The Cyber News Rundown brings you the latest happenings in cybersecurity news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst and a guy with a passion for all things security. Any questions? Just ask.
Winter Olympics Disrupted by Malware Attack
The Winter Olympics are in full swing, and cybercriminals seem to be working just as hard as the athletes. Their nefarious minds are focused on distributing malware that targets several internal WiFi and television systems. In addition to a delay during the opening ceremonies, the malware caused major damage to the networks by wiping non-critical network files and using stolen credentials to traverse the networks with ease. With plenty of international information on hand, it’s surprising the attack focused more on destruction over data collection.
Cryptocurrency Scams from Celebrities on Twitter
At least two dozen fake Twitter accounts impersonating celebrities, and others closely tied to cryptocurrencies, have been promising to distribute various currencies to followers. These accounts are all very similar to the real celebrities’ user accounts, barring small spelling changes, and can be found commenting amongst their target’s posts. Although Twitter appears to be working swiftly to remove these types of accounts, more continue to appear.
News Site Offers Compromise to Disabling Ad-Blockers
With the increasing popularity of cryptojacking—the process of using cryptomining scripts on highly-trafficked sites to generate revenue—Salon.com is now offering a choice to visitors: disable your ad blocker or let them use your CPU for cryptomining. While this new offering may seem unusual, it’s likely to become more prevalent, since many sites depend on ad revenue to remain operational. The logic is that most users would prefer to allow mining scripts to run over being subjected to ads.
Telegram Leaves Zero-Day Bug Unfixed for Months
Researchers discovered a vulnerability within the Telegram messenger client that would allow attackers to send malware by using a specific character to mask the actual file without making any additional changes to it. This method can be used to fully commandeer a system by sending victims a simple downloader over SMS. The downloader deploys a variety of malicious tools onto the system itself. Telegram has since resolved documented issues, which appear to have targeted mainly Russian victims from as long ago as March 2017.
Canadian Telecom Firm Faces Security Flaw
A hacker has contacted Canadian Telecom firm Freedom Mobile to inform them of the security risks that their nearly 350,000 customers could face if a flaw in their system isn’t fixed. The flaw would allow any attacker to use a brute force attack on the account login page to compromise customer information. The hacker doesn’t appear to be acting maliciously, and he has posted proof of his findings, along with a strong recommendation that Freedom Mobile re-examine its security offerings.