A Week in Security (Apr 05 - 11)

A Week in Security (Feb 01 – 07)

Senior Security Researcher Jérôme Segura found significant threats last week. On one hand, there was a fake Google Chrome update that drops a nasty ransomware; on the other hand, there was another 0-day spotted for Adobe’s Flash Player, making it the third found these past few days.

Want to learn about CAPTCHA and botnets? Security researcher Pieter Arntz provided us with just these.

Steam users are usually targeted by phishers using fake Steam Community pages. This latest find by Security Researcher Chris Boyd used a fake Steam domain to serve equally fake Razer Comms content. You can read more about it here.

Notable news stories and security related happenings:

  • BMW Update Kills Bug In 2.2 Million Cars That Left Doors Wide Open To Hackers. “German car manufacturer BMW has issued a security patch over the air to its vehicles, after the emergence of a vulnerability that would have allowed hackers to open doors using just a mobile. BMW, Rolls-Royce and Mini vehicles were all affected as the problem was resident in the Connected Drive service, which allows drivers to control functions like doors and infotainment from their smartphones, according to German driver association ADAC.” (Source: Forbes)
  • Target Hackers Hit Third Parking Service. “Book2Park.com, an online parking reservation service for airports across the United States, appears to be the latest victim of the hacker gang that stole more than a 100 million credit and debit cards from Target and Home Depot. Book2park.com is the third online parking service since December 2014 to fall victim to this cybercriminal group.” (Source: Krebs on Security)
  • Raptr hacked, user info and passwords compromised. “Gaming social networking site Raptr is the latest victim of hackers. Dennis Fong, the company’s founder and CEO, announced that they have had a break in and that user data may have been compromised.” (Source: Help Net Security)
  • File-Encrypting Malware Poses as Google Chrome Update. “A new wave of spam linking to file-encryption malware Critroni aims at tricking unsuspecting recipients into believing that an update for Chrome web browser is due and that it is available at the online location provided in the message.” (Source: Softpedia)
  • Admin alert: Twice as many digital certificates used to sign malware reported in 2014. “By the end of 2014, the company’s antivirus database included more than 6,000 of these certificates. Considering the increase in threats related to signing malicious files, Kaspersky experts advise system administrators and users not to trust digital signatures without question, and not to allow signed files to launch purely on the strength of the signature.” (Source: First Post)
  • Malicious ads on major sites compromise many computers. “Several security vendors have documented attacks involving malicious advertisements, which automatically redirect victims to other websites or pages that silently attack their computers and install malware.” (Source: ComputerWorld)
  • New Banking Trojan Targets Android, Steals SMS. “Researchers at zScaler spotted the as yet unnamed Trojan circulating as 888.apk. Like many types of malware that came before it, at least for the moment, the Trojan appears to be targeting Chinese Android users.” (Source: ThreatPost)
  • Malware targets users seeking info on Islamic State group. “The Tokyo-based Cyber Defense Institute said Wednesday that several Arabic-language blogs offering apparently independent analysis of issues around the Islamic State contain hidden code which gets injected into the user’s computer when the text is translated using an automated online translation tool. Japanese and English are two translation languages in which this is known to happen.” (Source: The Japan Times)

Safe surfing, everyone!

The Malwarebytes Labs Team