“Learn from yesterday, live for today, hope for tomorrow.” ~ Albert Einstein’s New Year’s resolution
Last week, we touched on several online threats that were in the wild:
- HSBC Phish: “Your account is currently locked!” In this post, Malware Intelligence Analyst Christopher Boyd found a phishing campaign targeting HSBC bank users, just in time for the Christmas holiday. The spam mail was notifying recipients that their accounts were locked due to them not being able to complete their security form. The phishing page requested for credit card details, including the user’s PIN number—something legitimate banks don’t ask about.
- “Turn off your Two Factor Authentication…” In this post, Boyd reminded us about the importance of two-factor authentication, and why users shouldn’t turn them off even when they’d be off on a holiday in another country.
- Mintcast PUPs disable safebrowsing settings in Firefox. In this PUP Friday post, security researcher Pieter Arntz looked into a certain PUP that is capable of disabling settings on Firefox. You may recall that we already profiled a number of PUPs that have exhibited this same characteristic.
Notable news stories and security related happenings:
- Discovered a Database Containing Data of 3.3 Million Hello Kitty Fans. “The database of the official online community for Hello Kitty and other Sanrio characters, the sanriotown.com, has suffered a data breach. The researcher Chris Vickery has discovered online a database exposing 3.3 million accounts belonging to Hello Kitty fans.” (Source: Security Affairs)
- The Weakest Link in Banks’ Fight Against Hackers. “Banks fear a growing number of employees are unwittingly exposing valuable information to hackers or in some cases leaving digital clues that make a breach possible. To boost their defenses, firms are banning workers from using portable devices such as USB drives, warning employees to be careful what they post on social media and even discouraging workers from posting ‘out-of-office’ replies on their emails.” (Source: Advisen Cyber FPN)
- HIV Dating Company Accuses Researchers of Hacking Database. “Justin Robert, the CEO of Hong Kong-based Hzone, has issued a statement regarding the public disclosure that his company’s app used a misconfigured database and exposed 5,000 users. But rather than answers, his statements and random accusations only lead to more questions.” (Source: CSO Online)
- PhishMe Report Shows Employees can Become Assets in Anti-phishing Battle. “A report released today by PhishMe based on the results of 8 million phishing simulations shows that employees can dramatically improve their ability to detect phishing emails with practice, and can be trained to forward them to security staff.” (Source: CSO Online)
- Microsoft to Ban Man-in-the-middle Adware from March 31. “Ad injection software that uses man-in-the-middle (MiTM) techniques will be classed as malware by Microsoft, and blocked accordingly. In a blog post on Tuesday, Microsoft said that the move to block such ad injection comes as part of the computer giant’s commitment to its users to maintain they have control of their ‘Microsoft experience’.” (Source: ZDNet)
- Tech Companies are Slamming a Proposed UK Terrorism Law. Here’s Why. “The world’s biggest tech firms — including Apple, Microsoft and Yahoo — are pressing for changes to a proposed British law aimed at expanding the government’s electronic surveillance powers. Rather than protect well-meaning citizens, the bill will force tech firms to hack their own customers — and in the process break the laws of other countries, some of the companies said in filings Monday to a U.K. panel charged with reviewing the proposed legislation.” (Source: The Washington Post)
- CISA Becomes Law, Privacy Takes a Hard Hit. “But now the political winds have shifted, due mostly to GOP presidential candidates fanning the flames of fear, and government cyber spying is in vogue again. Congress included CISA in the omnibus spending bill passed by the House and Senate. President Obama signed it into law, and it is now known as the Cybersecurity Act of 2015.” (Source: Fierce Big Data)
- Google Joins Mozilla, Microsoft in Pushing for Early SHA-1 Crypto Cutoff. “The browser vendors had previously decided to stop trusting SHA-1-signed certificates presented by HTTPS websites on Jan. 1, 2017, a year after certificate authorities are supposed to stop issuing new ones. However, due to recent research showing that SHA-1 is weaker than previously believed, Mozilla, Microsoft and now Google are all considering bringing the deadline forward by six months.” (Source: PC World)
- Android Users Targeted with Sophisticated New Banking Trojan. “A relatively new Android Trojan family has been bringing grief to users around the world, posing as a Flash Player or WhatsApp update, stealing online banking credentials, one time passwords (OTPs), and login credentials for popular Android apps.” (Source: Help Net Security)
- Cybercriminals Using Facebook to Push Spy Banker Trojan. “Cybercriminals are using the friendly face of Facebook and Twitter to distribute banking Trojans that are specifically targeting Brazilians. The attackers are targeting Brazilian Portuguese-speaking users and are using social engineering tactics to trick them into downloading a Spy Banker Trojan, according to a Dec. 10 Zscaler blog post.” (Source: SC Magazine)
- Expect Phishers to Up Their Game in 2016. “Expect phishers and other password thieves to up their game in 2016: Both Google and Yahoo! are taking steps to kill off the password as we know it. New authentication methods now offered by Yahoo! and to a beta group of Google users let customers log in just by supplying their email address, and then responding to a notification sent to their mobile device.” (Source: Krebs on Security)
- 2015 Ransomware Wrap-Up. “Here’s a rundown of the innovative ransomware that frightened users and earned attackers big bucks this year.” (Source: Dark Reading)
- Yahoo to Warn Users of State-Sponsored Attacks. “Yahoo has announced it will follow in the footsteps of Twitter and Facebook and begin warning users when it believes their accounts have been targeted by a state-sponsored actor.” (Source: ESET’s Threat Post Blog)
Safe surfing, everyone!
The Malwarebytes Labs Team