A Week in Security (Apr 05 - 11)

A Week in Security (Jun 21 – Jun 27)

Last week, we touched on a rogue Twitter feed spewing out phishing links, a fake lottery site that is also in the business of information stealing, advertising campaigns that may be malicious or dodgy, and something about snake oil.

Before we dive into the most notable ones, as usual we’re going forth with a good news about the company: Malwarebytes acquired Junkware Removal Tool, a popular tool after dodgy software, in an effort to strengthen the fight against potentially unwanted programs (PUPs).

Senior security researcher Jérôme Segura took on a new malvertising campaign that led to an elusive exploit kit known as HanJuan, a piece of malicious program known to take advantage of 0-day vulnerabilities in Adobe Flash Player. The said campaign originated as an adf.ly shortened URL.

Speaking of advertising, senior security researcher Chris Boyd recounted to us the early years of ad providers, the ways they addressed ad blockers upon detecting them, how independent users responded (so far) to the ad providers’ response, and how others bank on this digital turf war by providing blockers for ad blockers.

Lastly, we touched on “registry cleaners” (the umbrella term we used to also refer to “registry optimizers” and “registry defragmenters”) and why we advise everyone to avoid cleaners that misbehave. In light of this, the company recently updated its PUP criteria.

Notable news stories and security related happenings:

  • Security Hole in MacKeeper Used to Shove Malware onto Macs. “Mac malware does indeed exist, and it should be no surprise that Mac crooks have a similar MO (modus operandi) to their counterparts in Windows-based cybercrime.” (Source: Sophos’s Naked Security Blog)
  • Oi, UK.gov, Your Verify System Looks Like a MASS SPY NETWORK. “Government “identity assurance” programme Verify contains “severe privacy and security problems” including a major architecture flaw that could lead to “mass surveillance” – according to an academic paper.” (Source: The Register)
  • The Difference Between Cybersecurity Literacy and Awareness. “…as executives and board members become more aware of the impact of cyber attacks on the business, is awareness enough to allow them to effectively manage these cybersecurity risks? A recent study revealed that there’s a significant difference between cybersecurity literacy and cybersecurity awareness among corporate executives.” (Source: Tripwire)
  • All Industries Fail Cybersecurity, Govt the Worst. “Government agencies fix fewer than one-third of all detected problems, according to the report. By comparison, financial services fixed 81 percent of its problems, while manufacturing fixed 65 percent.” (Source: CNBC)
  • The Weaponisation of Social Media. “Around 12 per cent of the quarter of a million complaints of cyber crime received by the US Federal Bureau of Investigation (FBI) in 2014 included a social networking dimension – up from three per cent in 2009.” (Source: IT Pro Portal)
  • HP Releases Details, Exploit Code for Unpatched IE Flaws. “Researchers at HP’s Zero Day Initiative have disclosed full details and proof-of-concept exploit code for a series of bugs they discovered that allow attackers to bypass a key exploit mitigation in Internet Explorer.” (Source: ThreatPost)
  • Many Popular Android Apps Fail to Encrypt Login Credentials. “AppBugs, a company that has created an app of the same name that analyzes Android apps for vulnerabilities, has recently revealed that their testing of apps on Google Play has shown that some 100 popular apps either don’t use HTTPS to protect login credentials or they do it badly. Altogether, these apps have been downloaded by some 200 million users.” (Source: Help Net Security)
  • Adware for OS X Distributes Trojans. “Lately, reports about distribution of new malicious and potentially dangerous programs for OS X have been emerging with great frequency. Doctor Web security researches have registered a growing number of various adware and installers for Apple computers, which is related, to a large extent, to appearance of new affiliate programs aimed at OS X users.” (Source: Dr. Web Anti-Virus Blog)
  • It Wasn’t Malware that Disabled Windows Update on Your PC, It was Samsung. “When Microsoft MVP Patrick Barker tried to help a user with a computer problem, he stumbled across something curious. Windows Update kept randomly being disabled.” (Source: Graham Cluley’s Blog)
  • iOS 9 will Delete Your Existing Apps to Make Room for Updates. “The revelation came by way of a pop-up that informed the user that deleted apps would be reinstated once the update was complete. This tricky little maneuver begs the question: What becomes of the data you saved within those apps? One can only hope that Apple will answer this question in due course!” (Source: HackRead)
  • Phishers Target Middle Management. “Phishing scammers have infiltrated the enterprise and they’re finding easy prey, but it’s not in the C-suite as previously thought. Attackers are exploiting the multitasking, often overloaded middle management ranks, according to research by security and compliance firm Proofpoint.” (Source: CSO Online)
  • ‘Rogue IT’ Less Threatening than Thought, and Decline May be a Good Thing. “The term “rogue IT” doesn’t seem to grab tech headlines quite the same way as it used to. And for good reason: the practice is on the decline and seen as less threatening.” (Source: FierceCIO)
  • Default SSH Key Found in Many Cisco Security Appliances. “An attacker who is able to discover the default SSH key would have virtually free reign on vulnerable boxes, which, given Cisco’s market share and presence in the enterprise worldwide, is likely a high number. The default key apparently was inserted into the software for support reasons.” (Source: ThreatPost)

Safe surfing, everyone!

The Malwarebytes Labs Team