A Week in Security (Apr 05 - 11)

A Week in Security (Sep 20 – Sep 26)

Last week, we touched on a fake Grand Theft Auto (GTA) 5 money generator scam; a comprehensive overview of Ghostery, a very useful tool for stopping trackers; a fake antivirus online scanner; and an SSL malvertising campaign plaguing top adult sites.

Malware Intelligence Analyst Christopher Boyd wrote an interesting piece about an experimental browser game called “Unsolicited” wherein one can play the role of an office worker whose main job is to spam. Boyd also left a reminder to readers on what one can do when dealing with such potential threats in inboxes.

In another post, Boyd discovered a survey scam aiming at Internet users who are playing “Fallout Shelter”, a Fallout franchise game for mobile devices. The lure was unlimited lunch boxes. I guess that makes sense given that the game is set on a post-apocalyptic world.

Senior Threat Researcher Jérôme Segura documented another malvertising campaign that this time was aimed at visitors of a high-profile real estate website. The exploit used in this campaign is Angler, which may drop varying malware.

Lastly, we also covered that breaking news about Imgur, a popular image sharing website, that had been used to perform distributed denial-of-service (DoS) attacks against 4Chan and 8Chan.

Notable news stories and security related happenings:

  • Techie Finds 1.5 MEELLION US Medical Records Exposed on Amazon’s AWS. “It has been claimed that the names, addresses, and phone numbers, along with biological health information including existing illnesses and current medications, were posted in the clear to Amazon S3 storage servers by insurers using Systema Software.” (Source: The Register)
  • South Korean Child Monitoring App Beset by Vulnerabilities, Privacy Issues. “Researchers with the Canadian watchdog group Citizen Lab discovered 26 vulnerabilities and design flaws in Smart Sheriff, a children’s monitoring app that gained popularity this summer when its use was essentially mandated by the Korean government.” (Source: Kaspersky Labs’s ThreatPost)
  • Cyberattack 101: Why Hackers Are Going After Universities. “These aren’t college kids trying to change their grades. They’re potentially “nation-state actors” much like the hackers who have targeted large corporations in the past, said Michael Oppenheim, intelligence operations manager at Internet security firm FireEye.” (Source: NBC News)
  • Kardashian Website Exposes User Info for Hundreds of Thousands of Fans. “The Kardashians are often called “over-exposed,” but a flaw in recently launched websites for the celebrity family offered exposure of an entirely different kind: the names and email addresses of more than half a million users.” (Source: InfoSecurity Magazine)
  • Majority of UK Businesses have been Targeted by Cyber Criminals. “The government has warned that 90% of major businesses have faced a cyber attack in the past year, with 74% of small businesses also victims of cyber crime.” (Source: Computer Weekly)
  • Insurance and Education Should be Weapons in Fight Against Cyber-crime. “The majority of businesses do not have cyber security insurance, with many not even aware such protection exists – and even those that do have insurance in place may find themselves at a loss if they don’t have the correct cover. The solution may be to mandate more data sharing and raise public awareness, according to speakers at a roundtable organised by software security company Kaspersky Lab.” (Source: Banking Technology)
  • Starbucks Stays Schtum, After Patching Critical Website Vulnerabilities. “Starbucks has patched three critical vulnerabilities on its website, but it still hasn’t respond to the security researcher who first found the bugs. Mohamed M. Fouad, an Egyptian security researcher, recently published a post on his blog that explains the severity of his discovery.” (Source: Graham Cluley’s Blog)
  • More Genuine iPhone Apps May Still be Infected with Malware Following Massive App Store Hack. “Cunning hackers from China managed to sneak malware into what’s generally thought of as an impenetrable target, Apple’s App Store. They created a custom version of the Xcode program developers use to create iPhone apps, thus injecting the malware payload right into the apps that Apple staff would later approve.” (Source: BGR)
  • Number of XcodeGhost-infected iOS Apps Rises. “As the list of apps infected with the XcodeGhost malware keeps expanding, Apple, Amazon and Baidu are doing their best to purge their online properties of affected apps, malicious Xcode installers, and C&C servers used by the attackers to gather the stolen information and control the infected apps/devices.” (Source: Help Net Security)
  • The Ethics of AdBlocking. “Adblocking is becoming a more and more contentious topic in recent days. Publications, understandably, do not want people to block ads – they derive much of their revenue from them. Users find them to be intrusive and often feel that they impede their usage of a site; and, given the recent meteoric rise of malvertising, ads can often become downright dangerous. Where is the balance between the desires of publishers and the safety of users?” (Source: IT Security Guru)
  • OPM Fingerprint Breach 5 Times Larger Than Originally Thought. “The federal government’s main employment body turns out to have significantly undershot its estimates as to how many people were affected by the breach that was uncovered in the summer. The number of people whose prints were lifted, so to speak, was originally thought to be about 1.1 million.” (Source: InfoSecurity Magazine)
  • Your iOS 9 Lockscreen Can Be Bypassed in 30 Seconds. “Apple iOS is believed to be one of the most secure and advanced mobile operating systems on the market. However, this recently discovered security flaw found within the newly released version of iOS, which is iOS 9, has been demonstrated by numerous users through their YouTube channel.” (Source: HackRead)
  • Why Healthcare Is a Big Target for Advanced Malware. “A healthcare record is worth about 10 times as much as a credit card to fraudsters and other cybercriminals because of the wealth of data in those records, which includes names, dates of birth and Social Security numbers as well as other clinical, insurance and financial data, Slocum says.” (Source: Data Breach Today)
  • NHS-approved Apps Found ‘Leaking’ ID Data. “Many NHS-accredited smartphone health apps leak data that could be used for ID theft and fraud, a study has found. The apps are included in NHS England’s Health Apps Library, which tests programs to ensure they meet standards of clinical and data safety. But the study by researchers in London discovered that, despite the vetting, some apps flouted privacy standards and sent data without encrypting it.” (Source: The BBC)
  • Project Zero Bod Says Antivirus Black Market is Growing. “Google troublemaker Tavis Ormandy, whose credits include turning up security vuln in popular antivirus products, reckons he’s identified an active market in antivirus exploits.” (Source: The Register)
  • Privacy-conscious Employees, Not Security-concerned IT Pros, are Behind BYOD Delays. “A majority of employees have chosen not to participate in their company’s BYOD program because they don’t want the IT department to have visibility into their personal data and apps through enterprise mobility management products. Surprisingly, 38 percent of IT admins surveyed are also not participating in their firm’s BYOD program for the same reason.” (Source: Fierce Mobile IT)
  • Hackers are Selling Your Data on the ‘Dark Web’… for Only $1. “Hackers responsible for data breaches at companies often put the information they have stolen on the dark web for others to buy and make use of for financial gain.” (Source: CNBC)
  • Using External URL Shorteners for Internal Needs May Lead to Sensitive Data Leaks. “Using external URL shortener services to create better-looking links to internal company documents, sensitive files and internal websites is a practice that company employees should avoid, says security researcher Shubham Shah, as it can result in those documents being accessed by individuals with malicious intentions.” (Source: Help Net Security)
  • Yet Another Pre-installed Spyware App Discovered on Lenovo Computers. “A factory refurbished Thinkpad shipped with Windows 7 and a scheduler app that ran once a day, collecting usage data about what you do with your computer and exfiltrating it to an analytics company. The fact that this was taking place was buried deep in the user ‘agreement’ that came with the machine.” (Source: Boing Boing)
  • Social Media Can Quickly Take Down Your Business if Not Monitored. “Cyber intrusions have dominated news and media headlines the past few years.  Incidents of data and personal identifiable information theft are constant reminders of how dangerous cyberspace has become whether perpetrated by nation states, their agents, or cyber criminals. However, in the midst of cyber espionage and cyber theft, organizations may lose track of an equally important part of their business operations – protecting their brand.” (Source: Norse Crop’s Dark Matters)
  • Healthcare Sector 340% More Prone to IT Security Threats. “Hackers are much more likely to use certain forms of malware to target healthcare organisations: They are 450% more likely than average to be hit by the Cryptowall ransomware, a Trojan that encrypts files on a user’s device and asks for payment to release the data.” (Source: Computer Weekly)
  • Be Careful in Putting Your Cybertrust in Google, Microsoft and Apple. “While there are many arguably great benefits that come with using technology and services from tech giants such as the ones mentioned above, some common issues tend to plague complex systems. The complexity of the system in and of itself generally makes it more difficult to secure every aspect of it. There might be more resources available for increasing the security of the system, but the belief that the infrastructure tech giants offer is more secure is simply a false perception of security. Even giants have security holes.” (Source: CSO Online)

Safe surfing, everyone!

The Malwarebytes Labs Team