A Week in Security (Apr 05 - 11)

A Week in Security (Mar 01 – 07)

We opened last week with a quick update to our readers and product users about our modified Privacy Policy and our findings for Yet Another Cleaner (YAC), a paid “anti-virus” software from a Brazil-based company that was—shall we say—caught with its hand in the cookie jar.

Our security researchers also found and documented a “March Twitter Lottery” spam campaign on Twitter and the compromise of The Association of Internet Researchers’s website.

Notable news stories and security related happenings:

  • Zero-day in Seagate NAS allows attacker to remotely get unauthorized root access. “Got root? Shodan shows over 2,500 Seagate NAS devices with flawed firmware connected to the Internet that attackers could exploit for remote code execution.” (Source: Network World)
  • How a Blu-ray disc could install malware on your computer. “A pair of vulnerabilities found in hardware and software for playing Blu-ray discs might come in handy for secret snooping by the U.S. National Security Agency.” (Source: PC World)
  • How the Pentagon plans to replace the password. “The password is one of the weakest forms of security. DARPA, the Pentagon’s research arm, wants to solve this problem by turning people and their behavior into passwords through its Active Authentication program.” (Source: The Christian Science Monitor)
  • Avast Exposes Huge Security Risks in Open Wi-Fi Habits. “The study revealed that users in Asia are the most prone to attacks. More than half of the Web traffic in Asia takes place on unprotected HTTP sites, 97% of users connect to open, unprotected Wi-Fi networks, and seven out of ten password-protected routers use weak encryption methods, making it simple for them to be hacked. Users in San Francisco and Barcelona are the most likely to take steps to protect their Wi-Fi sessions, although the number is still very small as only 20% take precautions.” (Source: Herald Online)
  • Don’t Believe the Car Hacking Hype. “Let’s face it: Anything that’s connected these days can be hacked, including cars. But while more cars are getting connected, it doesn’t mean more are getting hacked. And vehicles are still pretty low on the list of hacking targets.” (Source: PC Mag)
  • Uber Announced Breach of “Partner” Information. “In a statement, Uber claims there was a “one-time access” of its databases, spilling the names and license numbers of some 50,ooo “driver partners” in various U.S. states.” (Source: Threat Post)
  • Beware of spyware concealed inside games. “Monitoring tools can be used for legitimate and malicious purposes. The first category includes parental control and employee monitoring software, the second one screenshot grabbers, keyloggers, voice or video recording tools – in short, spyware.” (Source: Help Net Security)
  • Digital know-how most important thing for students, says Richard Branson. “Digital know-how is one of the most valuable things a student will take with them when leaving school, but pupils are not being consulted enough by the government on how such skills are taught, according to Richard Branson…” (Source: Computer Weekly)
  • Efforts To Team Up And Fight Off Hackers Intensify. “New intelligence-sharing groups/ISACs emerge, software tools arrive and the White House adds a coordinating agency — but not all of the necessary intel-sharing ‘plumbing’ is in place just yet.” (Source: Dark Reading)
  • UK Firm Develops Search Engine For Dark Web. “Alistair Paterson, CEO of Digital Shadows, demos the tech in the corner room of his company’s 42nd-floor office in Canary Wharf. ‘Basically, it’s a Google for Tor,’ he explains.” (Source: Yahoo! Finance)
  • Google Play Books Is Crawling With Fake ‘Guides’ That Promise Cracked Android APKs, Provide Only Malware And Phishing Scams. “There are multiple publisher accounts in Google Play Books that claim to offer cracked APKs for a dollar or two, and people are buying them. Instead of getting a cheap game, all people are getting is disappointment and malware.” (Source: Android Police)

Safe surfing, everyone!

The Malwarebytes Labs Team