The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any questions? Just ask.

PayPal Plagued by Phishing Emails

Recently, many PayPal users have received emails about a fake transaction failure that request the user verify their login credentials. While many users were quick to notice the illegitimate sender email address, they also noticed that the email didn’t call them by name or username. Anyone who did follow the verification link would land on a fake site that asks the user to reenter their payment information and security questions.

Satori Botnet Emerges with 280,000 Infected Devices

Closely following worm behavior, the Satori variant of Mirai is able to spread quickly by using exploits to remotely connect to devices with unsecured ports, specifically ports 37215 and 52869. While exact methods are still unclear, Satori appears to be using a zero-day exploit for Huawei routers that received some attention in late November for allowing unauthorized code execution on affected devices. Use of Mirai variants has continued to rise in prevalence following the initial Mirai botnet discovery, which received worldwide attention for being the largest active botnet to date.

Virtual Keyboard App Leaves Data Exposed

With over 40 million users worldwide, you might expect a popular virtual keyboard app company would use strong data protection, rather than hosting the information on a simple server without so much as a password. Although the company secured their server shortly after learning of the vulnerability, 577 gigabytes worth of sensitive user data were available for an unknown period of time. The data included names and email addresses, along with user locations by city. Even worse, any keystrokes entered via the app were recorded and stored; this data was also on the unencrypted server.

Phishing Sites Now Use HTTPS to Appear Legitimate

In the past few years, security measures for websites have gotten significantly stronger, but cybercriminals are managing to close the gap. By implementing HTTPS for phishing sites, scammers can trick victims into divulging their information even more easily. After all, many users have been trained to look for the HTTPS protocol to ensure a website’s security. In a recent sample collected over a 24-hour period, nearly 200 unique phishing pages were found using HTTPS, even though it isn’t necessary for anything beyond user deception.

Apple Root Bug Resurfaces After Update

As a follow-up to last week’s new regarding a bug that allowed anyone with access to the device to gain “root” or administrative privileges, the bug appears to have resurfaced on systems that received the update after the patch was released. In addition to the bug’s return, the security update also managed to break Apple’s file sharing functionality. They have since pushed out yet another update that appears to patch all the recent issues.

The post Cyber News Rundown: Edition 12/08/17 appeared first on Webroot Threat Blog.