A Week in Security (Apr 05 - 11)

A Week in Security (Dec 07 – 13)

Fake FIFA Twitter profiles are not something new to us. In fact, we’ve already written about them in several occasions here on Malwarebytes Unpacked. Malware Intelligence Analyst Chris Boyd discussed the latest campaign on the said social network that was first spotted by an independent researcher.

A spam campaign on deviantArt was also spotted and documented, which you can read here.

Senior Security Researcher Jérôme Segura dissected a phishing campaign abusing CloudFlare’s free SSL certificates.

Notable news stories and security related happenings:

  • Several Vulnerabilities Found in Google App Engine. “The researchers at Security Explorations say that they have found more than 30 vulnerabilities in the App Engine, some of which allow code execution and sandbox escapes.” (Source: Kaspersky’s Threatpost)
  • Yik Yak flaw let hackers deanonymize and take control of your account. “The problem starts with Yik Yak’s login process. The app requires only a user ID — no password. If you can figure out what a person’s user id is, you can gain access to their full account.” (Source: VentureBeat)
  • Powerful, highly stealthy Linux trojan may have infected victims for years. “Researchers have uncovered an extremely stealthy trojan for Linux systems that attackers have been using to siphon sensitive data from governments and pharmaceutical companies around the world.” (Source: Ars Technica)
  • ‘Inception’ malware, dropped clues have hacker experts stymied. “Blue Coat says the malware — nicknamed “Inception” after the complex dream heist movie starring Leonardo DiCaprio — has been attacking mainly Russian or Eastern European targets in the fields of diplomacy, energy and finance.” (Source: Stars and Stripes)
  • Data Sent Between Smartwatch And Smartphone Might Not Be Secure. “Only using tools available at the moment, the researchers discovered that they were able to brute force their way past the PIN obfuscating the Bluetooth connected between both devices. After doing so, the data moving back and forth between devices could be easily monitored.” (Source: UberGizmo)
  • Hacking Threatens Airline Safety: Aviation Chiefs. “Cyber crime is a serious threat to safety in the skies, aviation industry heavyweights said Wednesday, vowing to fight the growing scourge before it causes a catastrophic incident.” (Source: Security Week)
  • ‘Poodle’ Bug Returns, Bites Big Bank Sites. “Many of the nation’s top banks, investment firms and credit providers are vulnerable to a newly-discovered twist on a known security flaw that exposes Web site traffic to eavesdropping.” (Source: KrebsOnSecurity)
  • Researcher: ‘Lax’ Crossdomain Policy Puts Yahoo! Mail at Risk. “Milne, a Canadian security consultant, said Yahoo patched one issue related to a specific .swf file hosted on Yahoo’s content delivery network that contained a vulnerability that could give an attacker complete control over Yahoo Mail accounts cross origin, Milne said.” (Source: Kaspersky’s Threatpost)

Safe surfing, everyone!

The Malwarebytes Labs