A Week in Security (Apr 05 - 11)

A Week in Security (May 17 – May 23)

Last week, we covered a number of security topics like scams, exploit kits, and a software flaw worth buzzing over.

But before we proceed, the good news: Malwarebytes Unpacked—yes, this here blog—was nominated in the Best Corporate Security Blog category for an up-and-coming security conference in London, UK. We’d really appreciate it if you take the time to vote for us! Please note that voting closes this Friday, May 29.

Moving on: Our researchers uncovered several scams involving rogue accounts on Facebook that pretend to assist users in the recovery of accounts and malicious actors registering domains that were clearly imitations of the popular URL shortening service, Bitly.

We also found that the latest variant of the Angler exploit kit stopped executing on systems running Malwarebytes Anti-Exploit.

Joshua Cannell, one of our senior researchers, also looked into Logjam, a recently discovered vulnerability that affects home and corporate users, and advised readers to be on the lookout for a patch, which may be pushed out any time soon.

Notable news stories and security related happenings:

  • Uber in Hot Water Again – This Time Over Plaintext Passwords in Emails. “Sending old or current passwords points to the fact that those passwords haven’t been properly hashed in a company’s password database, which is a basic step in maintaining account security in the event of a breach.” (Source: Sophos’ Naked Security Blog)
  • Rombertik’s disk wiping mechanism is aimed at pirates, not researchers. “Rombertik, the information-stealing malware that was recently analyzed by Cisco researchers and which apparently tries to prevent researchers from doing so by rewriting the computer’s Master Boot Record, is actually a newer version of an underground crimeware kit known as Carbon FormGrabber (or Carbon Grabber), Symantec researchers have found.” (Source: Help Net Security)
  • How Hackers Used Microsoft TechNet to Run Their Botnet. “The Chinese group of hackers known as APT17, and also known as Deputy Dog, employed public user profiles on Microsoft’s TechNet, a support and troubleshooting website IT professionals, to embed Command and Control (CnC) code for a variant of BLACKCOFFEE malware. The code, while not actually compromising TechNet itself, remained hidden in plain sight on TechNet forums and user profiles, acting an intermediary link for the traffic between BLACKCOFFEE infected machines and APT17.” (Source: WinBeta)
  • Hacking Airplanes: No One Benefits When Lives Are Risked To Prove A Point. “In the brave new world of self-driving cars and Wifi-enabled pacemakers, everything we do as information security professionals, everything we hack, every joke we make on Twitter, has real, quantifiable consequences.” (Source: Dark Reading)
  • Fake PayPal Payment Reversal Notification Leads to Phishing. “PayPal phishing attempts take many forms, and one of the most often used techniques is fake emails containing a warning and a prompt to act quickly.” (Source: Help Net Security)
  • Why Companies Need to Learn How to Share. “For many years, members of this industry have been wary about sharing their intellectual property with others. They believed doing so would jeopardize their competitive differentiation and business opportunities. But in many cases remaining secretive is no longer the smartest way to do business. Clinging to a culture of secrecy stifles innovation. And it makes companies more vulnerable to other companies — such as competitors — that openly share information with each other.” (Source: Information Security Buzz)
  • ‘The user is today’s new corporate security perimeter’. “‘The security perimeter in organisations is dissolving – IT and security management can no longer count on well-defined network security perimeters to protect their organisations,’ according to the latest Global Threat Intelligence report.” (Source: CIO)
  • Potentially Big Apple Watch Vulnerability could Let Thieves Use Apple Pay on Stolen Watches. “A potential security vulnerability recently detailed by a blogger may have uncovered a serious flaw in the Apple Watch’s design that could lead to some big headaches for some users. In a nutshell, a nifty feature designed by Apple to maintain security on the Watch without sacrificing convenience may have actually ended up sacrificing security instead, allowing thieves to continue using Apple Pay on a stolen Watch without having to input the owner’s PIN code to confirm purchases.” (Source: BGR)
  • Advertisers Need to Start Monitoring Ad Security. “targets, so they’ve zeroed in on advertising networks – and advertisers are stuck paying the bill.” (Source: CSO Online)
  • Google Study: Most Security Questions Easy To Hack. “There’s a big problem with the security questions often used to help people log into Web sites, or remember or access lost passwords — questions with answers that are easy to remember are also easy for hackers to guess. That’s the key finding of a study that Google recently presented at the International World Wide Web Conference in Florence, Italy.” (Source: Newsfactor)
  • Researchers Raise Privacy Concerns About Bluetooth Low Energy Devices. “Researchers at Context Information Security have raised privacy concerns about a growing number of devices using Bluetooth Low Energy (BLE) technology.” (Source: Computer Weekly)
  • The CareFirst Hack: What Went Right, What Went Wrong. “CareFirst BlueCross BlueShield first learned in May 2014 of malware on an information system that was hacked a month later, according to two health information security consultants. But the Blues plan apparently did not realize the malware was not completely eradicated and the system was hacked a month later.” (Source: HealthData Management)
  • Dating Site Hackers Expose Details of Millions of Users. “Personal information relating to almost four million users of a worldwide online dating website has been leaked by hackers, according to Channel 4 News. Details of users’ sexual preferences – including whether they are gay or straight, and whether they are seeking extramarital affairs – has been compromised, along with email addresses, usernames, dates of birth, postcodes and the unique internet addresses of users’ computers.” (Source: The Guardian)

Safe surfing, everyone!

The Malwarebytes Labs Team