A Week in Security (May 4 – 10)
Here’s a review of last week’s posts on Malwarebytes Unpacked:
- Facebook May 18 Deactivation Scam (Fraud/Scam Alert) Spammy posts with tagged users riddled Facebook feeds of those from the Philippines or who have Filipino friends as several fake profiles have popped up to spread a false deactivation notice in an attempt to harvest ‘Likes’ and followers.
- More PUPs Sighted, Using Instagram as Lure (Security Threat) In light of Instagram gaining popularity over Twitter for US mobile users, this post serves as a reminder to readers that potentially unwanted programs (PUPs), like malware and phishing sites, are another risk factor to avoid.
- Email-borne exploits: the not-so innocuous killers targeting small business (Exploits) Supposedly genuine emails containing booby-trapped PDF files are found targeting small businesses. Opening the file allows the execution of an exploit that takes advantage of CVE-2013-0640, a known vulnerability targeting earlier to current versions of Adobe Reader.
- Difficulty removing Koler Trojan or other ransomware on Android? (Mobile Security) Mobile security expert Armando Orozco alerted our readers of a new ransomware Android app called BaDoink, which pretends to be an adult-themed streaming app. Users who have installed BaDoink may find this post useful as Armando included removal steps for it.
- Fake Paranormal Videos Haunting Facebook Users (Fraud/Alert Scam) The frequency of Facebook scams we’re seeing is alarming; the number of users falling for them? Even more. This particular scam plays on one’s interest and fascination with the paranormal.
- UEFI, SecureBoot, and dual booting Windows 8 and Linux (All Things Dev) Malware Threat Researcher Jean Taggart introduces us to UEFI (Unified Extensible Firmware Interface), its predecessor, and the challenges one may face to get a dual boot environment with certain operating systems.
Top news stories:
- iOS 7 isn’t encrypting email attachments. A security researcher spotted an insecurity in the way Apple handles emails and attachments several weeks ago. Apple has been informed; however, the company did not post a fix to this flaw. (Source: TUAW)
- John McAfee Releases Secure Anti-Surveillance Messaging App ‘Chadder’. Popular security company founder has introduced a new app to the public in the Imagine RIT Festival. Chadder aims to protect user’s privacy. (Source: Hackread)
- Dropbox users leak tax returns, mortgage applications and more. Some documents stored on Dropbox are found to be accessible and retrievable via search engines. (Source: Graham Cluley Blog).
- Beware of Google+ “Fraudulent Verification Survey” phishing scam. Phishers have targeted Google+ users, encouraging them take a survey to “track and shut down fraudulent user and phishing domains.” (Source: Help Net Security)
- Threats Get a Kick Out of 2014 FIFA World Cup Brazil Buzz. “While the world is waiting for this (FIFA World Cup in Brazil), cybercriminals are not wasting time and are now launching new threats that turn global followers into victims.” Indeed. (Source: TrendLabs Security Intelligence Blog)
Stay secure, everyone!