A Week in Security (Jun 8 – 14)

Here’s a review of last week’s posts on Malwarebytes Unpacked:

“For Security Purposes, Your Account has been Locked” Barclays Phish (Fraud/Scam Alert) Clients of Barclays may be in for a surprise once they receive a fake email from their bank, stating that they need to follow a link on the message body in order to restore it. Clicking links on mails is a bad enough practice, but not being able to detect fraud upon seeing that the domain is not the bank’s is worse.
Twitter’s Bane: Bad Bots (Social Engineering) This blog spotlighted on one of the most prevalent problems on Twitter: socialbots. Unlike other online threats we encounter and continue to see on the social platform every now and again, bots present a unique threat and may have the power to sway opinion or be influential enough to be win favours from other users.
Senpai has noticed me (and swiped my login) (Security Threat) Mangatrader(dot)com, a popular manga site where users can read Japanese comics online for free, was hacked last week.
Prank URL Shortening Service is Good Security Basics Reminder (Online Security) A new short URL service recently made waves for allowing users to create an imitation of actual sites in order to prank friends or get back at enemies. Malware Intelligence Analyst Chris Boyd gave us a refresher on how to handle short URLs, the smart way.
Introducing Malwarebytes Anti-Exploit (Malwarebytes News) Malwarebytes CEO Marcin Kleczynski announced on Thursday the release of our latest product, Malwarebytes Anti-Exploit (MBAE). Oh, did we mention that Mr. Kleczynski won the Entrepreneur of the Year in the Emerging category, too?

Congratulations, Marcin!*
Phishing Domain Poses as Twitter Verification Site (Fraud/Scam Alert) We took a good look at a Web page claiming to verify Twitter user accounts. Not only was it a phish, but a likely believable “service”, too.

Top news stories:

The Bitcoin App That Could Create a Black Market for Leaked Data. “Whistleblowers like Chelsea Manning and Edward Snowden exposed classified information because they believed their leaks were in the public interest. The next secret-spiller might be motivated instead by something less magnanimous: money.” (Source: Wired)
Targeted Attack Methodologies for Cybercrime. Our friends at Trend Micro released a whitepaper that discussed why cybercriminals adopt to certain methodolodies. They used two case studies to illustrate their points. (Source: TrendLabs Security Intelligence Blog)
Red Button Flaw Exposes Major Vulnerability In Millions of Smart TVs. “Red Button” is a type of man-in-the-middle attack that captures incoming digital signals to smart TVs in order to inject a piece of code into it to serve a hacker’s malicious purpose. This can also be thought of as “a particularly insidious descendant of the signal injections of the early days of cable TV”. (Source: Forbes)
TweetDeck Scammers Steal Twitter IDs Via OAuth. The vulnerability in question also led to the propagation of a single tweet, which contained a JavaScript (JS) command that lets TweetDeck automatically retweet it to victims’ followers. TweetDeck later reported that the security issue has been mitigated. (Source: Dark Reading)
New Apple iOS to help fanbois thwart Wi-Fi network spies. Apple is on the offence (or is it defence?) after announcing that the new iOS 8 will make information collection challenging for marketers, advertisers and others who are after user data. (Source: The Register)
World Cup Brazil 2014: How cybercriminals are looking to score. The 2014 FIFA World Cup officially began last week, and with it, the anticipation of encountering online threats banking on the popularity of this prestigious event. Our friends at Kaspersky Labs gave us a heads up on what these threats may be. (Source: Help Net Security)
Chinese cyberspies targeting U.S, European defense, space sectors. Following Mandiant’s footsteps, researchers at CrowdStrike named another cyberespionage group or APT threat actor from China that was found to be after information from key industries in the U.S. and Europe. They’re dubbed as Putter Panda. (Source: CSO)