Welcome to this week’s security review, including the story of a DNS hijack that sets the victim's computer to use specific DNS servers, news of security breaches at Tumblr and Myspace, and security advice for parents in time for International Children's Day.
Catch up on all that and the rest of the week's security news below.
Crouching Tiger, Hidden DNS
“Working in customer care you get to see every kind of issue computer users can have,” James Rodewald, a malware removal support supervisor at ESET, noted in an engaging article. “This can lead to extremely interesting situations. One particularly noteworthy issue we are seeing is an interesting DNS hijack that sets the victim’s computer to use specific DNS servers.” What makes this particularly threatening is its ability to stay under the radar.
Children’s Day advice: The risks looming in cyberspace
As the world marked International Children’s Day, ESET’s Ondrej Kubovič had some timely advice on online safety for moms and dads who aren’t “digital natives”. Some of the threats highlighted by the security expert included malware, which he described as “one of the most prevalent risks online,” cyberbullying, grooming and information theft. He advised that parents invest in a security solution, as well as a parental control tool.
Network ELOFANTs and other insider threat insights
ESET's senior security researcher Stephen Cobb read through the Verizon Data Breach Investigation Report and echoed its warnings against stampeding ELOFANTs – Employees Left Or Fired, Access Not Terminated. He says: "Nobody wants to think ill of persons who have departed the organization — they could have been colleagues and friends — but the harsh realities of cybersecurity and human nature make these unterminated 'ghost accounts' a threat to your organization."
65 million Tumblr users should probably be careful…
After Tumblr announced last month that it had experienced a security breach back in 2013 – although only recently discovered – Graham Cluley was keen to highlight what the micro-blogging platform had failed to mention. He said: “[It] didn’t say just how many Tumblr users were impacted by the breach. Furthermore, Tumblr didn’t underline the importance of ensuring that the new passwords chosen by Tumblr users should be unique and not used anywhere else on the web.”
Nearly all phishing emails now contain ransomware
A new phishing report has found that up to 93% of scam emails now contain ransomware. The number of phishing emails – containing ransomware or not – rose to 6.3 million in Q1 2016, representing a 789% increase over Q4 2015. The rise of ransomware is most intriguing, though, given that it was found in as little as 10% of phishing emails for most of last year.
Myspace data breach: 360 million accounts affected
The former social network giant Myspace revealed that it had been the victim of a major data breach, which, like the incident at Tumblr, was not a recent occurrence. It is believed that up to 360 million accounts have been affected, making it the “largest yet”. Myspace said that all accounts that had been set up prior to 2013, when its website underwent a revamp, have had their passwords invalidated.
How to delete your smartphone data securely before selling your device
Understanding how to delete your smartphone data before selling your device is important if you want to protect your privacy and keep information secure. ESET's Denise Giusto Bilić looks at both Android and iOS devices, advising how to best prepare your smartphone for sale.