Detail of a calendar page with dates

A week in security (Oct 09 – Oct 15)

Last week, we talked about threat modeling and profiled an unwanted installer that Malwarebytes detects as PUP.Optional.YesSearches.

We also covered reports of detained IRS fraudsters in India and new social media guidelines that the Crown Prosecution Service (CPS) released for UK users.

Below are notable news stories and security-related happenings:

  • Twitter, Facebook Revoke Access To Social Media Surveillance Software Used By Cops. “Geofeedia, a US-based company that offers its social media aggregation platform ‘to a broad range of private and public sector clients’, also numbers among its clients over 500 law enforcement and public safety agencies across the country. Until a month ago, the company’s name was unknown to most US citizens. But with the publication of a Daily Dot article and, most recently, of a post by the American Civil Liberties Union (ACLU), the wider public became acquainted with it and the fact that their platform is being used by law enforcement agencies to monitor protesters and activists.” (Source: Help Net Security)
  • As Self-driving Cars Hit The Road, Cybersecurity Takes A Back Seat. “Uber has started to test self-driving cars on public roads in Pittsburgh, and the National Highway Traffic Safety Administration (NHTSA) released new guidelines for the vehicles in September, setting the stage for other companies to deploy autonomous vehicles en masse. But one key question looms large over the rush to disrupt transportation: How will carmakers and tech companies keep their connected vehicles safe from malicious hackers?” (Source: The Christian Science Monitor)
  • Most Small Businesses Lack Response Plan For Hacks. “Nearly 80 percent of small-business (SMB) owners don’t have a cyberattack response plan, even though more than half were victim to at least one type of cyberattack over the past year, according to Nationwide’s Small Business Indicator survey. About 60% of those who did experience a cyberattack said it took longer than a month to recover. By contrast, of those who have not encountered a cyberattack, more than half (57%) think their company could recover within a month, according to the survey.” (Source: Dark Reading)
  • Google Plugs 21 Security Holes In Chrome. “Google on Wednesday patched 21 security vulnerabilities in Chrome, including a half dozen rated high severity that were reported by external researchers and were eligible for a bounty. Bug hunters earned a total of $30,000 in bounties, with a top payout of $7,500 to an unnamed researcher for a universal cross-site scripting flaw found in Blink, the Chrome browser engine.” (Source: Kaspersky’s Threatpost)
  • UN Atomic Agency Admits A Cyber-attack ‘Disrupted’ A Nuclear Power Plant. “An official from the United Nations’ (UN) Nuclear agency has admitted a cyber-attack ‘disrupted’ a nuclear power plant, speaking to press in Germany. Yukiya Amano, the Director General of the International Atomic Energy Agency (IAEA), did not tell the audience how, when or where the Nuclear power plant was disrupted beyond that it happened several years ago, and though the plant did not have to shut down it did have to take ‘some precautionary measures’.” (Source: SC Magazine UK)
  • Phishing Scam Hits Australian Inboxes. “A new phishing email is hitting inboxes that impersonates energy company AGL and scams vulnerable people affected by recent storms and flooding into believing they could receive additional help with their bills. The latest phishing scam has been identified by MailGuard and follows a similar scam seen in May. In a LinkedIn post on Friday afternoon, MailGuard founder, Craig McDonald, said criminals behind the email – which contains dangerous ransomware – are cruelly praying on people who’ve suffered as a result of recent storms and flooding affecting parts of Australia.” (Source: CSO)
  • There Are 5,761 Online Stores Currently Infected With Card-Data-Stealing Malware. “According to Willem de Groot, security analyst for, the number of online shops infected with malware has skyrocketed in the past year, as crooks found that online skimming presents a greater target and more anonymity than real-world ATM skimming. The recent surge in online skimming has fueled a growth in carding sites, which now often sell payment card data stolen via compromised online store payment pages and PoS malware, rather than data acquired from ATM skimmers.” (Source: Softpedia)
  • Enjoy Taking Selfies? That Plays Right Into The Hands Of This Identity-stealing Malware… “A new Android malware loves users’ love of selfies. How much? Enough to ask them to take one so that it can steal access to their accounts, and potentially steal their identity. The unnamed malware masquerades primarily as a video codec or plugin. In some cases, it arrives as a fake Adobe Flash Player app, a tactic which other Android malware including Marcher and Android/Spy.Agent.SI have employed. Amusingly, in at least one of the instances shown above, the attackers have called their malicious app ‘Abode Flash Player’ rather than Adobe Flash Player.” (Source: Graham Cluley’s Blog)
  • Attack Uses Image Steganography For Stealthy Malware Ops On Instagram. “Researchers have developed a proof-of-concept attack that uses steganography to establish highly covert malware command and control channels on the Instagram social media network. In researching a way to demonstrate the PoC, the researchers at security firm Endgame also stumbled upon a separate weakness in Apple’s Mac OS X that would expose some users running version 10.11.5-6 of the operating system to malicious attacks just by viewing Instagram images on their computer.” (Source: Dark Reading)
  • Top Things Even Security Experts Forget. “National Cyber Security Awareness Month in October marks a good time for all organizations to think about how they can build and reinforce a workplace culture of security and privacy. This security culture has to be created, fed and reinforced through an investment in activities and engaging training materials throughout the year—not only during the annual security training meetings. As cybersecurity professionals, this month is an opportunity for us not only to share best practices with our organization, but also an occasion to take stock of items even the most seasoned professional can forget. All of us, even security professionals, get caught up in our day-to-day activities and habits, forgetting important aspects of personal and professional information security.” (Source: RSA Conference Blog)
  • UK Financial Fraud Nears £400 Million. “Financial fraud in the first half of the year reached £399.5 million and was driven mainly by online attacks, according to Financial Fraud Action UK. The latest stats show an increase in fraud by 25% on the same period last year, when total losses stood at a little over £320 million. Remote purchase fraud, which presumably is mainly e-commerce related, jumped by nearly a third (31%) to reach £224 million in the first half of 2016.” (Source: InfoSecurity Magazine)
  • Funding Cybercrime: The Hidden Side Of Online Gaming Currency Selling. “The online gaming industry has long been a big cybercriminal target. Year after year we see players being subjected to phishing attacks and account hacking, and game companies suffering attacks like DDoS and others. While these attacks occur outside of the games themselves, one of the threats we see is much closer to the gamers’ experience, and has a wide-reaching impact. Our most recent research, ‘The Cybercriminal Roots of Selling Online Gaming Currency’ presents our findings on a cybercriminal operation that involves cybercriminals maliciously acquiring online game currency, selling it to online gamers, and using the collected money to fund their cybercrime operations.” (Source: Trend Micro’s Security Intelligence Blog)

Safe surfing, everyone!

The Malwarebytes Labs Team