A Week in Security (Apr 05 - 11)

A Week in Security (Feb 22 – 28)

Last week, our experts found exploit served on interesting sites and fake online checkers.

Senior Security Researcher Jérôme Segura discovered a hacked “Account Suspended” page that houses exploit kits. He also found a bogus search engine, which is installed by PUPs, that directs users to pages serving exploit.

Security Researcher Christopher Boyd came across a page claiming to be a Microsoft PID (product ID) checker, warning visitors to never give away their keys.

Notable news stories and security related happenings:

  • Security Researcher: Superfish Could Be Catastrophic. “Apparently, Superfish stinks worse than security Relevant Products/Services industry watchers first thought. There was an uproar when the world discovered Lenovo, the world’s largest PC maker, has been shipping laptops pre-installed with a virus-like software Relevant Products/Services that puts customers in the line of hacker fire. But uproar may soon be an understatement.” (Source: Top Tech News)
  • PrivDog Poses Bigger Risk Than Superfish. “PrivDog was developed by Comodo founder and CEO Melih Abdulhayoglu. PrivDog is bundled with one of Comodo’s flagship products, Comodo Internet Security, but only as a browser extension. Only the standalone version is vulnerable.” (Source: ThreatPost)
  • SSL-busting code that threatened Lenovo users found in a dozen more apps. “The list of software known to use the same HTTPS-breaking technology recently found preinstalled on Lenovo laptops has risen dramatically with the discovery of at least 12 new titles, including one that’s categorized as a malicious trojan by a major antivirus provider.” (Source: Ars Technica)
  • Major mobile flaws remain unpatched. “According to the McAfee Labs Threats Report for February 2015 from Intel Security, mobile app providers have been slow to address the most basic SSL vulnerabilities which were revealed in September 2014 by the Computer Emergency Response Team (CERT) at Carnegie Mellon University. It released a list of mobile apps possessing an SSL weakness, including apps with millions of downloads.” (Source: IT Security Guru)
  • Hacked Hardware Could Cause The Next Big Security Breach. “Microchips govern our homes, cities, infrastructure, and military. What happens when they’re turned against us?” (Source: Popular Science)
  • Koppie Koppie sells photos of your kids to prove you shouldn’t post them online. “Koppie Koppie, an online business selling coffee mugs with pictures of children printed on them, is stirring up controversy – after all, the kids’ photos weren’t given to Koppie Koppie by their parents, but grabbed from Flickr.” (Source: Sophos’ Naked Security Blog)
  • New DDoS attack and tools use Google Maps plugin as proxy. “A known vulnerability in a Google Maps plugin for Joomla allows the plugin to act as a proxy. Attackers spoof (fake) the source of the requests, causing the results to be sent from the proxy to someone else – their denial of service target. The true source of the attack remains unknown, because the attack traffic appears to come from the Joomla servers.” (Source: Help Net Security)
  • Top Spy: Small Hacks Are Bigger Threat Than ‘Cyber Armageddon’. “The risk of a catastrophic cyber attack that disables a key piece of national infrastructure, such as a portion of the power grid, is “remote at this time” and not the biggest threat to U.S. national security in cyberspace, the country’s top intelligence official told a Senate panel on Thursday.” (Source: The Daily Beast)
  • Signs of Superfish-like MitM Attacks Discovered in the Wild. “Evidence has been found suggesting that cybercriminals may be relying on the traffic interception engine from Komodia, integrated in Superfish and other software solutions, for nefarious purposes in the wild.” (Source: Softpedia)
  • Serious TalkTalk data breach leads to scam phone calls for customers. “Hackers have stolen the personal details of thousands of TalkTalk customers, and – in some cases – used them to scam further information such as sensitive banking information.” (Source: Graham Cluley’s Blog)
  • After Superfish-Lenovo incident, Facebook probes larger issue of SSL-sniffing adware. “Ian Amit, Vice President of ZeroFOX, a social risk management and social media security firm, explained a practical way in which attackers could try to leverage MitM attacks against users running Superfish.” (Source: SC Magazine)
  • How nine out of ten healthcare pages leak private data. “A study by a Timothy Libert, a doctoral student at the University of Pennsylvania, has found that nine out of ten visits to health-related web pages result in data being leaked to third parties like Google, Facebook and Experian” (Source: Sophos’ Naked Security Blog)

Safe surfing, everyone!

The Malwarebytes Labs Team