Cybersecurity Weekly: Worm eradication, Instagram hack demonstration, massive iPhone hack
As of this week, I've started writing a new series on the Infosec Blog called Cybersecurity Weekly! Each week, I compile ten recent news articles from the world of cybersecurity for your reading pleasure! French police remove the Retadup worm from 850,000 PCs with the help of Avast. A white hat hacker demonstrated how to hack over one million Instagram accounts. A slew of security incidents and breaches, including Foxit PDF reader, Hostinger and Apple’s iPhone. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. Avast, French police remove Retadup malware from 850,000 PCs
Retadup is a worm that was first identified in 2017 and primarily used by cybercriminals to spread ransomware and cryptocurrency miners. After identifying the location of the Retadup infrastructure in France, Avast and French police successfully took control of the server behind the worm, causing it to self-destruct.
Full Article »
2. How to know if your cybersecurity tools are actually working
Your organization has invested in dozens of cybersecurity tools. But you’re not sure if they’re working as expected. The good news is you’re not alone. In fact, more than half of enterprise security leaders don’t know if their security tools are working, according to a new report from the Ponemon Institute and AttackIQ.
Full Article »
3. Foxit PDF software company suffers data breach — asks users to reset password
Foxit Software, a company known for its popular lightweight Foxit PDF Reader application, announced last week a data breach exposing the personal information of “My Account” service users. It’s not yet clear if the leaked account passwords are protected by a hashing and salting mechanism.
Full Article »
4. Malware found in CamScanner Android app with 100+ million users
CamScanner, the popular Phone PDF creator app with more than 100 million downloads, has recently gone rogue as researchers found a hidden Trojan Dropper module within the app that could allow remote attackers to secretly download and install a malicious program on users’ Android devices without their knowledge.
Full Article »
5. Ransomware hits dental data backup service offering ransomware protection
DDS Safe, a cloud-based data backup system that hundreds of dental practice offices use to protect medical records and other PHI from ransomware attacks, has been hit with ransomware. This attack crippled computer systems in 400 dental practice offices around the United States last week.
Full Article »
6. Phishing scam at Presbyterian exposes 183K patients’ data
Presbyterian Healthcare Services notified 183,000 patients and health plan members that some of their protected health information was exposed in a phishing attack. The breach included names of patients and health plan members, and may have involved Social Security numbers, birth dates and health plan information.
Full Article »
7. Google uncovers massive iPhone attack campaign
For at least two years, a small collection of hacked websites attacked iPhones in a massive campaign affecting thousands of devices. The malware granted access to all of a victim’s database files used by apps like WhatsApp, Telegram and iMessage so attackers could view sent and received plaintext messages.
Full Article »
8. Phishers are angling for your cloud providers
Many companies are now outsourcing their marketing efforts to cloud-based customer relationship management providers. But when accounts at those CRM providers get hacked or phished, the results can be damaging for both the client’s brand and their customers. Here’s a look at a recent CRM-based phishing campaign.
Full Article »
9. Google will now pay anyone who reports apps abusing users’ data
In the wake of several instances of malware apps being discovered on the Play Store, Google expanded its bug bounty program to beef up the security of Android apps and Chrome extensions distributed through its platform.
Full Article »
10. White hat hacker demonstrated how to hack a million Instagram accounts
The white-hat hacker Laxman Muthiyah discovered a critical vulnerability that could have been exploited to hack Instagram accounts. The process affected Instagram’s password recovery process for mobile devices that leverages a six-digit code sent to users’ phones to change the password.
Full Article »