A Week in Security (May 11 – 17)
Here’s a review of last week’s posts on Malwarebytes Unpacked:
- “Your Photos Are being Used” Phishing Lure (Fraud/Scam Alert) An old Facebook scam makes an appearance once more to cause slight worry and panic to users, especially when real-life cases of people using photos from others without consent is practiced by many.
- Paypal Phishing Flood (Fraud/Scam Alert) Malwarebytes researchers have noticed a sudden uptick of Paypal phishing scams over the week. We highlighted it in this post.
- This Apple ID Phish is Multilingual (Fraud/Scam Alert) Phishers continue to target Apple users. This time, they offer them the option of choosing the language they’re comfortable with when accessing the fraud Web page.
- eBay Giftcard Spam Mails in Circulation (Privacy) Spam carrying the eBay name has been in circulation for a long time. However, supposedly free giftcards is quite seasonal. This spam mainly targets US users, asking them for basic information like name, address, and ZIP code—information which are actually valuable to cybercriminals.
Top news stories:
- Windows Vista trumps XP in fourth quarter malware infections, report reveals. The latest Microsoft Security Intelligence Report (SIR) reveals that not all old OS versions are more insecure than their successors. (Source: Computer Weekly)
- Bill Gates offers $5000 for a Facebook share? It’s an old joke and still not funny. We mentioned in one of our posts last week about an old Facebook scam rearing its ugly head again. This is another one of such scams. (Source: Graham Cluley Blog)
- Postal Service: Beware Stamp Kiosk Skimmers. Fraudsters are now targeting self-service stamp vending machines, as confirmed by a US Post Service spokesperson. They are also currently investigating on this matter. (Source: KrebsOnSecurity)
- Android App Components Prone to Abuse. Our friends at Trend Micro spotted a couple of highly popular productivity- and shopping-related apps, respectively, for Android that may be vulnerable to user data theft if the “android:exported” components is exploited. (Source: TrendLabs Security Intelligence Blog)
- TechEd: Microsoft boosts Azure cloud defences to deter data thieves and cyber saboteurs. Senior Security Researcher Jérôme Segura wrote about online criminals taking advantage of Microsoft Azure late last month. In the TechEd 2014 conference, Microsoft announced that good news that they will be enhancing Azure to curb online threats. (Source: V3)
- Twitter makes password reset easier, account hijacking harder. Twitter has announced that it wants to strengthening user accounts by (1) building a system that analyzes login attempts and other suspicious behaviours, and (2) redesigning the password reset process. (Source: Help Net Security)
- Yahoo! to YouTube Ads Spreading Viruses Rile Lawmakers. According to an investigation by the US Congress, big online advertising companies are “jeopardizing consumer privacy and giving hackers an easy path to infect computers.” A history of compromises on Yahoo! Inc and Google’s ad networks also backed up their findings. (Source: Bloomberg)
- Google Apps users getting encrypted messaging that goes beyond Gmail. A company called Zix Corp designed Google Apps Message Encryption (GAME) that allows users to send and receive encrypted email to and from non-Google mail services. The GAME service will be offered by Google. (Source: CSO)
Stay secure, everyone!