent data breach resulted in the theft of customer credit card information. Following an investigation, Forever 21 disclosed that point-of-sale devices were infected with malware following a lapse in data encryption. While it’s still unclear how many stores and customers have been affected, the retailer advises all customers to keep a close eye on their financial statements and credit reports for suspicious activity.

Cancer Care Provider Reaches Settlement over HIPAA Violations

21st Century Oncology has reached a $2.3 million settlement agreement with the US Department of Health and Human Services following a data breach that leaked patient records and Social Security numbers of some 2 million patients. According to a press release from HHS, the breach was uncovered after an FBI informant was able to illegally obtain the company’s private patient files from a third party.

Android Malware Variant Steals Uber Data

Fakeapp malware found on Android devices spoofs Uber app to appear legitimate to users. This new malware tricks users into entering their account credentials by imitating the Uber app’s user interface. This attack underscores the need for caution when downloading apps, even from the Google Play store, as well as using a trusted a mobile security solution.

 

Share Button

8 Responses to Cyber News Rundown: Edition 1/5/18

  1. In regards to Meltdown/Spectre, is Webroot considered a “safe” antivirus program by Windows update yet? I attempted to do a Windows update on 1/4/18 and again on 1/5/18, and there was nothing to update. I’m just trying to stay updated as much as possible in as many areas as I can think of. I’ve read that some antivirus/malware programs can cause “blue screen” events if the program has not set a registry value in order to receive the Windows update required to protect the system, and, of course, I would prefer to avoid that. Thank you so much for any insights you can share on this question!

    • Hello Bradley,

      It’s an entirely legitimate question and we appreciate you reaching out.
      Webroot is safe-to-use and this bug will be completely patched in the next release of SecureAnywhere. For the time being, please make sure to visit this post on our Community for more information.
      ~JP~

  2. When will Webroot for Windows be updated (including the registry key) so that we can install the Microsoft patches to protect ourselves from the meltdown/specter vulnerabilities?

Leave a Reply

Your email address will not be published. Required fields are marked *