Last week, Senior Security Researcher Jérôme Segura reviewed the top threats we encountered and witnessed in 2014, which include data breaches, 0-day exploits, malvertising, tech support scams, mobile malware, and targeted threats aimed at the gaming community. Segura also predicted possible threats we may likely see in 2015, one of which involving the Internet of Things (IoT).
Speaking of tech support scams, Windows users aren’t the only ones being targeted by them now. In a more recent post, Segura revealed that scammers targeting Mac OS users were on the uptick.
Notable news stories and security related happenings:
- SoakSoak Malware Compromises 100,000+ WordPress Websites. “Google has blacklisted over 11,000 domains with this latest malware campaign from SoakSoak(dot)ru” (Source: Sucuri Blog)
- Stolen identities cost more than money. “As soon as Mark Kim found out his personal information was compromised in a data breach at Target last year, the 36-year-old tech worker signed up for the retailer’s free credit monitoring offer so he would be notified if someone used his identity to commit fraud. Someone did.” (Source: News Journal dot Com)
- New Crypto-Ransomware Uses Next-Gen Encryption. “The campaign spreads via malvertising, or malicious Web ads that can infect your PC when you click on them, or even just let them load onto your Web browser.” (Source: Tom’s Guide)
- Two newcomers in the exploit kit market. “This year we witnessed attempts from developers behind the Rig, Null Hole and Niteris exploit kits, as well as those who started Astrum and Archie.” (Source: Help Net Security)
- Price Tag Rises For Stolen Identities Sold In The Underground. “Counterfeit identities are the new hot product to support fraud — new fake identity kits, passports, Social Security numbers, utility bills, and driver’s licenses.” (Source: Dark Reading)
- Debunking The Biggest Cyber Security Myths for Businesses. “With so much attention being paid to security, there’s a lot of information floating around—some of it not in the least bit true. If a company wants to enhance their IT security, it pays to separate the facts from the fiction.” (Source: Tripwire’s State of Security Blog)
- This Linux grinch could put a hole in your security stocking. “Named after the proverbially grumpy Dr. Seuss character, the grinch vulnerability could affect all Linux systems, potentially providing attackers with unfettered root access…” (Source: CSO Online)
- Google starts blocking badly behaving Gmail extensions. “How to deal with untrustworthy third-party add-ons that could endanger your own users? Prevent them from loading – if you can.” (Source: Help Net Security)
Happy Holidays, everyone, and as always, safe surfing!
Malwarebytes Labs