Weekly Security Roundup #63: Feels Like Living a Groundhog Day
Why do the same old cyber threats still work? Spoiler alert: Because we let them
Every time I write the weekly security recap, I realize I run into the same subjects over and over again. Malware, data breaches, Internet of Things flaws – all these are repeating threats, just like in a time loop similar to what Bill Murray experienced in the Groundhog Day movie.
Yesterday, Andra published a major security alert about a malware campaign that infected hundreds of WordPress websites. The compromised websites were used to deliver ransomware.
Another article that you shouldn’t miss covers everything you need to know about fileless malware infections: how they work, why they are so popular among cybercrooks, and how to fight them.
Before you head off to enjoy your weekend, here is a quick roundup of the most important security news from this past week.
Security articles of the week
While browsing online, you’ve most likely encountered deceptive buttons or misleading embedded content, such as ads. These will try to trick you into downloading malicious software or giving out sensitive information.
From now on, if you’re using Chrome as a browser, you will be warned against this kind of attacks. This protection is consistent with the war against social engineering tactics that Google declared back in November.
Almost two months ago, researchers from Check Point informed eBay of a severe vulnerability in their platform. The flaw could allow cybercrooks to spread malware and phishing campaigns.
Representatives of the eCommerce giant declared that they have no plans yet to fix the vulnerability.
The Dutch National Police initiated a program of training eagles to take down rogue drones, as an alternative to shooting them, using radio jammers or other methods to bring them down. If everything goes well, the program will be functional in a few months.
Completely unrelated to the previous news, a group named AnonSec claimed that they took control of one of NASA‘s drones. They also leaked over 250 GB of sensitive data, that includes flight logs, video feeds and employees credentials.
NASA denies the attack and sent the following statement to Forbes:
“Control of our Global Hawk aircraft was not compromised. NASA has no evidence to indicate the alleged hacked data are anything other than already publicly available data. NASA takes cybersecurity very seriously and will continue to fully investigate all of these allegations.”
A new research examined wearable fitness tracking devices offered by eight companies: Apple, Fitbit, Garmin, Jawbone, Xiaomi, Mio, Basis and Withing. The report exposes vulnerabilities in the way these wearables are made.
“[…] all studied fitness wearables except for the Apple Watch wirelessly emit a persistent unique identifier over Bluetooth. This leakage lets third parties, such as shopping centres or others interested in location-based monitoring, collect and map out people’s movements over time.”
TMZ, one of the most read gossip websites, fall victim to a malvertising campaign. RottenTomatoes, AutoBlog and LifeBuzz are also among the other top publishers that were hit.
Oracle announced that, after two decades, it will finally retire its highly insecure Java browser plugin.
This will happen in the upcoming year, together with the release of version 9 of the Java Development Kit.
Researchers from Rapid7 unveiled security flaws in devices dedicated to kids and their parents. More exactly, Fisher-Price Smart Toy®, a line of stuffed animals, and the hereO GPS Platform, a GPS watch that allows parents to keep track of their kids location. The issues were quickly fixed by the vendors.
“It’s important to be mindful that all technologies contain bugs that can often impact the security of the ecosystem powering a sometimes complex mixture of protocols, standards, and components. While the issues explained here were detrimental to their user’s privacy and safety, they were also issues that we’ve seen so many organization’s make.”
At Facebook’s 12 years anniversary, here are five ways to keep enjoying your Facebook account at the highest privacy and security level.
Bruce Harpham from CIO wrote about the lessons that we learned (or should have learned) from 2015’s cybersecurity landscape.
We can’t emphasize enough the importance of taking elementary measures, measures that will ensure our cyber security.
With Valentine’s Day quickly approaching, next week we’ll most likely encounter lots of scams related to it. With our “busyiness” and attention span extremely reduced, this is an ideal time for attacks from cybercrooks.
Don’t wanna sound too nagging, but you should keep your guard high and tight, especially if you’re planning on doing some online shopping for your better half. Also, you might wanna take a quick glance again over our guide on how to securely shop online.