A Week in Security (Jan 10 – Jan 16)

It’s time for our weekly roundup!

First off, a look at the items covered on the blog this past week. We explored the oft-ignored world of Windows Vaults, and the pros and cons of storing credentials. Elsewhere, we had an extensive deep dive into Ransom32, a particularly troublesome form of Ransomware which has a lot of secrets tucked away in its code. On a similar note, we explored the growing relationship between Cryptowall and URL shortening services. Looping back around to potentially lesser-known Windows functionality, we explained why the FEATURE_BROWSER_EMULATION registry key can be a handy thing for Malware authors.

Notable news stories and security related happenings:

  • An eBay bug was discovered which allowed hackers to steal passwords. “An Independent Security Researcher reported a critical vulnerability to eBay last month that had the capability to allow hackers to host a fake login page, i.e. phishing page, on eBay website in an effort to steal users’ password and harvest credentials from millions of its users.” (Source: The Hacker News)
  • Fitbit Users Fall Victim to Account Takeovers. Don’t Reuse Passwords! “Once inside the accounts of people who use the activity/sleep/weight/health trackers, the attackers changed users’ details and tried to order replacement items under the users’ warranties, Fitbit confirmed.” (Source: Sophos’s Naked Security Blog)
  • BCC email mishaps are still a thing, and can occasionally tip over into the “horribly serious” category.
  • 250 Hyatt Hotels had a serious Malware issue over a period of a few months in 2015, and it’s such a big deal that Hyatt have upped a list of hotels affected by the attack. If you think you may have been affected, you should give it a once-over and set your mind at ease.
  • BlackEnergy Malware was responsible for a power cut in Western Ukraine. A sobering thought that up to 80,000 people were affected by this due to little more than a corrupted Microsoft Word attachment. A good reminder that while Malware may be sophisticated, the actual infection method is often anything but.
  • An old user error raises its ugly head to cause trouble, which would be leaving yourself logged in on a public terminal. As it turns out? Not a good idea.
  • CIA email, US Spy Chiefs – it’s all go in the land of jolly teenage pranking. The various attacks all have a political bent to them and, as is often the case, begin with some form of social engineering.

Safe surfing, everyone!

The Malwarebytes Labs Team