A Week in Security (Aug 24 – 30)

A Week in Security (Aug 31 – Sept 06)

Here’s a review of last week’s posts on Malwarebytes Unpacked:

Top news stories:

  • Malware Bypasses Chrome Extension Security Feature. Our friends at Trend Micro found a downloader malware from a link that was distributed on Twitter bearing the words “Download this video, Facebook Secrets” and a fake Flash Player extension for Chrome. (Source: Trend Micro’s Security Intelligence Blog)
  • Hacker breached HealthCare.gov website, planted malware on “ObamaCare”. Criminals and other individuals with potentially malicious intent have been hammering the said .gov site since it went public in October 2013. Its hacking, which did not lead to the compromise of client information (thankfully), was not something unexpected for some security folks. (Source: Graham Cluley Blog)
  • Brazilian, U.S. Web Users Targeted by Router-Hacking Group. “Criminals use Javascript to brute-force guess a user’s router password, change DNS settings and redirect victims to a banking scam.” (Source: eWeek)
  • Celeb nude photos now being used as bait by Internet criminals. Online criminals continue to bank on the celebrity nude hacking involving famous celebrities as lure to install potentially nasty stuff onto systems. The latest find was distributed on Twitter and Facebook and was marketed as a sex “video” of actress Jennifer Lawrence. (Source: Ars Technica)
  • VirusTotal mess means YOU TOO can track Comment Crew! “Security researcher Brandon Dixon has used Google’s VirusTotal malware analysis tool to spy on what he claims are state-sponsored Chinese and Iranian elite hacking crews.” (Source: The Register)
  • Data: Nearly All U.S. Home Depot Stores Hit. Brian Krebs revealed that credit and debit card breaches at Home Depot affected almost all of its stores nationwide. Stolen card details were being sold on a cybercrime store. (Source: Krebs on Security)

Stay safe!

The Malwarebytes Labs Team