A Week in Security (Apr 05 - 11)

A Week in Security (Aug 09 – Aug 15)

Last week, we announced a new thought leadership series entitled “Marcin’s Soundbytes” wherein our very own CEO interviews other professionals in the cybersecurity industry. The videos will be shared to blog readers on a weekly basis. To start off the series, Marcin interviewed Tim Wilson (Dark Reading), Ira Winkler (Irari Report), Rob Westervelt (IDC), and ESET’s CEO, Andrew Lee.

In other blog post topics, Malwarebytes researchers also touched on automated analysis of malware behaviour using the Malheur tool, a ransomware spam targeting European countries, a smishing campaign after T-Mobile credentials, and a recently patched 0-day flaw in IE that was exploited in the wild.

Senior security researcher Christopher Boyd revealed that some ads on Web sites, when opened on a mobile device like a smartphone, can redirect users to destinations—non-malicious at the point of writing—wherein they can be charged with a certain fee without their consent. It was disconcerting and something users should be wary of from hereon.

PC video gamers, particularly those using Steam, once again saw another spam campaign distributed via the chat feature by compromised accounts. This time, the message claimed to share a funny picture to the recipient, only for him/her to find out that the image file, much like previous campaigns within the gaming platform, was also a malicious screenshot (.SCR). We detected it as Trojan.Downloader.Agent.

Notable news stories and security related happenings:

  • Lenovo PCs and Laptops Seem to have a BIOS Level Backdoor. “The Chinese computer and laptop maker, Lenovo is once again in the eye of the storm after users have found that their PCs/Laptops are shipped with a hidden backdoor at the BIOS level. Earlier in the year, it was found that all Lenovo PCs/Laptops are shipped with a spyware called Superfish.” (Source: Tech Worm)
  • Researchers Hack a Corvette Using SMS Messages. “Using mobile TCUs (Telematic Control Units), or better known as tracking/insurance dongles, four security researchers from the University of California in San Diego hacked a Corvette using SMS messages.” (Source: Softpedia)
  • HTC Caught Storing Fingerprints AS WORLD-READABLE CLEARTEXT. “Four FireEye researchers have found a way to steal fingerprints from Android phones packing biometric sensors such as the Samsung Galaxy S5 and the HTC One Max.” (Source: The Register)
  • Hacking Airport Security Systems with a Common Laptop. “Cyber security from I-Team investigation revealed that hackers could have the ability to shut down an airport’s security network just using a laptop. It is embarrassing read that system designed to improve security of the airports could represent the entry point for attackers.” (Source: Security Affairs)
  • Google Disables Inline Installation of Chrome Extensions for Deceptive Developers. “Inline installation was introduced by Google in 2011 in an effort to make it easier for users to add extensions to Chrome by allowing them to install extensions hosted on the Web Store directly from the developer’s website. Some developers have abused this feature and distributed their extensions via deceptive advertisements and websites. Google has been keeping an eye on developers who use such tactics and they will no longer be able to use inline installation starting with September 3.” (Source: Security Week)
  • Ubiquiti Networks Falls Victim to $47M Cyberscam. “Ubiquiti Networks, a manufacturer of networking technology for service providers and enterprises, has revealed that cyberthieves stole $46.7 million through an e-mail scam. According to a recent document filed with the Securities and Exchange Commission (SEC), the fraud involved an ’employee impersonation and fraudulent requests from an outside entity targeting the company’s finance department.'” (Source: Legal Tech News)
  • Windows 10’s Privacy Policy is the New Normal. “Windows 10, in normal usage and typical configurations, will send quite a lot of information to Microsoft. Windows 8, in normal usage and typical configurations, will also send quite a lot of information to Microsoft. On the other side of the fence, OS X, in normal usage and typical configurations, will send some information to Apple. It’s hard to imagine a modern day operating system that doesn’t do this, at least to some extent.” (Source: Ars Technica)
  • FDA Warns Hospitals to Stop Using Hackable Drug Pumps. “You may have seen news that US Food and Drug Administration is now “strongly encouraging” hospitals not to use a leading brand of drug pump over hacking fears. The BBC story is here for more details. John Smith, Principal Solution Architect at Veracode commented on the FDA issues warnings to hospitals over hackable drug infusion pumps.” (Source: Information Security Buzz)
  • Internal Modem can be Exploited by Malware to Gain Persistence. “Two security experts at the last Def Con hacking conference have demonstrated how Internal LTE/3G modems can be hacked to help malware survive OS reinstalls.” (Source: Security Affairs)
  • Researcher Generates Thousands of Phone Numbers, Matches Them to Facebook Accounts. “A security researcher has developed an algorithm that exploits a flaw in a Facebook default privacy setting to obtain cell phone numbers linked to Facebook accounts and then get information associated with those accounts.” (Source: SC Magazine)
  • Over 55% of All Androids at Risk of High Severity Vulnerability. “Now IBM security researchers have warned of another serious vulnerability that impacts over 55% of all Androids. The vulnerability, which has been dubbed CVE-2015-3825, affects Android versions 4.3 to 5.1, as well as the current Android M preview build, and could be exploited by malware.” (Source: Graham Cluley’s Blog)
  • Chip Card ATM ‘Shimmer’ Found in Mexico. “Fraud experts in Mexico have discovered an unusual ATM skimming device that can be inserted into the mouth of the cash machine’s card acceptance slot and used to read data directly off of chip-enabled credit or debit cards.” (Source: Krebs on Security)
  • June Was ‘Worst Month Of Malvertising Ever’. “In the first six months of 2015, malvertising was one of the biggest threats to endpoint security, causing an estimated $525 million in damages (related to repair and recovery costs), according to research released today by Invincea.” (Source: Dark Reading)
  • Corporate Encrypt-Everything Policies Gain Interest. “In the survey, from Vormetric and IANS, top reasons for encrypting data included; preventing data breaches (66%), fulfilling compliance or audit mandates (54%) and protection of financial and other assets (53%).” (Source: InfoSecurity Magazine)
  • Why You Should Stop Worrying about Online Privacy. “Consumer concern about online privacy is at all-time high due to e-commerce and mobile devices, which both collect wide swathes of consumer data, the Pew Research study says. However, people who worry about “privacy eroding into the river and being gone forever,” said Wittes, ignore how those benefits actually increase privacy.” (Source: CSO Online)
  • Locker: an Android Ransomware Full of Surprises. “The malware claims it has detected “forbidden pornographic” pictures on your device, says it has reported it to the FBI and asks you to pay a fine of $500. To make the (fake) report appear even more scary, the malware displays your IP address and a picture of you. It says those were sent in the report to the FBI.” (Source: Fortinet’s Security Research Blog)
  • Twitter Transparency Report Reveals Surge in Government Data Requests. “According to the report, which was updated on Aug. 11, 4,363 information requests from 62 different nations were made between January 2015 and June 2015, with four previously unlisted countries (Cyprus, Dominican Republic, Poland and Serbia) joining the pool of governments that sought information from the social media giant. According to the Twitter report, “information requests include worldwide government requests we’ve received for account information, typically in connection with criminal investigation,” and of the requests that Twitter received, about 58 percent resulted in the release of information.” (Source: Legal Tech News)
  • Dropbox Introduces USB Key Verification for Two-step Login. “While two-step verification using a phone can be effective, it is open to some risk – there is still a chance that a user can be fooled into entering their password and verification code on fake websites, says Dropbox. The U2F key – a physical key that slots into a device’s USB port – offers an additional layer of protection.” (Source: Silicon Republic)
  • Facebook Awards $100,000 for New Class of Vulnerabilities and Detection Tool. “The award, Facebook’s Internet Defense Prize, was handed out at the USENIX Security Symposium in Washington, D.C., and doubles last year’s inaugural payout of $50,000. The prize is an effort to recognize and fund Internet security research in the areas of defense and protection, Facebook said.” (Source: Kaspersky’s ThreatPost)
  • Why Even Startups Need to Care About Security. “Startups beware: Security is not just for established companies. One big data breach could cost you your business.” (Source: AlleyWatch)
  • Smartwatch Makers Opt for Simplicity Over Keeping User Data Safe, Warns Security Firm Trend Micro. “The study stress-tested smartwatches from major manufacturers Apple, Samsung, Motorola, LG, Sony, Asus, and Pebble to see how they ranked for physical protection, data connections and information stored to see which poses the biggest risk to consumers.” (Source: International Business Tines)
  • Windows 10 Might be Spying on You Even After You Tell it to Stop. “According to Ars Technica, even after you tell Microsoft that Windows 10 shouldn’t make any Internet-related inquiries while you’re using it, it appears that Windows 10 still pings Microsoft for various information.” (Source: BRG)
  • Zero Day in Android’s Google Admin App Can Bypass Sandbox. “The vulnerability lies in the way that the Google Admin application on Android phones handles some URLs. If another application on the phone sends the Admin app a specific kind of URL an attacker can bypass the Same Origin Policy and get data from the Admin sandbox.” (Source: Kaspersky’s ThreatPost)
  • Security Researchers Find Flaws in Ethernet Switches. “Cyber-security researchers in the US say that they have found security flaws in industrial Ethernet switches and gateways which could be used to attack industrial control systems in industries ranging from manufacturing to power generation. They have found vulnerabilities in four makes of Ethernet switch, but say that similar problems could exist in other devices.” (Source: Drives & Controls)

Safe surfing, everyone!

The Malwarebytes Labs Team