Security Briefing – 2-6-2018
Today is Safer Internet Day 2018 (of course that’s a thing) and here are 3 quick tips you can use to make your social media experiences a bit safer: 1) Turn on 2-factor authentication, 2) BE NICE, 3) Log out when you’re done! Yay safer internet!
Security researchers at Chinese IT security firm Qihoo 360 Netlab discovered a new piece of wormable Android malware, dubbed ADB.Miner, that scans wide-range of IP addresses to find vulnerable devices (anything Android-based and IoT) and infect them to mine digital cryptocurrency.
A critical vulnerability discovered in the Chrome and Firefox browser extension of the grammar-checking software Grammarly inadvertently left all 22 million users’ accounts, including their personal documents and records, vulnerable to remote hackers.
Dubbed Smominru, and focused on mining Monero crypto-currency, a new botnet managed to infect over 526,000 Windows hosts to date, most of which are believed to be servers. After conducting a sinkholing operation, the security researchers discovered that the infected machines are distributed worldwide, with the highest numbers in Russia, India, and Taiwan.
The 2018 Identity Fraud Study released today by Javelin Strategy & Research, found that in 2017, the total number of fraud victims increased 8% to 16.7 million. The Javelin report also found that 6.64% of consumers became victims of identity fraud last year, an increase of almost 1 million victims from the previous year. The increase was driven by growth in existing non-card fraud and account takeover (ATO) schemes.
British bank Lloyds, along with US institutions including Bank of America and JP Morgan, decided that the recent volatility of cryptocurrency prices has made them too much of a gamble for credit card purchases. Simply put, you’ll need a debit card from now on to buy cryptocoins such as Monero, Ethereum and Bitcoin, to prevent you speculating on credit given that last year’s surge in cryptocurrency prices has been offset by a recent, sudden plunge in value.
In the wake of the cryptocurrency lifestyle, marketers have taken to trying to push cryptocurrency (or scams) on unsuspecting get-rich-quickers. Not on Facebook, the platform banned all ads dealing with cryptocurrency last week.
There’s an Adobe Flash zero-day vulnerability that exploits Microsoft Office interactions with embedded Flash objects, typically being given as attachments in emails. It’s 1998 all over again! Adobe to patch next week.
Ransomware made it into the Oxford English Dictionary. What a time to be alive.