A new Government Cybersecurity Act, #FacebookDown, a new Android threat called "SimBad," and more in This Week in Cybersecurity: where we highlight select top cyber security stories from each week and share them here. Don't forget to follow our daily blog for more in-depth cyber security and technology news.
If you would like to be the first to know about our Week in Cybersecurity reports and receive a FREE Webcam Cover, sign up here.
The Week of March 15th, 2019:
- An investigation by Checkpoint Software found that an aggressive Android adware campaign dubbed “SimBad” was deeply burrowed within over 200 apps in the Google Play store, totaling over 150 million downloads. These apps performed several attacks including spear-phishing attempts that would automatically hijack their mobile browser, pelt the user with ads, and hide the app details away so the user would have difficulty uninstalling the malicious app. The campaign was called “SimBad” due to how many of the apps that carried the adware were simulation games. (Ars Technica)
- Two important zero-day flaws have been resolved recently in Microsoft’s Patch Tuesday updates, one of which was an exploit within Google Chrome that could potentially lead to an intruder taking full control of the workstation. Other patches include an additional exploitable flaw in Microsoft Edge within Windows 10, and a critical XML bug that can lead to a major data breach when discovered. As with any Microsoft update, be sure to validate with your IT department for priority of update installation. (InfoSec Magazine)
- An Australian man has been arrested for allegedly selling over $200,000 in stolen login credentials online. Reportedly nearly 1 million account logins for websites such as Hulu, Netflix and Spotify were allegedly stolen through credential stuffing and sold through his website, WickedGen, an account generator site. This is just another example of why you should be using unique logins for all your accounts. (Engadget)
- Facebook, Instagram, and WhatsApp all suffered from what many consider its longest outage to date this week, but what really caused the outage? Nearly a day after feeds were in accessible and #FacebookDown was trending worldwide, FaceBook posted on their Twitter account (the irony, right?) that the outage was due to a “server configuration change,” not from a Denial-of-Service (DDoS) attack like many had suspected. (The Verge)
- The US Senate and House of Representatives are looking to push a bill to create a mandated security standard for IoT (Internet of Things) devices. Called The Internet of Things Cybersecurity Improvement Act, if passed IoT devices would need to pass a bare minimum requirement of security standards and IoT product vendors will need to have a “vulnerability disclosure policy” to create awareness of when the devices being used are open to malicious attacks. (CNET Security)
neoRhino’s Remote Managed Services and Advanced Security Packages are here so you can focus on your daily duties. You can relax knowing that we are here to protect you. Call us at (281) 779-4850 for a FREE consultation and we can help your business today.