Cybersecurity Weekly: Amazon implements Ring 2FA, WordPress trojan-infected themes, AdSense email extortion

February 24, 2020 by Sam Fay

Amazon enables mandatory 2-factor authentication following recent Ring hacks. 20,000 WordPress websites were infected through trojan-infected themes. A new email extortion scheme threatens to ban Google AdSense ads. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. Ring makes 2-factor authentication mandatory following recent hacks

Following several recent incidents involving hackers gaining access to people’s Ring doorbell and security cameras, Amazon announced to make two-factor authentication mandatory for all Ring users. The company also added a notification for Ring accounts that alerts users anytime someone successfully logs into their account from a new device or browser.
Read more »

2. Like of the year phishing scam found in the wild

Cybersecurity researchers discovered a large-scale ongoing fraud scheme that lures unsuspecting internet users with promises of financial rewards to steal their payment card information. In addition to sending emails, the attackers also delivered the phishing messages by sending cash prize alerts as Google Calendar events.
Read more »

3. WhatsApp phishing URLs skyrocket with over 13,000% surge

WhatsApp’s 5,020 detected unique phishing URLs made it the 5th most impersonated brand in phishing attacks in 2019. The other two social media brands in the top 25 brands used as bait in phishing attacks are Facebook, which took the second spot at the top, and Instagram, which rose up to the 13th spot.
Read more »

4. 20,000 WordPress websites infected through trojanized themes

An active supply chain campaign infected 20,000 websites since late 2017 via malicious WordPress themes and plugins. Security researchers believe that the number of infected sites is much higher, “potentially in the hundreds of thousands.” Once a victim uploads a trojanized theme, the attackers gain full control over the server.
Read more »

5. New Joker clicker found in Google Play Store

Security researchers discovered four new samples of the Joker malware in the Google Play Store recently, in apps with a cumulative installation count higher than 130,000. The malware was hidden in camera, wallpaper, SMS, and photo editing software. Joker’s developer frequently adapts the code to remain undetected.
Read more »

6. Email extortion scheme threatens to ban Google AdSense ads

A new email-based extortion scheme is currently making the rounds, targeting website owners serving banner ads through Google’s AdSense program. In this scam, the fraudsters demand bitcoin in exchange for a promise not to send junk traffic to trip Google’s automated anti-fraud systems and suspend the user’s account.
Read more »

7. Hackers share stolen MGM Resorts guest database with over 10 million records

An archive containing over 10 million guest records at the MGM Resorts hotels is currently available for free on a hacking forum. The data comes from a security breach in July 2019 on one of MGM cloud services. The database contains details of high-profile guests, such as Twitter CEO Jack Dorsey, Justin Bieber, and some U.S. government officials.
Read more »

8. U.S. Government warns critical industries after ransomware hits gas pipeline facility

The U.S. Department of Homeland Security issued a warning to all industries operating critical infrastructures about a new ransomware threat that could have severe consequences. This comes in response to a cyberattack that employed a spearphishing campaign to deliver ransomware to the company’s internal network.
Read more »

9. Google bans 600 Android apps from Play Store for serving disruptive ads

Google banned 600 Android apps from the Play Store for bombarding users with disruptive ads and violating its advertising guidelines. The removed apps had racked up a cumulative 4.5 billion installations. Google also forged an App Defense Alliance partnership with cybersecurity firms to more effectively police the Play Store.
Read more »

10. New Mexico sues Google for mining children’s data

In a lawsuit filed last week, New Mexico Attorney General Hector Balderas stated that Google is allegedly attempting to bypass the Children’s Online Privacy Protection Act through Google Education to mine the data of the students who use it. Google argues that the schools must obtain parental consent before allowing students to create an account on the platform.
Read more »

Posted: February 24, 2020
Sam Fay
View Profile