By Lauren Morley on Jul 30, 2019 10:24:00 AM
New cybersecurity threats like phishing attacks, ransomware, and scams are always popping up. Stay up to date on the latest widespread threats and protection methods in our recurring series.
Capital One data breach
On July 29th, Capital One announced a data breach affecting 100 million United States credit card customers and applicants, and 6 million in Canada. The breach began in March, and the attacker was found to be a woman in Washington State who had previously worked as a software engineer for Amazon Web Services where Capital One was storing the data. A misconfigured firewall allowed her to access the information, which was discovered when she attempted to share it online on GitHub.
The data included credit scores and limits, balances, payment history, contact and personal information, income, dates of birth, 140k social security numbers, 80k linked bank account numbers, 1 million Canadian Social Insurance Numbers, and fragments of transaction data from 23 days during 2016-2018.
The perpetrator is currently in custody and faces a five year prison sentence and a $250k fine if convicted.
What to do: If you are currently a Capital One customer or have applied for an account with them in the last few years, we recommend changing your password, adding two-factor authentication to your account, and keeping an eye on your statements. Capital One is also giving free credit monitoring and identity protection to everyone affected.
Sprint data breach
An undisclosed number of Sprint customers' details were taken by malicious actors due to a compromised feature on Samsung's website. The "add a line" service on Samsung.com was used by the attackers to gain information including customer phone numbers, device type and ID, monthly charges, account numbers and creation dates, names, billing addresses, services used, subscriber ID, and upgrade eligibility.
After discovering the breach, Sprint alerted affected customers and resecured accounts.
What to do: Whether you received a notice from Sprint or not, definitely change your account PIN and password. Set up credit monitoring if you don't have it already and keep an eye on your bills and card statements. While Sprint claims that the attackers will not be able to use the information to perpetuate fraud, they could easily use these details for an account takeover.
Mac malware disguised as Adobe Flash Player update
This new Mac malware, called CrescentCore, has been installing itself onto victims' computers through phony Adobe Flash updates on compromised websites.
It's sneaky, and can fool antivirus software and Apple's protections. "...one version of the malware installs 'LaunchAgent,' described as a 'persistent infection,' while another installs either 'Advanced Mac Cleaner' or a Safari extension."
What to do: In this day and age, you shouldn't install or use Flash Player any more. Any website that requires you to do so is outdated and insecure. Adobe is ending development and distribution of Flash Player by the end of 2020 anyway, and it's best to avoid using the problem-filled program early.
Fake LinkedIn phishing emails
Cybercriminals are increasingly sending fake LinkedIn emails that tempt the recipient into an action - accepting a connection request, reviewing a phony login alert or photo tag, checking out a birthday notification, reset your password, etc.
For many LinkedIn users, their email is simple enough to find or extract from the website. Attackers will craft messages appearing to come from LinkedIn and try to steal credentials and other information.
What to do: If you receive any message or alert that appears to come from LinkedIn, don't click anything from the email itself. Go to LinkedIn directly, you'll be able to see right away if it's a real notification or not. Same with any emails coming from a social media site. Social media phishing attacks have risen 75% in 2019 so always be cautious!
Comodo antivirus software vulnerabilities
Antivirus software Comodo, used by over 700k business customers, was found by researchers to be full of vulnerabilities that could allow attackers to gain compete control over the computer and even disable the antivirus.
While researchers discovered the vulnerabilities and reported them to Comodo on April 17th, they were not able to get a status update on fixes until June 7th. On July 8th the researchers requested another status update, but had not heard anything about a fix even at the July 22nd disclosure. Finally a Comodo spokesperson reported that no customers had been affected by the issues and that a fix would be released by Monday July 29th.
What to do: If you use Comodo antivirus and don't plan to switch, be on the lookout for their patch and make sure you update as soon as possible (and always keep your antivirus programs up to date!)
If you need some extra help identifying or protecting against any of these or other cybersecurity threats, let us know!