Welcome to this week’s security review, which
includes a detailed look at a new video scam sweeping Facebook with a
worryingly high success rate; news of a record cash settlement over a hospital
data breach; the return of a data-stealing malware dubbed Qbot; and an SMS
phishing scam which is said to have targeted Apple customers due to their
higher disposable income.
My video, My first video, Private video: Don’t fall
for this Facebook scam
ESET’s Lukas Stefanko reported on a new Facebook scam that is having a high level of
success around the world. It comes on the back of another similar scam, which tricks users into buying
discounted Ray-Ban sunglasses. “This time, malicious links are disguised as a
post on a timeline you were tagged in, or as a message sent to you via
Messenger by a friend,” he explained. Using one of the titles ‘My first video’,
‘My video’, ‘Private video’ … it tags various people from a victim’s friend
list and lures them into clicking on it.”
How do you protect your webcam?
After FBI director James Comey revealed that he
covers his webcam with tape to protect his privacy, WeLiveSecurity asked the
question: How do you protect your webcam? The results of a quick and
ongoing poll revealed that Mr. Comey is not alone in deploying his seemingly
unique solution. Presently, 40% of people state that they cover their built-in
camera.
Medical data breach leads to a record cash
settlement
A state court judge in California approved the highest ever per-plaintiff cash settlement, following a
data breach in a hospital computer system. Two victims filed a class action
lawsuit against the St. Joseph Health System (SJHS) after finding their medical
records online during a routine search. The data breach case will cost the SJHS
up to $28 million in total, with the plaintiffs receiving $7.5 million each.
Qbot returns: New strain of data-stealing malware
detected
A new, updated strain of the data-stealing malware
Qbot was identified by security researchers at BAE Systems. According to the
company’s report, more than 54,000 computers have been infected across thousands
of organizations, and the malware is both “harder to detect and intercept” than
previous strains.
Scammers target Apple customers for bigger rewards
Apple customers are being targeted with a new phishing scam
designed to harvest their personal information, it was revealed. Victims of the
scam received an SMS message that linked to a fake Apple website which then
asked them to provide their login credentials and credit card details.
Independent security analyst Graham Cluley has suggested that the scammers
“deliberately took advantage of people’s trust in the Apple brand,” while
targeting its customers for their higher disposable income.
FDIC suffers ‘inadvertent’ data breach affecting
44,000 customers
A former employee of the Federal Deposit Insurance
Corp. was able to breach the personal information of 44,000 customers, after
leaving the agency with the data downloaded to a personal storage device. An
internal memorandum revealed that the data was downloaded “inadvertently and
without malicious intent,” but the incident again highlighted security
weaknesses in federal cyber systems.