Security Briefing 3.21.17
A vulnerable application used by millions of McDonald’s customers in India was recently found to leak personal information on its users. 2.2 million users total, including user data such as names, email addresses, phone numbers, home addresses, home co-ordinates, and social profile links were leaked by the application.
The United States warned Tuesday that extremists plan to target passenger jets with bombs hidden in electronic devices, and banned carrying them onto flights from 10 Middle East airports. Any device larger than a cell phone is banned and there is no end date on the ban.
A recently disclosed User Account Control (UAC) bypass that leverages App Paths can be used for fileless attacks as well, security researcher Matt Nelson now says. Matt revealed that App Paths and the Backup and Restore tool (sdclt.exe) in Windows 10 can be abused to bypass the UAC because sdclt.exe auto-elevates due to its manifest.
Newly observed ransomware campaigns are leveraging installer files from the Nullsoft Scriptable Install System (NSIS) to hide malicious code, Microsoft says. The NSIS installers were recently associated with various well-known ransomware families, including Cerber, Locky, Teerac (also known as Crypt0L0cker), Crowti (aka CryptoWall), Wadhrama, and Critroni (aka CTB-Locker).
Toilet paper theft at Beijing’s Tiantan Park is such an alarming thing that the park authority has installed 6 wall-mounted high-definition cameras with facial recognition software to scan the user’s face 3 seconds before rolling out toilet paper. This is an attempt to thwart would-be TP thieves.
According to INTERPOL, security researchers see West Africa cybercrime scene expanding and getting more sophisticated. Cybercriminals out of West Africa pilfered an average of $2.7 million from businesses and $422,000 on average from individuals during 2013-2015, according to new INTERPOL and Trend Micro data, a rate that is on the rise. And, yes, of course it’s the Nigerian Prince scams.
An interesting new type of ransomware, Kirk (yes, of Star Trek) comes in guise of stress-testing tool and demands 50 Monero ($1,100) to unlock. Monero is a new type of crypto-currency. What is the world coming to?
Govt. Cybersecurity Contractor Hit in W-2 Phishing Scam: Just a friendly reminder that phishing scams which spoof the boss and request W-2 tax data on employees are intensifying as tax time nears. The latest victim shows that even cybersecurity experts can fall prey to these increasingly sophisticated attacks.
Ask.com toolbar being used again to deliver malware. Users should remove it: Businesses that allow the Ask.com toolbar in their environments might want to rethink that after endpoints equipped with the browser add-on were compromised last November and then again the very next month using pretty much the same attack methods.
Krebs’ analysis of restaurant cyber-breach exposes POS vendor weaknesses: For the second time in the past nine months, Google has inadvertently but nonetheless correctly helped to identify the source of a large credit card breach — by assigning a “This site may be hacked” warning beneath the search results for the Web site of a victimized merchant.