A Week in Security (Oct 11 - Oct 17)

A Week in Security (Oct 11 – Oct 17)

Last week, we touched on Mozilla’s add-on guidelines for the Firefox browser; questioned the possibility of adware using the popular compression program, 7-Zip; and for our PUP Friday post, revealed a hijacker that installs its own browser, replacing Chrome if found installed on the affected system.

Senior security researcher Jérôme Segura wrote about the latest Adobe Flash Player 0-day vulnerability that had been in-the-wild at the time of reporting. The flaw was originally found and reported by a Google engineer a couple of weeks before it was found being used in targeted attacks. Users were advised to update to the latest version,, as a way to fix this.

Segura also documented data from our telemetry, detecting a malvertising attack happening within the online news outfit, the Daily Mail. Although news claimed that the attack was brief, users who visited the site may have been affected by the Angler exploit kit if their systems were not properly patched.

Notable news stories and security related happenings:

  • US Ports – Cyber Attacks can Cause the Release of Dangerous Chemicals. “The Rep. Candice Miller, R-Mich explained that a cyber attack against a US port could cause serious damage to populated areas thanks to security gaps left unfixed by the Department of Homeland Security. According to the congressman, the security issues were reported more than a year ago by the Government Accountability Office, but the DHS hasn’t taken the necessary steps to fix them.” (Source: Security Affairs)
  • Boffin’s Easy Remote Hijack Hack Pops Scores of Router Locks. “Thousands of routers mandated for use by a major Singaporean telco and operated by ‘top enterprises” around the world are open to a remote zero day exploit that allows routers to be completely hijacked and is indefensible by most users. Vantage Point Security senior security consultant Lyon Yang does not wish to disclose the name of the affected internet provider but says the ZHONE routers are required for subscribers to be able to connect to the service.” (Source: The Register)
  • Japan’s Cybercrime Underground On The Rise. “Researchers at Trend Micro’s Forward Looking Threat Research team studied the inner workings of Japan’s cybercrime activity, and found some interesting characteristics. Japan is still a newbie here, and the bad guys have a higher bar to clear given the nation’s strict criminal laws. So Japan’s cybercriminals don’t write their own malware due to the tight legal environment against such activity there; they instead buy malware from their counterparts in other nations.” (Source: Dark Reading)
  • European Aviation Body Warns of Cyber-attack Risk Against Aircraft. “Over the past two years, there has been an increasing number of cyber-security incidents reported in the aviation industry. As reported by French newspaper Les Echoes, Ky said the white-hat hacker, who was also a professional pilot, took five minutes to crack the messaging system. It was another couple of days before the same consultant managed to gain access to aircraft control systems. As reported by French newspaper Les Echoes, Ky said the white-hat hacker, who was also a professional pilot, took five minutes to crack the messaging system. It was another couple of days before the same consultant managed to gain access to aircraft control systems.” (Source: SC Magazine)
  • Millennials Distrust Data Protection Methods Employed By Common Online Services: Study. “According to a survey released by Intercede, which polled millennials from both the United States and the U.K., members of the incumbent generation indicated they held low trustworthiness for many of the most commonly used online services. Sixty-one percent of respondents said they had “no” or “little” trust in social media platforms, 38 percent said the same for retailers and 22 percent for governmental services.” (Source: Legal Tech News)
  • ‘One of World’s Largest Child Porn Distributors’ Captured in Colombia. “A 27-year-old man was caught with a stash of just under 85,000 videos, the largest repository of pornography ever found in Colombia, consumed illegally by pedophiles across the globe. The minors who appeared in the images and videos of the distributor’s external hard drives were in particular from Asia, Europe and Latin America.” (Source: Colombia Reports)
  • New Zero-Day Exploit Hits Fully Patched Adobe Flash. “Adobe officials have confirmed this vulnerability affects Flash version, which was released on Tuesday. The vulnerability has been cataloged as CVE-2015-7645. The company expects to release a fix next week.” (Source: Ars Technica)
  • Fraudsters Exploit Weak SSL Certificate Security to Set Up Hundreds of Phishing Sites. “Netcraft internet services developer Graham Edgecombe warned in a 12 October blog: ‘Consumers have been trained to “look for the padlock” in their browser before submitting sensitive information to websites, such as passwords and credit card numbers. However, a displayed padlock alone does not imply that a site using TLS (the successor to SSL) can be trusted, or is operated by a legitimate organisation.'” (Source: SC Magazine)
  • Even in Public Life, Some Things Should be Private. “Sunshine does not belong everywhere. Nor is it always helpful in a world too hasty to judge. Not convinced? Ask the family of Lord Brittan, who went to his grave knowing that millions thought he was guilty of a most disgusting crime. A little less openness would have been kinder – and more just.” (Source: The National)
  • Cops Don’t Need a Crypto Backdoor to Get Into Your Phone. “But despite the iPhone’s title as the highest-security smartphone—or even consumer-focused computer of any kind—it still offers significant cracks for the cops to exploit, says Nick Weaver, a security researcher at Berkeley’s International Computer Science Institute. ‘The iPhone is the hardest target, but in practice law enforcement can find a way in,” Weaver says. “There are three or four ways into the typical iPhone. It takes someone really paranoid to have closed all of them.'” (Source: Wired)
  • Uber Error Leaks US-based Drivers’ Data. “Uber has acknowledged that a flaw in its software caused it to leak personal data belonging to its drivers. The company said that about 700 of its “partners” in the US had been affected by the mistake. Exposed data included social security numbers, photos of driver licences, tax forms and other details, according to news site Motherboard, which first reported the issue.” (Source: The BBC)
  • Yahoo’s Attempt to Eliminate the Password. “…the company announced, users of the Yahoo Mail app on both iOS and Android will have access to a new service called Yahoo Account Key, which uses smartphones to verify identities in lieu of traditional passwords. When users who sign up for Account Key try to access Yahoo Mail, they will no longer need to enter their password. Instead, the Account Key service will send a message to the smartphone connected to the account.” (Source: IT News)
  • Universities Trying to Safeguard Sensitive Student, Parent Data. “Universities have been requiring and retaining students’ and parents’ sensitive financial and medical information for decades and are taking steps to safeguard it from hackers.” (Source: Business Insurance)
  • ‘Legitimate’ Rooting Apps Paving Way for Malware. “Somewhere between 27 and 47 percent of all Android smartphones are rooted, said Qian. This allows users to get rid of pre-installed apps that are otherwise impossible to remove, to personalize their phones beyond what is allowed by the official limits, to get better backups, or better power management tools.” (Source: CSO Online)
  • The Evolving Landscape of “Hacking Back” Against Cyber Attacks. “Broadly speaking, ‘hacking back’ refers to attempts by cyber-attack victims to locate the perpetrator of the attack and, in some cases, identify and recover any information that may have been stolen by working backwards from the point of entry of the attack. Cyber security scholars have debated the effectiveness and propriety of such an approach.  Some liken hacking back to a justified response to a physical attack, while others compare it to vigilantism.” (Source: JD Supra)
  • Firms Pit Artificial Intelligence Against Hacking Threats. “Sometimes the best way to stop a bad machine is with a lot of good machines. Several companies are applying the techniques of artificial intelligence, or A.I., to the world of security, and they are using a whole bunch of machines strung together in so-called cloud computing networks to do it.” (Source: The New York Times)
  • Disney is Hiring an Intelligence and Counter-Terrorism Intern. “According to the job description, first reported by The Independent, the winning candidate will join the company’s ‘Counter Threat’ intelligence support team, which ‘provides strategic intelligence, threat assessments, vulnerability mitigation strategies and in-depth analytical products covering existing and developing threats that include counter terrorism, physical threats, cyber-attacks and all reputational risks to TWDC, its affiliated business units, facilities, guests and employees.'” (Source: Quartz)
  • Is Your Phone Safe for Work? “The most surprising finding in the report, he says, is the percentage of data breaches attributable to mobile devices. Nearly three-quarters of the 100 IT and security leads surveyed (about half of whom are chief information security officers) reported that their organizations have ‘experienced a data breach as a result of a mobile security issue.’ Common reasons for mobile data breaches? Malware-laden apps, security holes, and unsecured Wi-Fi connections, according to the study.” (Source: Fortune)
  • Prices of Stolen Data on the Dark Web. “Payment card data is perhaps the most well-known data type stolen and sold. McAfee Labs researchers found a value hierarchy in how this stolen data is packaged, priced and sold in the dark market. A basic offering includes a software-generated, valid number that combines a primary account number (PAN), an expiration date and a CVV2 number.” (Source: Help Net Security)
  • Malvertising is a Troubling Trend. “Over the past few weeks, my company’s employees have been hit by more than the usual number of malware infections. And the reason why is both startling and troubling, because these infections represent a new type of threat that is much harder to avoid than anything we’ve seen before.” (Source: Computer World)

Safe surfing, everyone!

The Malwarebytes Labs Team