A Week in Security (Apr 05 - 11)

A Week in Security (Jun 14 – Jun 20)

Last week, we discussed a new malvertising campaign targeting Dutch users, a rundown of what happened at InfoSec Europe and BSides London, and something about AdChoices.

Our security researchers spotlighted on a large malvertising campaign on June 11, first spotted by Fox-IT. One of the affected sites was Telegraaf[.]nl, a major news site, which was found to display ads originating from ad network that Fox-IT had deemed suspicious. The malicious advertisements led to the Angler exploit kit.

We also talked to our readers about AdChoices and why it’s something that Malwarebytes Anti-Malware (MBAM) cannot remove. Hint: The reason is pretty simple.

Notable news stories and security related happenings:

  • Cyber Attackers Spread MERS-related Smishing in Korea. “During the past week, the number of users infected by the malignant code has been fast increasing, according to analysts. Once the criminals gain the information via the infected smartphones, they seize contact numbers of other users within the phones and re-spread the malignant code, snowballing the problem.” (Source: Korea Times)
  • Canadian Hacker Jailed in U.S. for Hacking Military and Xbox. “David Pokora will be spending 18 months of his life in a United States prison on accounts of committing computer fraud and privacy infringement. He was accused of stealing around $100million+ in property and data with his hacking prowess from the comfort of his home in Meadowvale, Ontario, Canada.” (Source: HackRead)
  • LastPass Got Hacked: Change Your Master Password NOW. “The intrusion reportedly happened on Friday afternoon, but many LastPass users are only learning about it now. LastPass last had a security scare in 2011.” (Source: The Register)
  • Facebook introduces “Moments” – supposedly a safer way to share photos. “You could just cut down altogether on sharing photos so readily, of course, but if you plan to share your photographic moments anyway, then the Moments apps seems unlikely to do any harm, and will probably help you share more wisely.” (Source: Sophos’ Naked Security Blog)
  • The Ever-Evolving Cyber Threat to Planes. “Even if all those factors came together perfectly, hackers would almost certainly not be able to take full control of the aircraft since pilots have manual overrides.” (Source: NDTV)
  • Study: 15-30 percent of eCommerce site visitors infected with CSIM. “Fifteen to 30 percent of eCommerce site visitors are infected with client side injected malware (CSIM), according to whitepaper from Namogoo, an online security firm that monitors numerous verticals throughout the U.S. and Europe. Although legally the company can’t identify the sites it monitors, Namogoo said they are among some of the most popular travel sites.” (Source: SC Magazine)
  • LinkedIn Goes Public with its Private Bug Bounty. “Scott said that LinkedIn’s decision to keep its bounty program private and to a smaller circle of contributors gives its application security team confidence that bug submissions won’t be poorly researched or irrelevant. If the program were public, for example, Scott said that providing response and analysis on each report would require considerable resources if those bugs are to be addressed promptly.” (Source: ThreatPost)
  • Newly Patched Flash Player Bug Exploited to Deliver Crypto Ransomware. “Users in US, Canada, and the UK are most at risk, followed by users from several European countries, Australia and India.” (Source: Help Net Security)
  • Cybercrims Bypassing Two-Factor Authentication with Simple Txt. “The newly discovered scam allows attackers to bypass two-factor authentication by using the password recovery feature offered by many email providers, which enables users who have forgotten their password to gain access to the account by, among other options, having a verification code sent to their mobile phone.” (Source: Security Watch)
  • Samsung Keyboard Security Risk Disclosed: Over 600M+ Devices Worldwide Impacted. “Over 600 million Samsung mobile device users have been affected by a significant security risk on leading Samsung models, including the recently released Galaxy S6. The risk comes from a pre-installed keyboard that allows an attacker to remotely execute code as a privileged (system) user.” (Source: NowSecure)
  • Apple OS X and iOS in the Vulnerability Spotlight – Meet “CORED,” also Known as “XARA”. “What the authors found is a way to exploit the fact that Keychain isn’t quite as simple as ‘one app, one password storage bucket.'” (Source: Sophos’ Naked Security Blog)
  • Dell Secureworks Uncovers Trojan that Hides in Image Files. “A stealthy modular version of the Stegoloader banking trojan is spreading through malicious PNG files, according to researchers at Dell SecureWorks’ Counter Threat Unit (CTU). The CTU researchers reported uncovering the variant in a threat advisory, warning that the malware has an advanced modular architecture capable of dodging many traditional security tools.” (Source: V3)
  • US Hosts The Most Botnet Servers. “The United States leads the world in hosting malicious servers that are used to remotely command and control infected user machines and systems. And the US is the second-most frequent target of those systems, a new report from Level 3 Communications shows.” (Source: Dark Reading)

Safe surfing, everyone!

The Malwarebytes Labs Team