Tag Archives: malvertising

10Fold- Security Never Sleeps- 151

Zero-day threats make up 30% of malware in new WatchGuard cybersecurity study

“Antivirus softwares struggle to keep up”

Seattle-based WatchGuard Technologies recently released a report outlining the increasing challenges to firm antivirus softwares. According to the security research firm, 30% of malware circulated in the last three months of 2016 is under the classification of ‘zero-day’ code. This means that antivirus companies have yet to construct any real defense mechanisms, providing serious concerns for firms of all fields.

Fake Flash Player Ads in Skype Lead to Malware

“Malvertising campaign on the rise”

Skype has recently been targeted by an aggressive malware hidden in Flash Player code. Users reported on Skype and Twitter that the Skype program was forcing a download for an update of Flash Player, posting screen caps of the events. The faux update, ‘FlashPlayer.hta,’ was serviced by the in-application messaging servers.

Self-Deleting Malware Makes ATMs Spit out Cash

“One of the most sophisticated ATM heists”

Cyber criminals have been involved in a highly specialized bank hacking network, security researchers have found. Fileless malware and ATM malware have been using self deleting codes that engage the machines cash-dispensing function without the draining of any account. While these attacks have been escalating, they are not new, such as notable switches of software usage and the hacking of government agencies.

Enjoy your read? Check out our other content here.

10Fold – Security Never Sleeps – 94

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: On Wednesday afternoon, LinkedIn users received an email titled “Important information about your LinkedIn account,” describing the massive 2012 hack and what the company is doing about it. A recently patched Adobe Flash Player vulnerability is being abused in a new malvertising campaign that redirects users to the Angler exploit kit (EK), Malwarebytes researchers warn. The TeslaCrypt creators called it quits recently, but unfortunately for users, there’s a new ransomware program that’s ready to take its place. Google intends to kill off passwords, as well as allow Android apps to run instantly without installing the apps first.

Finally! LinkedIn Comes Clean About Mass Data Breach – Publication: Fortune – Reporter name: Jeff John Roberts

In its email, LinkedIn claimed that it “became aware” last week that the data stolen in 2012 was being made available online. This seems a bit of stretch—the whole point of stealing data is typically to sell it online—but we’ll take them at their word. And, unlike so many other LinkedIn emails, this one is definitely useful. Oddly, the email did not include any acknowledgement or apology for the dreadful security practices used by LinkedIn in the first place. These included poor cryptography, such as failing to “salt” the data, which made it easier for hackers to unscramble users’ passwords.

Angler EK Malvertising Campaign Abuses Recent Flash Zero-Day – Publication: SecurityWeek – Reporter name: STAFF

The campaign relies on domain shadowing and professional-looking fake ads that are sent to ad networks and displayed on legitimate websites. Furthermore, the attack is highly targeted, serving the malicious code conditionally and redirecting users to the Angler EK only after performing a series of checks otherwise known as fingerprinting. While the technique is not new, there are some interesting aspects about this malvertising campaign, including the fact that Angler is abusing the CVE-2016-4117 zero-day flaw in Adobe Flash Player that was patched on May 12. Attackers abused the vulnerability via specially crafted Office documents and an exploit for this vulnerability was added to the Magnitude and Neutrino EKs as well last week.

New DMA Locker ransomware is ramping up for widespread attacks – Publication: CSO- Reporter name: Lucian Constantin

Previous DMA Locker versions did not use a command-and-control server so the RSA private key was either stored locally on the computer and could be recovered by reverse-engineering, or the same public-private key pair was used for an entire campaign. This meant that if someone paid for the private RSA key, that same key would work on multiple computers and could be shared with other victims.

Google’s Trust API: Bye-bye passwords, hello biometrics? – Publication: NetworkWorld – Reporter name: Ms. Smith

Trust API will run in the background, always keeping track of your biometrics, so it will know you are really “you” when you unlock your device. It will utilize some of the common biometric indicators you might expect, such as your face print, as well as others such as how your swipe the screen, the speed of your typing, voice patterns, your current location and even how you walk. Combined, it gives a cumulative “trust score.”