Reading Time: ~ 2 min.
Copyright Phishing Campaign Hits Instagram
Many Instagram accounts were recently compromised after receiving a notice that their accounts would be suspended for copyright infringement if they didn’t complete an objection form within 24 hours. By setting a timeframe, the attackers are hoping that flustered victims would quickly begin entering account credentials into a phony landing page before being redirected to the authentic Instagram login page to appear legitimate.
WordPress Plugin Exploited
Rich Reviews, a vulnerable WordPress plugin that was removed from the main WordPress repository more than six months ago, has been found still active on thousands of websites. This vulnerability allows attackers to download malicious payloads, then redirect victims to phony websites that could further infect their systems. Fortunately, several security companies are working with the plugin’s creators to fix the current vulnerabilities, though these updates won’t reach users until it’s put back on the repository.
Banking Malware Campaign
Hundreds of malware
samples have been discovered that target ATMs and can be deployed to obtain
sensitive banking information from infected systems. Dtrack, the name of the
malware tools, can also be used to steal local machine information, such as
keystrokes and browser history, by using known vulnerabilities in network
security. This type of attack comes from the Lazarus Group, who have been known
to target nations and major financial institutions around the world.
Click2Gov Site Hacked
An online bill paying site used in dozens of cities across
the U.S. was recently hacked in at least eight cities, already compromising more
than 20,000 individuals from all 50 states. This will be the third breach affecting
all of which used an exploit allowing attackers to gain both remote access to
the system and upload any files they choose. Many of the cities that were
targeted recently were part of the prior attacks on the Click2Gov portal.
Wyoming Healthcare Hit with Ransomware
County Health’s computer systems were brought to a halt after suffering a ransomware
attack this week. Nearly 1,500 computers were affected and all currently
scheduled surgeries and other medical care must be delayed or diverted to
another facility. Fortunately, CCH is working quickly to restore all of their
systems to normal and determine the exact infection point for the attack.
The post Cyber News Rundown: Instagram Phishing Campaign appeared first on Webroot Blog.