<\/p>\n
A lot happens in the security world, and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.<\/p>\n
Tax Season Leads to Rise in Phishing Attacks<\/strong><\/p>\n As we’ve seen in the past, corporations preparing their taxes for the April deadline are a lucrative target for phishing attacks. Most recently, Seagate Technologies had such a breach in which all current and former employees’ W-2 information was compromised. This incident follows a trend\u00a0of attacks that target employees by spoofing the CEO’s email address and asking for highly sensitive information.<\/p>\n http:\/\/www.csoonline.com\/article\/3040626\/security\/three-more-firms-hit-by-targeted-phishing-attacks-seeking-w2-data.html#tk.rss_news<\/a><\/p>\n Ransomware Targets Mac OS X<\/strong><\/p>\n In the past week, it was brought to light that a new form of ransomware had hit the market and was aimed specifically at Mac users. KeRanger comes bundled with the Transmission Bittorrent client and remains dormant for three days to avoid quick detection or suspicion of the torrenting app itself. After that time period, it gathers sensitive information about the Mac and uploads to a Command & Control server, thus starting the process of encryption.<\/p>\n https://www.webroot.com/blog/2016\/03\/07\/18611\/<\/a><\/p>\n Android Users Hit with Banking Malware<\/strong><\/p>\n Recently, a new form of banking malware, labeled as Spy.Agent.SI, has been targeting\u00a0Android mobile banking users. The program will lock the device until the user enters their bank login information from one of the targeted bank apps. Currently, it appears to be focused on several large banks in Australia and New Zealand, and only impacts users who downloaded the fake Adobe Flash Player app from a third-party app store.<\/p>\n http:\/\/www.csmonitor.com\/World\/Passcode\/2016\/0307\/Sophisticated-banking-malware-targets-Android-users?mc_cid=db5948860e&mc_eid=aa7c64b687<\/a><\/p>\n Facebook Password Reset Vulnerability Found<\/strong><\/p>\n A vulnerability was discovered this past week in Facebook’s password reset functionality. While a brute-force attack would be impossible on the facebook.com main website, due to a lock-out feature that triggers after a certain number of failed password tries, several of their other domains do not have this capability. This lack of security in the less trafficked sites within the facebook.com domain allowed the researcher to perform a brute-force attack on his own account, and successfully gain access to the account.<\/p>\n