Macros Turn Focus Towards MacOS

Researchers have discovered a trend of malicious Microsoft Word documents for MacOS that behave similar to Windows macro infections. The culprits download and execute a malicious payload to a user’s computer. While not particularly sophisticated, the macro-based infections focus on exploiting the users of the computer, rather than a software vulnerability, as macros can also be used for legitimate applications.

Phishing and Tax Season Go Hand in Hand

It’s tax season and criminals are working on new and clever ways to gain access to sensitive documents, and other available assets. This year brings the usual spear phishing campaigns that spoof an executive requesting tax forms, but arrive with a follow-up email requesting a wire transfer to a listed account. The best defense against these types of attacks is caution on the recipient of any suspicious emails, and using two-factor authentication where available.

Android Malware Triada Takes Top Spot

The reigning Android malware family has changed from Hummingbad, a rootkit downloader that remains persistent on devices and downloads fraudulent apps for ad revenue, to Triada, a malicious backdoor that grants super-user privileges to the malicious payloads that are downloaded according to a recent announcement. This switch comes after nearly a year as the most widespread infection for Android devices.

Teen Hacks 150,000 IoT Devices Overnight

It’s been revealed that a teenager from the UK, in the span of an evening, successfully hacked over 150,000 printers across the world. He created a simple program that sent printer protocol requests to various IoT devices and was able to get responses from and send jobs to different printers. The teen claims he did so to bring attention to the major lack in security for IoT devices that are connected to an insecure network.

Unpatched WordPress Sites Defaced

Thousands of WordPress sites have been defaced by hackers exploiting a bug patched nearly two weeks ago. Sites that haven’t been updated to the latest version were susceptible to a vulnerability in the REST API allowing unauthorized changes to be made to the title and any visible content. Due to the defacements, Google has begun categorizing affected sites by the hacker group’s names.

The post Cyber News Rundown: Edition 2/10/17 appeared first on Webroot Threat Blog.