A Week in Security (Apr 05 - 11)

A Week in Security (Sep 06 – Sep 12)

Last week, we talked about thousands of compromised sites, abused com.com sites, and a fake game downloader.

For our PUP Friday post, we spotlighted on YellowSend, a.k.a. AnySend, a piece of software that markets itself as a tool for sending large amount of files anywhere. You can read more about it on this post.

Malware Intelligence Analyst Christopher Boyd found the latest tech support scam campaign banking on false blue screen of death (BSoD) error messages to get users to pick up the phone and call the number splashed on the screen. Here’s another post we published in July this year containing an in-depth look of this kind of scam.

We pushed out a warning to those regularly following or are subscribed to video feeds as there are already scams online baiting them with rewards. Malware Intelligence Analyst Jovi Umawing shared her findings following a tip from a regular reader of Malwarebytes Unpacked.

Lastly, Security Researcher Pieter Arntz talked about obfuscated URLs, how bad guys abuse it, and what countermeasures users must take once they begin to suspect the legitimacy of destinations behind shortened URLs.

Notable news stories and security related happenings:

  • Files on Seagate Wireless Disks can be Poisoned, Purloined – Thanks to Hidden Login. “CERT.org has reported Seagate wireless hard drives include “undocumented Telnet services” accessible with a hard-coded password. This allows ‘unrestricted file download capability to anonymous attackers with wireless access to the device.’ And another flaw makes it possible to upload anything into the devices’ default file-sharing directory.” (Source: The Registry)
  • Hacker had Access to Sensitive Info about Firefox Bugs for Over a Year. “The breach didn’t happen because there is a critical vulnerability in Mozilla’s Bugzilla web-based bugtracker, but because the attacker managed to get hold of a privileged users’ account password, as the user re-used it on another website that has been breached.” (Source: Help Net Security)
  • Ransomware Risk from Over 140 Million Websites, Researcher Warns. “The research carried out by IT security firm Heimdal Security found that hackers were using the Neutrino Exploit Kit to inject malicious scripts into outdated webserver software that could potentially reach 400 million users.” (Source: SC Magazine – UK)
  • APT Attacks Will Seek Smaller Targets. “While APT is generally a threat vector associated with large organizations, automation and the rising economic feasibility of launching targeted attacks on a small scale means that small and medium enterprises will now drift into the crosshairs, says Eric Ahlm, Research Director at Gartner.” (Source: InfoRisk Today)
  • Driverless Cars Vulnerable to Paralysis Through Laser Hack Attack. “His research, due to be presented at the Black Hat Europe security conference in November, explained that the combination of a low-power laser and a pulse generator allowed him to record non-encoded or encrypted laser pulses from commercial Lidar systems.” (Source: V3)
  • Beware! A Nigerian Group Targeting Indian Firms in Payment Scam. “FireEye has discovered an active online payment-diversion campaign which targets small and medium businesses in non-English-speaking countries, including India. The intent of the scam is to divert payments from ongoing, legitimate business transactions conducted by the victim to their own accounts.” (Source: First Post)
  • Mid-Sized Organizations More Likely Targets for Cyberattackers. “A joint Bitdefender/Millward Brown study of 300 CIOs from medium and large businesses revealed that although both organizations are exposed to the same types of threats, they respond differently.” (Source: LegalTech News)
  • WhatsApp Security Flaw Puts 200M Web App Users at Risk. “A software vulnerability has been discovered in the web-based version of the popular WhatsApp messaging app for smartphones, which could allow hackers to trick users into downloading malware on their PCs.” (Source: The Telegraph)
  • Duo Security Research Reveals Half of Apple iPhones on Corporate Networks Run Out-of-Date Versions of iOS. “Unpatched and end-of-life devices that are no longer supported by the manufacturer are much more prevalent than expected and create significant risk for corporate networks. The Duo Labs research draws on data gathered from thousands of customer deployments in more than 150 countries worldwide.” (Source: Digital Journal)
  • Android Malware Secretly Subscribes Victims to Premium SMS Services. “The Android.Trojan.MKero.A malware is making a comeback in Androidland, and this time around, hackers found a method to bundle it with legitimate apps, capable of bypassing Google’s Bouncer app scanning system.” (Source: Softpedia)
  • Russian Spy Gang Hijacks Satellite Links to Steal Data. “The Russian-speaking spy gang known as Turla have found a solution to this—hijacking the satellite IP addresses of legitimate users to use them to steal data from other infected machines in a way that hides their command server. Researchers at Kaspersky Lab have found evidence that the Turla gang has been using the covert technique since at least 2007.” (Source: Wired)
  • Yahoo! won’t! fix! emoticon! exploit! in! death! row! Messenger! “Exploiting the flaw relies on victims installing new emoticon packages, a vector Ahrens feels is a very live threat given instant messaging users are rather keen on new sets of smiley faces.” (Source: The Register)
  • First-ever Monthly Android Security Updates Start to Roll Out. “Our friends at Android Police cobbled together a changelog, which contains a few security fixes, including a ‘Moderate severity vulnerability’ that allowed apps to bypass the SMS short code notification prompt that warned users that short codes can cost them money.” (Source: Ars Technica)
  • Newest Cyber Threat will be Data Manipulation, US Intelligence Chief Says. “US intelligence chiefs are warning Congress that the next phase of escalating online data theft is likely to involve the manipulation of digital information.” (Source: The Guardian)
  • With Latest BlueCross Breach, a Whopping 102.6 Million Records Stolen. “Yes, it’s true. There has been another major breach at a BlueCross BlueShield health insurer. This time it’s Rochester, NY-based Excellus BCBS and its affiliate Lifetime Healthcare Companies.” (Source: Fierce IT Security)
  • Why We Must Build an ‘Immune System’ to Ward Off Cyber Threats (Op-Ed). “A new approach is required; one that has adapted to the interconnected world — where security cannot be guaranteed. The landscape is constantly shifting, and threats must be dealt with as they occur.” (Source: Live Science)

Safe surfing, everyone!

The Malwarebytes Labs Team