Reading Time: ~ 2 min.
Paradise Ransomware Spreading Through Unusual Attachments
While Paradise
ransomware isn’t new to the scene, the latest methods it’s using to spread are
a bit surprising. Though it sticks to using email for transmission, it now offers
up an IQY attachment instead of a typical word document or excel spreadsheet. These
can make a quick connection to a malicious URL prompting the download of the
actual ransomware payload. What makes these especially dangerous is that they
appear to be simple text files with no internal malicious code, just commands
for retrieving it, so it isn’t typically picked up by most security services.
Entercom Data Breach
One of the world’s largest radio broadcasters, Entercom,
recently revealed it had fallen victim to a data breach. It was initiated
through a third-party service that stored login credentials for Radio.com users
and could affect up to 170 million customers. This breach would be the third
security incident targeting Entercom in just the last six months. The company has
already fallen victim to two separate cyberattacks that caused their systems to
be disrupted. Entercom has since implemented several additional security
measures and prompted all users to change their passwords, especially if reused
on other sites.
Western Union Begins Fraud Payback
Western
Union has started paying back roughly $153 million to victims of fraudulent
transactions processed by the firm’s payment systems. According to the U.S. Department
of Justice, several employees and owners of Western Union locations were
involved with allowing these fraudulent payments to be made and failing to
properly discipline those individuals. The payback terms have started with
109,000 victims worldwide and will eventually total $586 million in
reimbursements.
Whisper App Exposes User Data and Messages
The anonymous messaging app Whisper
was recently revealed to own an unsecured database containing a large amount of
personal customer records. Two independent researchers first discovered the
database, containing over 900 million records and reaching back nearly eight years,
and quickly contacted Whisper. The company then locked down the unrestricted
access. Though financial or personally identifiable information were not
included in the database, the app does track location data that could be used
to narrow down a specific user’s location to a home or place of work.
Online Shopper Records Leaked
Up to 8 million sales records were discovered in an
unsecured MongoDB
database that has been misconfigured for an undetermined amount of time.
The researcher who found the database quickly contacted the third-party
servicing company that managed the database and it was secured five days later.
The database contained roughly four million records pertaining to Amazon UK and
eBay alone, comprised mainly of payment and contact information for online
shoppers.
The post Cyber News Rundown: Paradise Ransomware appeared first on Webroot Blog.