FaceBook cryptocurrency, LabCorp suffers from a data breach, a new Android AdWare threat, and more in This Week in Cyber Security: where we highlight select top cyber security stories from each week and share them here. Don't forget to follow our daily blog for more in-depth cyber security and technology news.

The Week of June 7th, 2019:

  • According to an upcoming whitepaper, FaceBook is looking to launch its own cryptocurrency in as early as 2020, giving its users an online payment system exclusive to the social media juggernaut. The concept of utilizing their own form of cryptocurrency is to provide an online payment system without fees or international transactions and be tied to a currency basket so its value can keep stability, unlike bitcoin. The plans also include installing physical ATMs for its cryptocurrency. Security for use of Facebook’s upcoming virtual currency will certainly be a concern, but what of a name? FaceCoin doesn’t have too bad of a ring to it. (TechCrunch)
  • The PHI (Protected Health Information) of nearly 20 million patients of LapCorb and Quest Diagnostics may be at risk, as both companies have been involved in a data breach of the AMCA (American Medical Collection Agency). AMCA’s payment system was compromised in August of 2018 but was not resolved until March 30, 2019, and 11.9 million of its customers may have been affected, as well as another 7.7 million patients of LabCorp. LabCorp also stated that nearly 200,000 people also had their bank account or credit card information skimmed. Thankfully, as of now, medical data and lab test results were not exposed. (Engadget)
  • A new type of Adware called BeiTaAD has been discovered in over 200 Google Play Apps. The clever adware is an advertising plug-in that hides itself in the app and forcibly dispalys ads on the user’s lockscreen, in which victims of BeiTaAD have reported that they were unable to interact with other apps or answer calls while the ad is playing, even if the device is in sleep mode. What’s even more dangerous about the attack is that it is so deeply burrowed that the ads would not appear until two weeks after the trigger application (in this case – Smart Scan) was launched. According to Lookout, more than 440 million Android users have installed these infected apps. (InfoSec Magazine / Lookout Security)
  • Two-Factor Authentication (2FA) is meant to provide an extra layer of security when logging in to a website or app to verify it is you behind the attempt, but a new form of phishing automation could be a major threat to 2FA. Two new tools – Muraen & NecroBrowser – utilize proxy-based tactics on fake websites to bypass 2FA protections, rather than a static attack, and instead of stealing login credentials, they harvest web session cookies from the real websites to access the accounts. The attacker could then take screenshots of emails, rogue forward emails to mailboxes, and initiate password resets, depending on the account. (CSO Online)

neoRhino’s Remote Managed Services and Advanced Security Packages are here so you can focus on your daily duties. You can relax knowing that we are here to protect you. Call us at (281) 779-4850 for a FREE consultation and we can help your business today.