A Week in Security (Apr 12 - 18)

Last week, our security researchers covered a number of 419 scams, with one taking lead from an old racket back in 2012; another, a fake “give away” purportedly sponsored by the UN; and lastly, a brief notice about a money transfer to the recipient’s account (Never true, of course).

Researchers also flagged a number of exploits they found on legitimate sites that have been taken advantaged of to host malicious advertisements. One of our seniors even posted a case study on malvertising.

We also introduced an interactive documentary series called “Do Not Track”, which was created to introduce users to the world of data tracking.

Notable news stories and security related happenings:

Attacks on SCADA and PoS Malware Increased in 2014. “There were 13 Point-of-Sale (PoS) malware signatures created in 2014, compared to three in 2013. Attacks were also noted on SCADA systems, with a two-fold increase in SCADA attacks compared to 2013.” (Source: IT Security Guru)
China Accused Of Decade Of Cyber Attacks On Governments And Corporates In Asia. “Security firm FireEye released a report today revealing a spate of corporate espionage and cyber spying offenses against targets located in India, Malaysia, Vietnam, Thailand, Nepal, Singapore, Philippines, Indonesia and beyond. The group said attacks began in 2005.” (Source: TechCrunch)
Blink and You’ll Miss Them – The Latest Form of DDoS Attacks. A report “suggests that attackers are trying out new forms of assault – bursts of damaging attack traffic as opposed to prolonged events.” (Source: Computing)
As Ransomware Attack Evolve, More Potential Victims are at Risk. “Law enforcement agencies in the U.S. and around the world have been focusing more and more of their attention on cybercrime of late, and ransomware is an ever-growing part of that problem.” (Source: Kaspersky Labs’ ThreatPost)
Second-hand Devices – Cheaper but Risky. “he market for used smartphones and tablets offer opportunities for both buyers and sellers. But there are risks as well, both to individuals and the enterprise.” (Source: CSO Online)
Universal Backdoor for E-commerce Platform Lets Hackers Shop for Victims. “As people become more aware of the threat of targeted “phishing” attacks via e-mail and social media, malware-armed attackers are turning to new ways to target specific victims where they least expect it—by exploiting the legitimate websites they frequent and assume to be secure.” (Source: Ars Technica)
Cylance SPEAR Team Discovers Vulnerability Impacting All Versions of Windows, Including Windows 10 Preview. “The vulnerability can be exploited to steal sensitive login credentials in stealthy attacks.” (Source: Market Watch)
Thousands Could Launch Sony-style Cyberattack, Says Ex-hacker. “The chances of another company suffering the devastating effects of a cyberattack like the one perpetrated on Sony last year are not as remote as we would like to believe, security researchers say.” (Source: CNet)
Email Phishing Attacks Take Just Minutes to Hook Recipients. “It’s no surprise that in the race to protect networks from hackers, the adversaries outnumber and outpower the defenders. But now we know just how rapidly the protectors have to act before their systems are lost to attackers.” (Source: Wired)
Here’s Why You Need To Worry About Data Breaches. “Any breach of your data, even if you think it’s inconsequential and minor, could be just the first step on the path to hackers getting at your bank account, a report released Tuesday by Verizon Enterprise shows.” (Source: Vocativ)
New Java Vulnerabilities Remotely Executable Without Login. “Applications running on any of JRE/JDK versions 5, 6, 7, and 8 which do not apply this patch are at risk of a dozen severe remotely-exploitable vulnerabilities which could result in the complete compromise of sensitive application data.” (Source: Help Net Security)
Lost your Android? Now you can Google it! “Google’s new “Find My Phone” is just that: a search term that we can now plug into Google search.” (Source: Sophos’ Naked Security Blog)