Security Alerts & News
by Tymoteusz A. Góral

History
#1184 Facebook malware – the missing piece
In our last blogpost, Facebook malware: tag me if you can, we revealed a phishing campaign led by Turkish-speaking threat actors who exploited social networks to spread a Trojan that compromises the victim’s machine and captures its entire browser traffic. The report did not address the issue of lateral movement because Kaspersky Lab researchers were still investigating it.

After two weeks of research, Kaspersky Lab researcher Ido Naor, and Dani Goland, the CEO & co-founder of Israel-based company Undot, managed to extract the proverbial needle from a haystack: a Facebook vulnerability that allowed an attacker to replace the comment identifier parameter attached to each web/mobile Facebook comment with an identifier that was reserved for embedded plugins usually located on third-party websites (where they allowed visitors to comment with their Facebook identity).
Read more
#1191 IoT insecurity: Pinpointing the problems
#1190 Nearly six million fraud and cyber crimes last year, ONS says
#1189 Tinder safe dating spam uses safety to scam users out of money
#1188 Jackware: When connected cars meet ransomware
#1187 Hidden 'backdoor' in Dell security software gives hackers full access
#1186 CrypMIC ransomware wants to follow CryptXXX’s footsteps
#1185 Update now: Macs and iPhones have a Stagefright-style bug!
#1184 Facebook malware – the missing piece
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12