This Week in Hacker News...
August 19th, 2016 EditionOur weekly recap series to bring you up-to-date on all the latest in malware, data breaches, and hacking news from the previous week. If we miss any stories that you think should have been included, be sure to let us know in the comments below!Why you’re suddenly getting all those spammy Facebook invites for ‘Ray-Ban charity sales’
The scam is simple, explained Lukas Stefanko, a malware analyst for the security firm ESET: People set up fake Ray-Ban Web stores, and then promote those stores through Facebook events advertising discounts on behalf of unnamed “charities.” Ray-Ban makes a good hook, since the brand is popular, globally known and inexpensive relative to other luxury goods. And Facebook events, shared by hacked or malware-compromised accounts, make an excellent promotion vehicle. People love their sunglasses and trust their friends, so many click into the promoted Web store and order when they wouldn’t have otherwise. They never actually get any Ray-Bans, of course, and their credit card may be compromised.
Read More: http://gplnk.co/2b77F9IMalwarebytes reports new OS X malware that could easily fool less technical users
Malwarebytes has discovered a previously unknown piece of Mac malware which relies on a naive user approving a request to install Advanced Mac Cleaner on their machine, but doing so also installs a second app known as Mac File Opener. An Info.plist file within the app defined a list of 232 different file types that it claimed to be able to open. If a user tries to open a file for which they don’t have a corresponding app, it will be opened by Mac File Opener which then presents a reasonably convincing fake version of the normal OS X dialog box advising that no suitable app is installed. The fake dialog box links to the macfileopener[dot]com website, which downloads other junk PCVARK apps, such as Mac Adware Remover or Mac Space Reviver. All the apps have a valid, Apple-provided developer certificate, so OS X will happily install them without any warning.
Read More: http://gplnk.co/2b76I12Malware Turns Servers into Cryptocurrency Mining Engines
According to Dr. Web, a Russian software retailer, Linux.Lady uses Google’s Go programming language and targets Redis servers that lack passwords from systems administrators. Dr. Web claims the malware can collect information about an infected computer and send it to the C&C server, download it and launch a cryptocurrency mining utility, then attack more computers on the network.
Read More: http://gplnk.co/2b76OpwCredit Card Info exposed by POS Malware at some Starwood and HEI Hotels
The malware affected a total of 12 Starwood hotels, six Marriott resorts, and one location of Hyatt and Intercontinental each. Those properties are located around the United States, with many based in large cities and popular tourist destinations. According to its "Notice of Data Breach" letter, the company first found out about the breach after its card processor said it had detected suspicious activity on HEI customers' payment cards. The hotel chain launched an investigation into the incident and found that malware had compromised some of its POS systems.
Read More: http://gplnk.co/2b76DdFBon Secours says data breach affects 655,000 patients
Reimbursement specialist R-C Healthcare Management, a business associate under HIPAA, left personal information of more than 650,000 Bon Secours patients – including names, insurance identification numbers, banking information, social security numbers and some clinical data – exposed on the internet for four days this spring.
Read More: http://gplnk.co/2b77YS7Pokemon Go Ransomware Behaves Like A Malware Hybrid
This week a new Hidden-Tear ransomware appeared that impersonates a Pokemon Go application for Windows and targets Arabic victims. The ransomware includes a backdoor Windows account, spreading the executable to other drives, and creating network shares. It also appears that the developer is not done yet, as the source code contains indications that this is a development version. This Hidden-Tear ransomware is either the cutting edge or class clown of the malware world. Generally, people build ransomware to extract money and leave no traces. Hidden-Tear behaves like a malware hybrid that encrypts files and asks for ransom, but attempts to spread in ways normally associated with a virus.
Read More: http://gplnk.co/2b76YgFSage data breach highlights the risk of the insider threat
Security firm the Antisocial Engineer has been in contact with Sage and said a company insider was the prime suspect. Because Sage’s software handles payroll data, the company has information on their client’s employees, including addresses, insurance numbers, bank account details, the Antisocial Engineer said. Sage didn’t immediately respond to comment about the arrest. But security experts say the breach underscores the danger of data theft from company insiders. To protect their systems, companies need to reconsider offering employees unrestricted access to valuable data.
Read More: http://gplnk.co/2b780ZTEddie Bauer Is Latest Retailer Infected w/ Data Breach Malware
The outdoor clothing and accessories retailer Eddie Bauer is the latest victim of point-of-sale malware to admit that its customers’ card details may have been stolen. Eddie Bauer’s terminals were infected in its 350-or-so stores in the U.S. and Canada on various dates between January 2 and July 17 of this year. Since it discovered the infection, it said, it has strengthened its security.
Read More: http://gplnk.co/2b76OWpWikiLeaks hosts hundreds of malware files in email dumps
WikiLeaks is reportedly hosting over 300 malware samples among the website's cache of leaked emails. Antivirus scans provided by VirusTotal show that the malware being hosted by WikiLeaks includes various Trojans, Windows exploits, and Java-based malicious code.
Read More: http://gplnk.co/2b76jvPWe would love to hear your thoughts on these or other recent news stories in the comments below!SIMPLY BETTER BACKUP+Dropsuite
helps businesses stay in business by enabling SMEs to easily backup, recover and protect their digital assets. Learn more on our website: http://gplus.ly/1Utplzy#malware #hackers #databreach #security #DDoS