Cloud Security News: Week in Review is our blog series, grabbing the more interesting cloud security scoops from the web. Sit back, relax, and catch up on all you should know about this week.
In this week’s security news, Facebook DM users were victims of a spam campaign serving up Eko malware via direct messages. Facebook is currently scanning and blocking these messages. Got Uranium? A “successful” attack on an unnamed UN nuclear power plant disrupted operations in an attempt to steal the nuclear substance. Lastly, retailer Vera Bradley is the latest victim of a potential payment hack. They notified customers that cards used during a certain time this summer may have been compromised by an unauthorized installation on their payment systems. The retailer is working to resolve the breach but the number of potentially affected is unknown. More details on the top security news below.
Softpedia News: Facebook DM Spam Campaign Targets French Users with Eko Malware
By Catalin Cimpanu (@campuscodi)
French Facebook users are targeted by the latest malware campaign delivered by direct messages within the social network. The message comes from a “friend” of the user, asking them if they are the person in a video. Users are then tricked into clicking the video and installing a Chrome browser extension masking an Eko malware. According to reports, the malware can inject ads in pages that the user visits as well as collect passwords and browser history.
By Charlie Osborne (@SecurityCharlie)
Since when does hacking put more than data at risk? The International Atomic Energy Agency (IAEA) says a nuclear power plant was hacked successfully three to four years ago in an effort to steal uranium. Agency director, Yukiya Amano, shared comments on the attack: “This issue of cyber attacks on nuclear-related facilities or activities should be taken very seriously. We never know if we know everything or if it’s the tip of the iceberg.”
By Robert Abel (@RobertJAAbel)
Nearly 5,500 affected in recent ransomware attack on the Hutchinson Community Foundation non-profit. According to the report, personal and financial information was compromised after clicking a file and finding the contents encrypted. The foundation didn’t pay the ransom and was able to restore data. However, Hutchison plans to notify those who had financial or sensitive data stored on the server and will be offering up to one year of free monitoring services.
The Wall Street Journal: Vera Bradley Reveals Payment-Card Hack at Retail Stores
By Anne Steele (@AnneMarieSteele)
Retailer Vera Bradley reveals potential hack of payment systems in retail stores over the summer. Some cards used between July 25 and September 23 may have been affected by the breach. Law enforcement was notified on September 15. In an investigation, the retailer found unauthorized access and installation of a program that gathered data from magnetic card stripes. Vera Bradley is working with a security firm as well as payment-card networks to resolve the breach and has advised those potentially affected.