A Week in Security (Apr 05 - 11)

A Week in Security (Feb 08 – 14)

A new old phish was back. Amazon. Instead of taking your credentials, it was asking for credit card information.

A supposed Facebook hack. Usually, they just want a link to the profile one wants to hack. How to get the password? Send an SMS.

AdwCleaner: a potent application that blocks ads. Online criminals banked on its popularity. Malwarebytes users are protected from the Trojan.

Notable news stories and security related happenings:

  • Marriott Hotels Hit by Credit Card Breach. “Several financial institutions recently uncovered fraud on credit and debit cards that were all recently used at Marriott hotels run by franchise operator White Lodging Services, according to investigative reporter Brian Krebs.” (Source: eSecurity Planet)
  • Nation-State Cyber Espionage, Targeted Attacks Becoming Global Norm. “New report shows 2014 as the year of China’s renewed resiliency in cyber espionage–with Hurricane Panda storming its targets–while Russia, Iran, and North Korea, emerging as major players in hacking for political, nationalistic, and competitive gain.” (Source: Dark Reading) 
  • Uber left its lost-and-found database open to anyone on the internet. “The Uber ride-sharing service is dogged by its fair share of controversies, and now another one has emerged which suggests – like many online companies before it – it has grown too big, too fast, and not had security embedded in its soul.” (Source: Graham Cluley’s Blog)
  • Corporate users hit with fake Microsoft email delivering sneaky malware. “A well-crafted and extremely legit-looking spam email campaign is currently targeting corporate users around the world, ultimately leading the victims to difficult-to-detect malware that downloads additional malicious programs on the target’s computer.” (Source: Help Net Security)
  • Most Android dating apps have severe security flaws, risking corporate secrets. “The majority of dating apps have serious security vulnerabilities that put user data at risk. And because people are online dating at work, those risks are passed onto their employer.” (Source: ZDNet)
  • How one man could have deleted any photo album he could see on Facebook. “…security researcher Laxman Muthiyah has revealed how he discovered he had the power to delete billions of images. If he was allowed to see it, he was allowed to delete it. Thankfully for Facebook’s 1.3 billion users Laxman’s moral compass was in fine working order that day. He reported the bug to Facebook as soon as he found it, netting himself a cool $12,500 USD bug bounty in return.” (Source: Sophos’ Naked Security Blog)
  • Scammers Pounce on Lovelorn Netizens Ahead of Valentine’s Day. “Security experts have reminded lovesick netizens to keep their wits about them on the web around Valentine’s Day, pointing out the growing volume of phishing and social media scams designed to con single men.” (Source: Info Security Magazine)

Safe surfing, everyone!

The Malwarebytes Labs Team