A Week in Security (Apr 05 - 11)

A Week in Security (Dec 13 – Dec 19)

Last week, we touched on a bogus service called “Steam VAC Remover”, more spam leading to fake pharmaceutical sites, DNS hijacking on routers, and that massive data breach that affected MacKeeper users.

For our PUP Friday post, we discussed about programs claiming to download and install security software. You can read more about it on the post entitled “PUPs Masquerade as Installer for Antivirus and Anti-Adware”.

We also had several guest blog posts upped during the week. One was from OPSWAT CEO Benny Czarny wherein he pointed out four things to consider when applying a Network Access Control (NAC) solution to a network to beef up security measures. You can read more about it here. Also, guest blogger Jessica Oaks of FreshlyTechy gave us an overview about Snapdragon’s new processor, which is capable of detecting 0-day malware on mobile devices.

Finally, here are the exploit campaigns we caught and documented, thanks to senior security researcher Jérôme Segura: one was a malicious advertisement he found on Comcast’s Xfinity search page, which attempted to infect visitors via the Nuclear EK before delivering a tech support scam; second was an Angler EK campaign pushing a new variant of ransomware called TeslaCrypt.

Notable news stories and security related happenings:

  • Scams evolve with same goal of ripping people off. “Everyone with a phone or computer has experienced a scam seeking money in one way or another. And, unfortunately, many people have fallen for such scams.” (Source: Advisen Cyber FPN)
  • Don’t Click Here: Strategies to Recognize Phishing Emails. “Phishing is one of the biggest cybersecurity risks. Studies suggest that over 90 percent of all breaches stem from phishing emails. In addition, one study from the Ponemon Institute says the cost for an average U.S. company to deal with phishing is $3.77 million a year.” (Source: Legal Tech News)
  • Google Extends Safe Browsing to Android Chrome. “Google says that its Safe Browsing service already protects about 1 billion desktop users from all sorts of online nastiness, be it malware, unsavory software, or social engineering (particularly phishing) sites. Make that 1 billion plus all its free-range users: Google last Monday (7 December) announced that it’s extending Safe Browsing inoculation to Chrome users on Android.” (Source: Sophos’s Naked Security Blog)
  • TalkTalk Style Cyber Attacks on Firms Could be Set to Worsen Next Year. “Hackers will increasingly use distributed denial of service (DDoS) attacks to knock websites offline and dodge cyber security, businesses are being warned. Experts predict that business is likely to see an increase in the use of DDoS attacks being used as a smokescreen to distract IT teams.” (Source: City AM)
  • Vuvuzela: An Untraceable Messaging System Aimed at Thwarting Powerful Adversaries. “A group of scientists from the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) believe they have created an effective and scalable text-messaging system that can guarantee user anonymity.” (Source: Help Net Security)
  • British Police Make Arrest in Hack That Exposed Info on 6 Million Minors. “The unidentified 21-year-old man was arrested today in a town about 30 miles outside of London on suspicion of crimes including using ‘unauthorised access to [a] computer to facilitate the commission of an offence,’ but little is known about the suspect beyond that — including precisely how he is tied to the breach.” (Source: The Verge)
  • At Least 10 Major Loyalty Card Schemes Compromised in Industry-wide Scam. “Hackers appear to have obtained the information through a variety of means, including exploiting vulnerabilities in retailers’ platforms, targeting individuals, and compiling information from third-party sites.” (Source: The Register)
  • When Basic Security Training MIGHT Be Enough. “When there are people who still open attachments willy-nilly, who click on links with reckless abandon and who let their guard down even though legitimate-looking emails can potentially be fraudulent, companies need to do all they can to ensure that workers are cybersecurity aware.” (Source: InfoSec Institute)
  • Bible and Quran Apps Infected with Malware Capable of Spying. “When it comes to malware cybercriminals are not only winning but nailing it. Recently Proofpoint, a cyber security company has found that many of the applications available on the google play market are affected with many types of malware affecting many devices.” (Source: HackRead)
  • Crimeware / APT Malware Masquerade as Santa Claus and Christmas Apps. “CloudSek monitors were researching the activities of an APT [Advanced persistent threat ] that is targeting software companies globally.What is interesting is this APT appear to conduct widespread intellectual property theft for economic gains, targeted individuals as well as performed intelligence gathering that would be useful for governments.” (Source: CloudSek)
  • Facebook, Researcher Quarrel Over Instagram Hack. “A researcher claims he was threatened by Facebook after he responsibly disclosed a series of vulnerabilities and configuration weaknesses that allowed him to gain access to sensitive information stored on Instagram servers, including source code and the details of users and employees. Facebook, on the other hand, has accused the researcher of intentionally withholding bugs and information from its team.” (Source: Security Week)

Safe surfing, everyone!

The Malwarebytes Labs Team

ABOUT THE AUTHOR