A Week in Security (Nov 30 – Dec 06)

After Thanksgiving, almost everyone already knew what was next: Black Friday. A day before it kicked off, Senior Security Researcher Jérôme Segura discovered fake sites claiming to be official online sales sites for brands like Gucci. Threats like this are expected to be visible until Cyber Monday.

Security Researcher Armando Orozco found and discussed certain apps on the Google Play Store infected with the Ramnit Trojan, a file infector.

Notable news stories and security related happenings:

Sony Got Hacked Hard: What We Know and Don’t Know So Far. “It’s unclear when the hack began. One interview with someone claiming to be with Guardians for Peace said they had been siphoning data from Sony for a year.” (Source: Wired)
Asprox Operators Have Started Recruiting for a Larger Botnet. “The attackers use bait that is most likely to be taken by unsuspecting users, as they rely on the names of big US retailers to trick them into clicking on malicious links.” (Source: Softpedia)
Android ‘DeathRing’ malware being pre-loaded on cheap smartphone. “For the second time in a year, Chinese-made Android smartphones have been discovered pre-flashed with malware, this time a Trojan security firm Lookout Mobile has ominously dubbed ‘DeathRing’.” (Source: TechWorld)
Warning over fake Bitcoin Foundation sites scamming cryptocurrency users. “Fraudsters are targeting Bitcoin users with phoney The Bitcoin Foundation websites and sending potential victims to a fake Bitcoin wallet designed to phish their credentials.” (Source: ZDNet)
Planes, Trains & Automobiles—Are You Safe From PoS Malware Anywhere? “PoS malware have been mostly constrained to retailers and merchants, but it now looks like PoS malware have branched out from shopping malls to airports, metro stations, and parking lots.” (Source: Trend Micro TrendLabs Security Intelligence Blog)
Building a Safer Twitter. “In the coming months, you can expect to see additional user controls, further improvements to reporting and new enforcement procedures for abusive accounts.” (Source: Twitter Blog)
The Real Cost of Cyber Incidents, According To Insurers. “Healthcare is hit by the most malicious insiders and the highest legal costs, according to a NetDiligence report.” (Source: Dark Reading)