A Week in Security (Apr 05 - 11)
News

A Week in Security (May 17 – May 23)

Posted: May 25, 2015 by Malwarebytes Labs

Last week, we covered a number of security topics like scams, exploit kits, and a software flaw worth buzzing over.

But before we proceed, the good news: Malwarebytes Unpacked—yes, this here blog—was nominated in the Best Corporate Security Blog category for an up-and-coming security conference in London, UK. We’d really appreciate it if you take the time to vote for us! Please note that voting closes this Friday, May 29.

Moving on: Our researchers uncovered several scams involving rogue accounts on Facebook that pretend to assist users in the recovery of accounts and malicious actors registering domains that were clearly imitations of the popular URL shortening service, Bitly.

We also found that the latest variant of the Angler exploit kit stopped executing on systems running Malwarebytes Anti-Exploit.

Joshua Cannell, one of our senior researchers, also looked into Logjam, a recently discovered vulnerability that affects home and corporate users, and advised readers to be on the lookout for a patch, which may be pushed out any time soon.

Notable news stories and security related happenings:

  • Uber in Hot Water Again – This Time Over Plaintext Passwords in Emails. “Sending old or current passwords points to the fact that those passwords haven’t been properly hashed in a company’s password database, which is a basic step in maintaining account security in the event of a breach.” (Source: Sophos’ Naked Security Blog)
  • Rombertik’s disk wiping mechanism is aimed at pirates, not researchers. “Rombertik, the information-stealing malware that was recently analyzed by Cisco researchers and which apparently tries to prevent researchers from doing so by rewriting the computer’s Master Boot Record, is actually a newer version of an underground crimeware kit known as Carbon FormGrabber (or Carbon Grabber), Symantec researchers have found.” (Source: Help Net Security)
  • How Hackers Used Microsoft TechNet to Run Their Botnet. “The Chinese group of hackers known as APT17, and also known as Deputy Dog, employed public user profiles on Microsoft’s TechNet, a support and troubleshooting website IT professionals, to embed Command and Control (CnC) code for a variant of BLACKCOFFEE malware. The code, while not actually compromising TechNet itself, remained hidden in plain sight on TechNet forums and user profiles, acting an intermediary link for the traffic between BLACKCOFFEE infected machines and APT17.” (Source: WinBeta)
  • Hacking Airplanes: No One Benefits When Lives Are Risked To Prove A Point. “In the brave new world of self-driving cars and Wifi-enabled pacemakers, everything we do as information security professionals, everything we hack, every joke we make on Twitter, has real, quantifiable consequences.” (Source: Dark Reading)
  • Fake PayPal Payment Reversal Notification Leads to Phishing. “PayPal phishing attempts take many forms, and one of the most often used techniques is fake emails containing a warning and a prompt to act quickly.” (Source: Help Net Security)
  • Why Companies Need to Learn How to Share. “For many years, members of this industry have been wary about sharing their intellectual property with others. They believed doing so would jeopardize their competitive differentiation and business opportunities. But in many cases remaining secretive is no longer the smartest way to do business. Clinging to a culture of secrecy stifles innovation. And it makes companies more vulnerable to other companies — such as competitors — that openly share information with each other.” (Source: Information Security Buzz)
  • ‘The user is today’s new corporate security perimeter’. “‘The security perimeter in organisations is dissolving – IT and security management can no longer count on well-defined network security perimeters to protect their organisations,’ according to the latest Global Threat Intelligence report.” (Source: CIO)
  • Potentially Big Apple Watch Vulnerability could Let Thieves Use Apple Pay on Stolen Watches. “A potential security vulnerability recently detailed by a blogger may have uncovered a serious flaw in the Apple Watch’s design that could lead to some big headaches for some users. In a nutshell, a nifty feature designed by Apple to maintain security on the Watch without sacrificing convenience may have actually ended up sacrificing security instead, allowing thieves to continue using Apple Pay on a stolen Watch without having to input the owner’s PIN code to confirm purchases.” (Source: BGR)
  • Advertisers Need to Start Monitoring Ad Security. “targets, so they’ve zeroed in on advertising networks – and advertisers are stuck paying the bill.” (Source: CSO Online)
  • Google Study: Most Security Questions Easy To Hack. “There’s a big problem with the security questions often used to help people log into Web sites, or remember or access lost passwords — questions with answers that are easy to remember are also easy for hackers to guess. That’s the key finding of a study that Google recently presented at the International World Wide Web Conference in Florence, Italy.” (Source: Newsfactor)
  • Researchers Raise Privacy Concerns About Bluetooth Low Energy Devices. “Researchers at Context Information Security have raised privacy concerns about a growing number of devices using Bluetooth Low Energy (BLE) technology.” (Source: Computer Weekly)
  • The CareFirst Hack: What Went Right, What Went Wrong. “CareFirst BlueCross BlueShield first learned in May 2014 of malware on an information system that was hacked a month later, according to two health information security consultants. But the Blues plan apparently did not realize the malware was not completely eradicated and the system was hacked a month later.” (Source: HealthData Management)
  • Dating Site Hackers Expose Details of Millions of Users. “Personal information relating to almost four million users of a worldwide online dating website has been leaked by hackers, according to Channel 4 News. Details of users’ sexual preferences – including whether they are gay or straight, and whether they are seeking extramarital affairs – has been compromised, along with email addresses, usernames, dates of birth, postcodes and the unique internet addresses of users’ computers.” (Source: The Guardian)

Safe surfing, everyone!

The Malwarebytes Labs Team

RELATED ARTICLES

Fishing in a lake
Cybercrime

Law enforcement reels in phishing-as-a-service whopper

April 18, 2024 - A major international law enforcement effort has disrupted the notorious LabHost phishing-as-a-service platform.

CONTINUE READING 0 Comments
Cerebral logo
News | Privacy

Mental health company Cerebral failed to protect sensitive personal data, must pay $7 million

April 18, 2024 - The Federal Trade Commission (FTC) has reached a settlement with online mental health services company Cerebral after the company was charged with failing to secure and protect sensitive health data.

CONTINUE READING 0 Comments
JuicyFields investment scam
News | Scams

Cannabis investment scam JuicyFields ends in 9 arrests

April 18, 2024 - JuicyFields was an investment scam that urged victims to invest in cannabis production.

CONTINUE READING 0 Comments
A mobile phone in the hands of a young woman in a dark colored t-shirt.
Privacy

Should you share your location with your partner?

April 17, 2024 - Location sharing is popular among couples. But is it something you want in your own relationship?

CONTINUE READING 0 Comments
Giant Tiger logo
News | Personal

Giant Tiger breach sees 2.8 million records leaked

April 16, 2024 - A threat actor claims to be in possession of 2.8 million records originating from a hack at Canadian retail chain Giant Tiger

CONTINUE READING 0 Comments

ABOUT THE AUTHOR

Malwarebytes Labs

Malwarebytes Labs

Contributors icon

Contributors

Threat Center icon

Threat Center

Podcasts icon

Podcast

Glossary icon

Glossary

Scams icon

Scams