A Week in Security (Apr 05 - 11)

A Week in Security (Mar 22 – 28)

Malwarebytes researchers found two noteworthy threats involving exploits: one was a malvertising campaign on a couple of high-profile sites and one from an adult website.

Our researchers also found a scam homing in on Steam users by luring them with free codes. We also get to discuss how adware is delivered onto user systems.

Notable news stories and security related happenings:

  • Study: One-third of top websites vulnerable or hacked. “Finding out that a site is running vulnerable software doesn’t take any special skill — the report pointed out that information about a website’s underlying software infrastructure is provided to any browser that asks for it.” (Source: CSO Online)
  • Flash-based vulnerability lingers on many websites three years later. “The vulnerability was unusual because fixing it didn’t just require Flex SDK to be updated, but also patching all the individual Flash applications (SWF files) that had been created with vulnerable versions of the SDK.” (Source: Computer World)
  • The average DDoS attack tripled in volume. “The average packet volume for DDoS attacks increased 340 percent to 4.36 million packets per second (Mpps), and the average bit volume swelled 245 percent to 12.1 Gbps in the final quarter of 2014, according to Black Lotus.” (Source: Help Net Security)
  • Retailers Adopt Intel-Sharing Portal Used By Banks. “The move brings the two intel-sharing organizations, the R-CISC and the FS-ISAC (Financial Services Intelligence Sharing and Analysis Center), closer together in their efforts to identify, share, and thwart attack attempts on companies in their industries. But the R-CISC’s portal will be its own iteration of the FS-ISAC’s, with the capability of sharing between them as necessary and applicable, executives from both organizations say.” (Source: Dark Reading)
  • Default Setting in Windwos 7, 8.1 Could Allow Privilege Escalation, Sandox Escape. “The issue, something that leaves all current Windows client installations vulnerable, lies in the way the operating system handles authentication.” (Source: ThreatPost)
  • Mobile ‘sextortion’ schemes on rise, Trend Micro reports. “The report details how the masterminds behind the scam in Asian countries rope in victims and collect payments but also how they developed their software tools, according to evidence gathered in cases in South Korea and Japan.” (Source: Network World)
  • Tax Fraud Advice, Straight from the Scammers. “Online cybercrime forums play a critical role here, allowing thieves to compare notes about how to evade new security roadblocks and steer clear of fraud tripwires.” (Source: Krebs on Security)
  • U.S. urges companies to do more to fight cyber crime. “Financial services firms were making substantial investments in reinforcing their resilience to cyber attacks but they needed to embed this resilience into their existing business units rather than grafting improvements on top of them…” (Source: Reuters)
  • Too Many Adverts and Porn pop-ups in your Web Browser? Maybe your Router has been Hijacked. “Security researchers at Ara Labs have warned of an active campaign which has seen attackers changing DNS settings on routers, causing unauthorised ads and adult content to appear on virtually all websites affected users visit, generating income for the attackers.” (Source: Tripwire)
  • Toying with Your Security and Privacy. “While twenty years ago the only electronic devices that were interactive in our homes were microwaves and Tamagotchis, we now face the era of the internet of things (IoT) living large with smart TV’s, refrigerators, wearables and many other gadgets that talk, listen, feel and monitor our every move – including Barbie?” (Source: Norse Corp’s Dark Matters Blog)
  • Google, Microsoft Warn of Fake Security Certificates. “Despite the hefty competition between the two companies, Google and Microsoft can agree on at least one thing: there are fake SSL certificates floating around that bad actors could use to spoof content and execute man-in-the-middle or phishing attacks against unsuspecting consumers. (Source: Top News Tech)
  • Not Even 750,000 Twitter Bots Could Make These Diet Pills Work as Promised. “​A lone spammer created more than 750,000 fake Twitter accounts to market a notorious weight ​loss pill in a sophisticated spam campaign that lasted more than a year, according to a new rep​ort.” (Source: Motherboard)

Safe surfing, everyone!

The Malwarebytes Labs Team