A Week in Security (Apr 05 - 11)

A Week in Security (Feb 15 – 21)

Last week, our experts found Web threats involving popular names in technology, gaming, media, and the adult entertainment.

Security Researcher Christopher Boyd encountered fakeouts festooned all over YouTube, claiming to activate Windows 10, the latest OS from Microsoft. Most of the activation tools were detected as PUPs.

Boyd also found rogue tweets on Twitter baiting whoever is interested in Evolve, the new, highly anticipated co-op published by 2K Games, of a certain cheat file called Evolve PC Monster FireHide Hack v1.0. It is actually a Trojan that MBAM detects as Trojan.MSIL.Agent.

Speaking of games, Security Researcher Jovi Umawing discovered a quite rare phishing campaign that targets accounts of Japanese gamers who have profiles under Square Enix. The phishers specifically used Dragon Quest X as lure.

Senior Security Researcher Jérôme Segura came across an infection via malicious code injection on the official website of renowned British celebrity chef, Jamie Oliver. Segura found that visiting the site launches exploits targeting vulnerabilities on Adobe Flash, Silverlight, and Java.

Segura also touched on Superfish, the infamous software that comes installed on certain Lenovo laptop models at a certain time. He also provided solutions for users with affected hardware to refer to in order to safely remove the file and its certificate from their systems.

Lastly, the Malwarebytes Labs team unearthed a compromise on RedTube, a top adult entertainment site. It was injected with a rogue iframe that directs visitors to the download and execution of an Angler exploit kit variant. The said EK targets Flash and Silverlight vulnerabilities.

Notable news stories and security related happenings:

  • Chinese Hackers Compromised Forbes.com Using IE, Flash Zero Days. “Researchers with Invincea and iSIGHT Partners worked in tandem to dig up information about the group, which was able to compromise a part of Forbes.com’s website that appears to users before they’re ported over to articles they’ve clicked on. That portion of the site, Forbes.com’s Thought of the Day, is powered by a Flash widget.” (Source: Threat Post)
  • IT professionals admit to downloading work apps for personal use, and ignoring security policies. “According to a survey of 1,000 consumers by CloudLock, 67 per cent of IT professionals and administrators have downloaded an application that they use for work on a personal device such as a phone, laptop, or tablet while 29 per cent have knowingly ignored a security policy/best practice in order to do their job.” (Source: IT Security Guru)
  • Microsoft adopts international standard for cloud privacy. “The company said Monday it was adopting the ISO/IEC 27018, published last year by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), which outlines a common set of security categories and controls that can be implemented by a public cloud computing service provider acting as a processor of personally identifiable information.” (Source: CSO Online)
  • C-93 Virus Alert Email from Microsoft is a Phishing Scam. “In reality, this email is nothing else but another Phishing scam. No traces of a virus have been detected in your mailbox and Outlook is not responsible for sending this email either. All claims made in this fake email are untrue.” (Source: HackRead)
  • Banking bosses say a cyber attack is among their biggest fears. “Of the 175 bosses polled by PwC, 79pc said they were concerned or extremely concerned about cyber threats affecting their company’s growth prospects. This compares to 61pc of chief executives across all industries who said they were worried about online attacks.” (Source: The Telegraph UK)
  • How a single email can badly break your Android email app. “Security researcher Hector Marco has uncovered an interesting attack that can be launched against users of some versions of the stock Android email app.” (Source: Graham Cluley’s Blog)
  • Scammers using obituary notices to acquire new victims. “Everyday, email-based scams circulate the Web targeting users of services such as iTunes, Amazon, PayPal, and Google. Some are more focused, targeting customers of a certain bank; or those impacted by a recent data breach. But there’s another level of attack that’s harder to defend against, as no one truly expects them – targeted attacks.” (Source: CSO Magazine)
  • Twitter’s new tool should stop password sharing and help fend off hijackings. “On Tuesday, the company introduced a new feature, called TweetDeck Teams, that lets users share Twitter accounts without having to share passwords.” (Source: Sophos’ Naked Security Blog)
  • Beware of fake Facebook “Copyright Violations” warnings. “The scammers are using Facebook’s color scheme, and the icons of the legitimate “Facebook Security” and “Facebook and Privacy” pages to complete the impression that the request is legitimate.” (Source: Help Net Security)
  • Credit card info stolen in BigFish Games site compromise. “Seattle-based casual gaming company Big Fish Games has has its site and personal and financial information of some of its users compromised in an attack that started on last Christmas Eve.” (Source: Help Net Security)

Safe surfing, everyone!

The Malwarebytes Labs Team