Welcome to this week’s security review, which includes a detailed look at a new video scam sweeping Facebook with a worryingly high success rate; news of a record cash settlement over a hospital data breach; the return of a data-stealing malware dubbed Qbot; and an SMS phishing scam which is said to have targeted Apple customers due to their higher disposable income.
My video, My first video, Private video: Don’t fall for this Facebook scam
ESET’s Lukas Stefanko reported on a new Facebook scam that is having a high level of success around the world. It comes on the back of another similar scam, which tricks users into buying discounted Ray-Ban sunglasses. “This time, malicious links are disguised as a post on a timeline you were tagged in, or as a message sent to you via Messenger by a friend,” he explained. Using one of the titles ‘My first video’, ‘My video’, ‘Private video’ … it tags various people from a victim’s friend list and lures them into clicking on it.”
How do you protect your webcam?
After FBI director James Comey revealed that he covers his webcam with tape to protect his privacy, WeLiveSecurity asked the question: How do you protect your webcam? The results of a quick and ongoing poll revealed that Mr. Comey is not alone in deploying his seemingly unique solution. Presently, 40% of people state that they cover their built-in camera.
Medical data breach leads to a record cash settlement
A state court judge in California approved the highest ever per-plaintiff cash settlement, following a data breach in a hospital computer system. Two victims filed a class action lawsuit against the St. Joseph Health System (SJHS) after finding their medical records online during a routine search. The data breach case will cost the SJHS up to $28 million in total, with the plaintiffs receiving $7.5 million each.
Qbot returns: New strain of data-stealing malware detected
A new, updated strain of the data-stealing malware Qbot was identified by security researchers at BAE Systems. According to the company’s report, more than 54,000 computers have been infected across thousands of organizations, and the malware is both “harder to detect and intercept” than previous strains.
Scammers target Apple customers for bigger rewards
Apple customers are being targeted with a new phishing scam designed to harvest their personal information, it was revealed. Victims of the scam received an SMS message that linked to a fake Apple website which then asked them to provide their login credentials and credit card details. Independent security analyst Graham Cluley has suggested that the scammers “deliberately took advantage of people’s trust in the Apple brand,” while targeting its customers for their higher disposable income.
FDIC suffers ‘inadvertent’ data breach affecting 44,000 customers
A former employee of the Federal Deposit Insurance Corp. was able to breach the personal information of 44,000 customers, after leaving the agency with the data downloaded to a personal storage device. An internal memorandum revealed that the data was downloaded “inadvertently and without malicious intent,” but the incident again highlighted security weaknesses in federal cyber systems.