The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst with a passion for all things security. Any questions? Just ask.
Researchers Find Major Security Flaws in Modern Processors
Newly discovered bugs, Meltdown and Spectre, exploit critical flaws in the architecture of many modern processors to leak system memory and view information that should remain hidden at the application level. This vulnerability would allow hackers to steal secret information, such as stored passwords, although there are no known exploits currently in use. Operating system makers such as Microsoft, Apple, and Linux scrambled on Wednesday to release security updates to protect users. Experts speculate these flaws will impact the security industry for many years to come.
‘Trackmageddon’ Bugs Leave GPS Data Open to Hackers
Two security researches have uncovered several vulnerabilities that affect GPS tracking services, including those used in child and pet trackers. These vulnerabilities range from weak passwords and unsecured folders to unprotected API endpoints, according a report issued by the research team. Hackers could potentially exploit these flaws to collect private data from these location-tracking services.
Clothing Retailer Finds Malware on PoS Devices
The LA-based fashion retailer Forever 21 revealed that a recent data breach resulted in the theft of customer credit card information. Following an investigation, the company disclosed that point-of-sale devices were infected with malware following a lapse in data encryption. While it’s still unclear how many stores and customers have been affected, the retailer advises all customers to keep a close eye on their financial statements and credit reports for suspicious activity.
Cancer Care Provider Reaches Settlement over HIPAA Violations
21st Century Oncology has reached a $2.3 million settlement agreement with the US Department of Health and Human Services following a data breach that leaked the patient records and Social Security numbers of some 2 million patients. According to a press release from HHS, the breach was uncovered after an FBI informant was able to illegally obtain the company’s private patient files from a third party.
Android Malware Variant Steals Uber Data
Fakeapp malware found on Android devices spoofs the Uber app to appear legitimate to users. This new malware tricks users into entering their account credentials by imitating the Uber app’s user interface. This attack underscores the need for caution when downloading apps, even from the Google Play store, as well as using a trusted a mobile security solution.