Newegg e-commerce site victimized, a warning about phone mobile bank apps and a digital currency theft from an exchange.
Welcome to Cyber Security Today. It’s Friday September 21st. To hear the podcast click on the arrow below:
Have you bought anything online from the electronics retailer Newegg in the last couple of weeks? There’s a chance credit card information you entered when making a purchase was captured by criminals. That’s according to two security vendors who said this week they found evidence the Newegg web site was compromised with malicious code. The technique used was the same in the British Airways hack I told you about last week: The code skims off information from web site forms and sends it to a web site controlled by hackers. Consumers who bought something from Newegg.com between mid-August and September 18th should watch their credit card statements for suspicious purchases. Meanwhile e-commerce site administrators need to tighten their web site security to keep attackers from infiltrating their pages.
Mobile banking through your smart phone is convenient, but watch out where your banking app comes from. Security researchers at ESET have discovered fraudulent banking apps in the Google Play Store masquerading as legitimate apps from banks in Australia, New Zealand, Britain and other countries. Phony apps steal your passwords and money. Only download a bank app from a bank web site.
Digital currencies like Bitcoin and Etherium are attracting a lot of people who think they make buying and selling things online easier than using government-backed currencies. Investors think they can make easy money buying cryptocurrencies that are leaping in value. But digital currencies are also attractive to criminals. Recently they’ve been raiding digital currency exchanges. Yesterday it was revealed that hackers stole the equivalent of $60 million worth of cryptocurrencies from a Japanese digital currency exchange. So far this year over $1 billion has been stolen from exchanges, including $580 million from another Japanese exchange. I’m not a fan of digital money, but if you feel you have to buy make sure you put it in a secure digital wallet that isn’t always connected to the Internet – what’s called a hot wallet. Hot wallets may be good for making fast sales, but they are open to being hacked. Offline wallets, also called cold wallets, are safer. And don’t give away your passwords.
Finally, more good news from U.S. courts: After pleading guilty and co-operating with the FBI, three Americans who created the Murai botnet have been fined, forced to give up cryptocurrency and sentenced to five years probation. As part of their sentence the three have to continue co-operating with law enforcement. The Murai botnet assembled a huge number of Internet-connected consumer routers and home digital video recorders to spread malware. Unfortunately one of the group posted the source code for the Murai botnet, so criminals have copied it to set up their own versions and continue spreading malware.
That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Play, or add us to your Alexa Flash Briefing. Thanks for listening.