A Week in Security (Apr 05 - 11)

A Week in Security (Nov 01 – Nov 07)

Great news! We recently released a new version of our Malwarebytes Anti-Exploit software with a number of new features added, including fingerprinting detection and mitigation. You can read more about this in detail on this blog post.

Last week, we looked at Dyreza with a technical eye, explained what backscatter is, questioned the universe if MacUpdate (a known app/software download site for Apple devices) is plagued by adware, called out initiation video game tournament websites that offer questionable downloads, and revealed a trick we found on Instagram that went beyond visual appeal.

For our PUP Friday post, we disclosed information about CrossBrowse, another browser similar to eFast, that users should also watch out for.

Senior Threat Researcher Jérôme Segura once again spotlighted on exploits, particularly those targeting Adobe Flash Player users, that were loaded up on website adverts brought to visitors by the ad platform, DirectRev. The booby-trapped ads point users to Flash EK and CryptoWall, a known ransomware.

Notable news stories and security related happenings:

  • Vodafone UK Fights-off Breach Attempts, Blocks 1,800 Accounts in Aftermath. “On Saturday, Vodafone UK told customers that attackers used information obtained from an external source to target customer accounts late last week. The attack was stopped, but not before 1,827 accounts were accessed.” (Source: CSO)
  • Socially Acceptable: The Perils of Social Media Discovery. “…private social media accounts aren’t exactly private in the eyes of many judges. However, there may be some wiggle room, at least according to one New York court.” (Source: Legal Tech News)
  • Most Consumers Believe Cloud-based Apps Can Be Hacked. “Consumers often don’t realize that the applications they depend upon daily live in the cloud and therefore many may be unaware of the threat of breach to their personal data, according to Radware.” (Source: Help Net Security)
  • Hackers Use Anti-Adblocking Service to Deliver Nasty Malware Attack. “…the incident is the latest to show how people visiting known sites can still be exposed to drive-by attacks with serious consequences.” (Source: Ars Technica)
  • Mobile Malware Makes Mobile Banking Treacherous. “The number of mobile threats percolating on devices worldwide has risen precipitously this year—over three-fold, according to a new report out by Kaspersky Lab. And though the occurrence of enterprise breaches caused by mobile devices continues to be questioned by experts, attackers do seem to be profiting from their attacks by targeting individual users’ bank accounts.” (Source: Dark Reading)
  • A Tangled Web: Exploring the World of the Dark Web. “The terms Deep Web and Dark Web are often used interchangeably, but they are different. While both are parts of the Internet that are not indexed by traditional search engines, and therefore not easy for the average user to find, the Deep Web is reachable via a standard browser and does not require special tools or niche software to access.” (Source: Cyveillance Blog)
  • Facebook Finally Changes Real-name Policy. “The Nameless Coalition, consisting of 75 human rights, digital rights, LGBTQ, and women’s rights advocates – including the Electronic Frontier Foundation (EFF) and the American Civil Liberties Union (ACLU) – had penned an open letter (PDF) to Facebook, on October 5, 2015, explaining why the policy is broken and how Facebook could mitigate the damages it causes.” (Source: Sophos’s Naked Security Blog)
  • Snapchat Reassures Users That Photo Messages are Still Totally Private. “Snapchat’s policy update was not nearly as controversial as Instagram’s, but the reaction it elicited goes to show that companies need to invest time in explaining what changes will really mean to users.” (Source: CNET)
  • iOS 9 Can Now Finally Be Remotely Jailbroken — but YOU Can’t Do It. “Bad news iOS 9 users. Someone has developed a way of jailbreaking your iPhone or iPad and spying on you, in a way that is currently unstoppable.” (Source: Intego’s The Mac Security Blog)
  • How to Earn the Trust of Millennials Concerned with Security. “Millennials are growing increasingly weary of data and security when it comes to their favorite brands. And that means it’s vital that companies include a strong cybersecurity message in their marketing plan to help rebuild trust.” (Source: CSO)
  • What CISA Means for Organizations and Their Data. “The Cybersecurity Information Sharing Act (CISA) was passed by the Senate early last week, and while it still has a few hoops to jump through before it is enacted into law, the hotly debated proposed rules may considerably impact both those organizations holding sensitive data and the users that data belongs to.” (Source: Legal Tech News)
  • How Carders Can Use eBay as a Virtual ATM. “How do fraudsters ‘cash out’ stolen credit card data? Increasingly, they are selling in-demand but underpriced products on eBay that they don’t yet own.” (Source: KrebsOnSecurity)
  • There’s a Good Chance Your Mobile Device Is Vulnerable to Data Thieves. “Skycure says it measures the security of mobile devices using its own formula, called the Mobile Threat Risk Score, ‘which takes into account recent threats the device was exposed to, device vulnerabilities and configuration, and user behavior.'” (Source: The Street)
  • Irish Cyberpsychologist Inspiring CSI Show Tells Web Summit: We Should Learn from Kids in Cybercrime. “She said she is currently working on one project with Europol which involves using geographic profiling, normally used to track offenders of serious crimes, and apply it to a cyber context to see how people, particularly teenagers, become involved in hacking or other cyber crime.” (Source: Independent.IE)
  • UK Unveils Powers to Spy on Web Use, Raising Privacy Fears. “Britain unveiled plans on Wednesday for sweeping new surveillance powers, including the right to find out which websites people visit, measures ministers say are vital to keep the country safe but which critics denounce as an assault on freedoms.” (Source: Reuters)
  • New Type of Auto-rooting Android Adware is Nearly Impossible to Remove. “Researchers have uncovered a new type of Android adware that’s virtually impossible to uninstall, exposes phones to potentially dangerous root exploits, and masquerades as one of thousands of different apps from providers such as Twitter, Facebook, and even Okta, a two-factor authentication service.” (Source: Ars Technica)
  • Chip Card Phishing Scams Flourish. “If you have not received your new credit and debit chip card yet — the Federal Trade Commission (FTC) is warning that cybercriminals are lining up email phishing campaigns and posing as  credit card issuers.” (Source: Norse Corp’s Dark Matters Blog)
  • Magid: Cybercriminals Often Resort to Simple Trickery. “As it does every year, security firm Trend Micro has released its annual threat report, titled “Security Predictions for 2016 and Beyond.” And, to me, the most profound statement in the report is ‘cybercriminals don’t need to use the most advanced technologies or sophisticated methods to succeed. Sometimes, simply understanding the psychology behind each scheme and its targets can be enough to make up for the lack of sophistication.'” (Source: San Jose Mercury News)
  • Reverse Social Engineering Tech Support Scammers. “Our experiment provided some interesting insights into the methods these scammers use to fool their victims as well as the infrastructure supporting their operations. In addition, we discovered a broad New Delhi-based scamming network employing multiple websites and VOIP phone numbers to carry out their duplicitous activities.” (Source: Talos Intel Blog)
  • “Offline” Ransomware Encrypts Your Data without C&C Communication. “…while most known ransomware requires Internet connection and successful communication to their C&C servers before initiating the encryption, this sample does not need Internet connection to encrypt files and display the ransom message. This means that there is no key exchange between the infected machine and the attacker, which eliminates one option of stopping the attack.” (Source: Check Point Blog)
  • CryptoWall 4.0 A Stealthier, More Sweet-Talking Ransomware. “When the malware makes its move, the new CryptoWall not only encrypts files, as it always has done, it also encrypts filenames. Heimdal Security states this new technique increases victims’ confusion, and thereby increases the likelihood that they’ll pay the ransom, and quickly.” (Source: Dark Reading)

Safe surfing, everyone!

The Malwarebytes Labs Team