A Week in Security (Apr 05 - 11)

A Week in Security (Aug 16 – Aug 22)

Last week, we touched on the Ashley Madison data leak in two blog posts, offered a reaction to that Coby Persin viral video, and explored a website claiming to offer Malwarebytes Anti-Malware for Windows 10, but it was an earlier version of the product with an added twist.

We also to took a look inside a Neutrino botnet builder, the near 20 year-old Women of Color (WOC) STEM Conference, a 419 spam, and a persistent roller coaster video scam on Facebook.

Senior security researcher Jérôme Segura discussed how the Microsoft tech support scam has evolved from an English-only platform to a multi-language effort, thus widening the scammers’ target pool and upping the risks for potential victims. Some of the languages being used  now are French, Spanish, German, and Japanese.

More malvertising campaigns caught in the wild. First, Segura detected a then-live lobby of malicious ads on PlentyOfFish (POF), a popular online dating site. These ads lead to the execution of the Nuclear exploit kit. Unpatched systems were expected to be affected by a variant of Tinba, a banking Trojan.

Next company to be affected is Telstra, Australia’s largest telecommunication company. Segura noted that this campaign is similar to the one he saw plaguing POF.

Notable news stories and security related happenings:

  • How BitTorrent Could Let Lone DDoS Attackers Bring Down Big Sites. “Some of the most widely used BitTorrent applications, including uTorrent, Mainline, and Vuze are also the most vulnerable to a newly discovered form of denial of service attack that makes it easy for a single person to bring down large sites.” (Source: Ars Technica)
  • Smartwatches Aren’t So Clever When It Comes to Security. “Smartwatch manufacturers are failing to secure sensitive data on their devices, warned a Trend Micro report. The IT security firm said that smartwatches running Google’s Android Wear and even the Apple Watch are not as secure as they should be.” (Source: SC Magazine)
  • Cracked Uber Accounts Tumble to 40 Cents on the Dark Web. “Motherboard, which first picked up on the Uber account sale in March, now reports that the accounts are not only still being sold; now, valid email/password logins for Uber are selling for less than half of what they had been.” (Source: Sophos’s Naked Security Blog)
  • PayPal Customers Hit with ‘Changes to Legal Agreements’ Phishing Scam. “A PayPal phishing scam can be tricky, but don’t worry all you need to do is keep your eyes open and do what we tell you.” (Source: HackRead)
  • Italian Teen Finds Two Zero-day Vulnerabilities in Apple’s OS X. “The finding comes after Apple patched last week a local privilege escalation vulnerability that was used by some miscreants to load questionable programs onto computers.” (Source: PC World)
  • IRS Says Cyberattacks More Extensive than Previously Thought. “A new review has identified 220,000 additional incidents where data was breached, the tax collection agency said. It identified another 170,000 suspected failed attempts by third parties to gain access to taxpayer data.” (Source: Reuters – UK)
  • Russia Uses Army of ‘Trolls’ to Sway Sentiment Online. “When Facebook posts and tweets blamed Ukrainian rebels for downing a Malaysian jet there last year, U.S. spies studied social media trend lines to gauge public opinion of the Kiev-Moscow conflict. The number of Facebook ‘likes’; statistics on retweets and ‘favorited’ tweets; and other social media analytics told one story.” (Source: National Journal)
  • Security Flaw Affecting More than 100 Car Models Exposed by Scientists. “The research team discovered car manufacturers including Audi, Citroën, Fiat, Honda and Volvo, as well as Volkswagen, had models that were vulnerable to “keyless theft” because a device designed to prevent the vehicles from being stolen could be disabled easily.” (Source: The Guardian)
  • Mozilla is Experimenting with Improved Private Browsing. “The new Private Browsing option, introduced in the Developer Edition of Firefox for Windows, OS X and Linux, as well as Firefox Aurora for Android, will allow users to pick and choose which security and privacy controls to turn on an off. Website elements that could be used to record user behavior across sites will also actively be blocked, but users can unblock them if they want / need to.” (Source: Help Net Security)
  • Cyberattack Campaign Targets India, SEA Nations. “Likely to originate from China, the hacker group embeds a “Watermain” script into Microsoft Word documents to create backdoors into infected machines, reveals security vendor FireEye.” (Source: ZDNet)
  • Payment Card Info of 93,000 Web.com Customers Stolen. “The name, address, and credit card information of approximately 93,000 customers of Web.com, a popular US-based provider of Internet services to small businesses, has been compromised due to a breach of one of the company’s computer systems.” (Source: Help Net Security)
  • Google’s New OnHub Router Offers Automatic Security Updates. “Security experts have broadly welcomed Google’s newly unveiled home and SOHO Wi-Fi router, claiming its automatic update functionality should help fortify the device against attack. The OnHub has yet to be released but promises something dramatically different to the usual home router box: power and usability.” (Source: InfoSecurity)
  • Spotify Now Officially Even Worse Than the NSA. “New terms and conditions popping up on Spotify users screens give the music-streaming company sweeping new rights. The ‘What we collect’ section of the new terms seems scary enough…” (Source: The Register)
  • Data Kidnapping the Latest Cyber Threat. “A new mode of hacking will see cybercriminals use context to get them money faster than stolen credit card data can.” (Source: TechCentral)
  • Street Gangs, Tax Fraud and ‘Drop Hoes’. “Authorities across the United States this week arrested dozens of gang members who stand accused of making millions of dollars stealing consumer identities in order to file fraudulent tax refund requests with the Internal Revenue Service (IRS). The arrests highlight the dramatic shift in gang activity in recent years from high-risk drug dealing to identity fraud — a far less risky yet equally lucrative crime.” (Source: Krebs on Security)

Safe surfing, everyone!

The Malwarebytes Labs Team