A Week in Security (Apr 05 - 11)
News

A Week in Security (Mar 01 – 07)

Posted: March 9, 2015 by Malwarebytes Labs

We opened last week with a quick update to our readers and product users about our modified Privacy Policy and our findings for Yet Another Cleaner (YAC), a paid “anti-virus” software from a Brazil-based company that was—shall we say—caught with its hand in the cookie jar.

Our security researchers also found and documented a “March Twitter Lottery” spam campaign on Twitter and the compromise of The Association of Internet Researchers’s website.

Notable news stories and security related happenings:

  • Zero-day in Seagate NAS allows attacker to remotely get unauthorized root access. “Got root? Shodan shows over 2,500 Seagate NAS devices with flawed firmware connected to the Internet that attackers could exploit for remote code execution.” (Source: Network World)
  • How a Blu-ray disc could install malware on your computer. “A pair of vulnerabilities found in hardware and software for playing Blu-ray discs might come in handy for secret snooping by the U.S. National Security Agency.” (Source: PC World)
  • How the Pentagon plans to replace the password. “The password is one of the weakest forms of security. DARPA, the Pentagon’s research arm, wants to solve this problem by turning people and their behavior into passwords through its Active Authentication program.” (Source: The Christian Science Monitor)
  • Avast Exposes Huge Security Risks in Open Wi-Fi Habits. “The study revealed that users in Asia are the most prone to attacks. More than half of the Web traffic in Asia takes place on unprotected HTTP sites, 97% of users connect to open, unprotected Wi-Fi networks, and seven out of ten password-protected routers use weak encryption methods, making it simple for them to be hacked. Users in San Francisco and Barcelona are the most likely to take steps to protect their Wi-Fi sessions, although the number is still very small as only 20% take precautions.” (Source: Herald Online)
  • Don’t Believe the Car Hacking Hype. “Let’s face it: Anything that’s connected these days can be hacked, including cars. But while more cars are getting connected, it doesn’t mean more are getting hacked. And vehicles are still pretty low on the list of hacking targets.” (Source: PC Mag)
  • Uber Announced Breach of “Partner” Information. “In a statement, Uber claims there was a “one-time access” of its databases, spilling the names and license numbers of some 50,ooo “driver partners” in various U.S. states.” (Source: Threat Post)
  • Beware of spyware concealed inside games. “Monitoring tools can be used for legitimate and malicious purposes. The first category includes parental control and employee monitoring software, the second one screenshot grabbers, keyloggers, voice or video recording tools – in short, spyware.” (Source: Help Net Security)
  • Digital know-how most important thing for students, says Richard Branson. “Digital know-how is one of the most valuable things a student will take with them when leaving school, but pupils are not being consulted enough by the government on how such skills are taught, according to Richard Branson…” (Source: Computer Weekly)
  • Efforts To Team Up And Fight Off Hackers Intensify. “New intelligence-sharing groups/ISACs emerge, software tools arrive and the White House adds a coordinating agency — but not all of the necessary intel-sharing ‘plumbing’ is in place just yet.” (Source: Dark Reading)
  • UK Firm Develops Search Engine For Dark Web. “Alistair Paterson, CEO of Digital Shadows, demos the tech in the corner room of his company’s 42nd-floor office in Canary Wharf. ‘Basically, it’s a Google for Tor,’ he explains.” (Source: Yahoo! Finance)
  • Google Play Books Is Crawling With Fake ‘Guides’ That Promise Cracked Android APKs, Provide Only Malware And Phishing Scams. “There are multiple publisher accounts in Google Play Books that claim to offer cracked APKs for a dollar or two, and people are buying them. Instead of getting a cheap game, all people are getting is disappointment and malware.” (Source: Android Police)

Safe surfing, everyone!

The Malwarebytes Labs Team

RELATED ARTICLES

A mobile phone in the hands of a young woman in a dark colored t-shirt.
Privacy

Should you share your location with your partner?

April 17, 2024 - Location sharing is popular among couples. But is it something you want in your own relationship?

CONTINUE READING 0 Comments
Giant Tiger logo
News | Personal

Giant Tiger breach sees 2.8 million records leaked

April 16, 2024 - A threat actor claims to be in possession of 2.8 million records originating from a hack at Canadian retail chain Giant Tiger

CONTINUE READING 0 Comments
week in security
News

A week in security (April 8 – April 14)

April 15, 2024 - A list of topics we covered in the week of April 8 to April 14 of 2024

CONTINUE READING 0 Comments
change social security number
News

How to change your Social Security Number

April 12, 2024 - Wondering whether changing your SSN is an option. Read here what you need to qualify for a new SSN and what you need to get one.

CONTINUE READING 0 Comments
mercenary spyware alert
News | Privacy

Apple warns people of mercenary attacks via threat notification system

April 11, 2024 - Apple has sent alerts to people in 92 nations to say it's detected that they may have been a victim of a mercenary attack.

CONTINUE READING 0 Comments

ABOUT THE AUTHOR

Malwarebytes Labs

Malwarebytes Labs

Contributors icon

Contributors

Threat Center icon

Threat Center

Podcasts icon

Podcast

Glossary icon

Glossary

Scams icon

Scams