Weekly Cyber Security News
Welcome to Astria’s blog and our recently refreshed Weekly Cyber Security News segment. In these posts we’ll share with you some of the most interesting and relevant pieces of cyber security news that we find. We wish to provide you with a valuable resource to keep you informed of vulnerabilities and solutions for your business.
1. We Live Security: “Fruitfly malware spied on Mac users for 13 years – man charged”
An Ohio man has been charged with creating and using the “Fruitfly” malware that infected thousands of Macs. The malware was used to remote control victim’s computers, access files on the computer, and otherwise spy on them. It could track keys pressed and grab screenshots without the victim’s awareness— A perfect tool for identity theft and blackmail. But the most interesting claim is that this malware went undiscovered for about 13 years.
It’s an important reminder to Mac users. People are often told that Macs do not get infections and that they are immune to malware, but unfortunately that is not the case. While fewer viruses are written for Mac computers, it is still very important to make sure they are defended. A proper layered security approach can detect problems like these and prevent loss of data. Ask us about how to start securing your Apple systems.
2. CSO Online: “Hardcoded backdoor in 12 Western Digital My Cloud NAS devices”
If you use a Western Digital My Cloud storage device, you may need to update the device’s firmware. Last week, a Gulftech security researcher named James Bercegay announced that at least 12 models of these backup devices were vulnerable to attack. A back-door in the external hard drives allows attackers to access the files on the drive or even to permanently delete them.
Thankfully, Western Digital has a patch available. If you use one of the affected devices, please patch your firmware as soon as possible. The article has a full list of affected products.
3. Krebs On Security: “Phishers Are Upping Their Game. So Should You.”
Our last article is a little older, but still important. By now, many people are familiar with phishing. Attackers attempt to trick you into giving them your account information or into downloading malware by disguising their attack as a real website or email. But phishers are improving their attacks with secure encrypted websites and design work that matches the companies they mimic.
According to the article, 25% of phishing websites now use “https” to appear more genuine. This means if you simply check for the green lock to determine if a website is safe, you could end up fooled by a phisher. In addition, phishers now use more genuine appearing domain names and craft their emails with more care. Fewer and fewer phishing messages contain the clear spelling mistakes that used to give them away, making it even more important to be aware of them.
The article provides ways to spot phishers are are worth looking in to. But the best suggestion is to stay calm. Phishing attacks rely on users panicking and rushing into their nets. If you keep calm and double check things before diving in, you can often avoid phishing headaches.