A Week in Security (Apr 05 - 11)
News

A Week in Security (Sept 21 – 27)

Posted: September 29, 2014 by Malwarebytes Labs

Last week, we’ve seen quite a number of in-the-wild exploits that affect systems installed with unpatched Adobe Flash Player—one via direct exploitation and another via malicious advertisements—and Internet Explorer (IE). Users of Malwarebytes Anti-Exploit are protected from these particular attacks, which we have detailed in the following blog posts by Senior Security Researcher Jérôme Segura:

Segura has commented on the recently found Bash or Shellshock vulnerability that is found in Linux and OSX systems as well. Some say it’s as bad as the Heartbleed flaw found in April 2014.

Viator, a service that aims at travellers who want to know local and overseas tours, has been breached, affecting approximately 1.4 million of its users. Malware Intelligence Analyst Christopher Boyd reports about this plus some tips for potential victims on what to do following the compromise. Below are other notable posts by Boyd:

Speaking of Facebook, Senior Security Researcher Nathan Collier took a stab on Facebook Messenger‘s permissions for mobile devices. There have been talks of users in the social network to bin off the said app  because of its invasiveness; however, Collier has set the record straight.

Finally, we have updated our big blog about Steam last week to discuss one of the malicious files we were able to retrieve and analyze. We have also found and wrote about a new Steam scam that entices users to give out personal information in exchange for credits for their Steam account wallet.

Notable news stories:

  • eBay under pressure as hacks continue. “Leading security researchers have called on eBay to take immediate action over dangerous listings, as the problem continues to put users at risk.” (Source: BBC)
  • Productivity Gains Trumping Security as BYOD Grows. “Organizations surveyed said they believe that in the next 12 months as many as 48 percent of employees will work exclusively from personal tablets and smartphones. Some 60 percent of those surveyed think that employees are becoming less diligent about practising good security on mobile devices.” (Source: Threatpost)
  • How surveillance cameras will soon be reading your lips. “A security specialist Ahmad Hassanat from the University of Jordan, has developed an exclusive automated lip-reading system which will be able to record your lip movements and read what you are saying.” (Source: HackRead)
  • Hacking the Hackers: The Legal Risks of Taking Matters Into Private Hands. “Private groups are beginning to fight back against foreign sources of malware and credit fraud, but methodologies put these digital crusaders and their employers at serious legal risk.” (Source: Information Week)
  • Disgruntled employees are increasingly e-sabotaging businesses, FBI says. “Employees with an axe to grind are increasingly sticking it to their current or former employers using e-tools such as cloud storage sites or remote access to a company’s computer network, the US Federal Bureau of Investigation and Homeland Security Department said on Tuesday.” (Source: Sophos’ Naked Security Blog)
  • Banks get cyber attack early warning system. “The British Bankers’ Association (BBA) has commissioned BAE Systems Applied Intelligence to create a system that will give banks early warning of cyber threats.” (Source: Computer Weekly)
  • Fitness App Patches Privacy Vulnerability. “MyFitnessPal deployed a fix on June 26 for a privacy flaw in an undocumented API that was reported two days earlier by Randy Westergren Jr., a software developer at XDA Developers. Bigger picture, this is more evidence of mobile applications extending their reach when it comes to consuming a user’s personal and device information.” (Source: Threatpost)
  • More enterprises are using selective wiping to protect corporate data, employee privacy. “More enterprises are using selecting wiping of mobile devices as a way to protect corporate data while safeguarding employee privacy, according to a study by Fiberlink, IBM’s mobile device management (MDM) unit.” (Source: FierceMobileIT)

Stay safe, everyone!

The Malwarebytes Labs Team

RELATED ARTICLES

A mobile phone in the hands of a young woman in a dark colored t-shirt.
Privacy

Should you share your location with your partner?

April 17, 2024 - Location sharing is popular among couples. But is it something you want in your own relationship?

CONTINUE READING 0 Comments
Giant Tiger logo
News | Personal

Giant Tiger breach sees 2.8 million records leaked

April 16, 2024 - A threat actor claims to be in possession of 2.8 million records originating from a hack at Canadian retail chain Giant Tiger

CONTINUE READING 0 Comments
week in security
News

A week in security (April 8 – April 14)

April 15, 2024 - A list of topics we covered in the week of April 8 to April 14 of 2024

CONTINUE READING 0 Comments
change social security number
News

How to change your Social Security Number

April 12, 2024 - Wondering whether changing your SSN is an option. Read here what you need to qualify for a new SSN and what you need to get one.

CONTINUE READING 0 Comments
mercenary spyware alert
News | Privacy

Apple warns people of mercenary attacks via threat notification system

April 11, 2024 - Apple has sent alerts to people in 92 nations to say it's detected that they may have been a victim of a mercenary attack.

CONTINUE READING 0 Comments

ABOUT THE AUTHOR

Malwarebytes Labs

Malwarebytes Labs

Contributors icon

Contributors

Threat Center icon

Threat Center

Podcasts icon

Podcast

Glossary icon

Glossary

Scams icon

Scams