The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
Fake Crypto Exchange Apps Found on Google Play Store
After being available on the Google Play store for nearly a month, several phishing apps that were spoofing cryptocurrency exchanges have been removed. Unfortunately, they had been installed up to 5000 unique times by unwitting users. While this isn’t the first time we’ve seen phony crypto exchange apps in an app store, they are becoming more regular, and increasingly difficult to identify.
Reaper Botnet on Track to Be Largest in History
A new botnet called Reaper has been spotted controlling nearly two million unique IoT devices, and is continuing to grow. The infection spreads relatively quietly, like a worm, and uses known vulnerabilities within internet-connected devices to increase its reach. The botnet has yet to be used for any known DDoS attacks, and it appears to be more concerned with growth than high-profile attacks.
Microsoft Office Vulnerability Leaves Users Defenseless
As more and more attention is focused on infections from malicious email attachments, an exploit has been found in a decades-old data exchange system used in all Microsoft Office programs that could allow similar attacks to remain unnoticed. The exploit is based on the data exchange protocols used to send data between Office apps and could be used to trigger malware without user interaction. Unfortunately, Microsoft is unlikely to perform any major patches to resolve the issue, since they could break the data protocols needed by each app.
Customer Info Breach at Major Cosmetics Company
Recently, a security firm found two publicly accessible databases containing sensitive information for nearly 2 million Tarte Cosmetics customers. The data consisted mostly of payment and other sensitive information for any online customers from the last decade, and may have also fallen victim to a ransomware attack during the period that it was unsecured. Fortunately, Tarte was quick to take both databases offline after being informed of the indiscretion.
Bad Rabbit Ransomware Invades Media Outlets
Over the past week, multiple media outlets from Eastern Europe to Japan have been experiencing a ransomware attack, dubbed Bad Rabbit by researchers. The variant shares some of its code with Petya, the ransomware that caused widespread damage earlier this year. Bad Rabbit seems to propagate through fake Flash updates and uses Mimikatz to obtain credentials from infected devices.