Security Alerts & News
by Tymoteusz A. Góral

History
#1869 Credit card data and other information targeted in Netflix phishing campaign
Through FireEye’s Email Threat Prevention (ETP) solution, FireEye Labs discovered a phishing campaign in the wild targeting the credit card data and other personal information of Netflix users primarily based in the United States.

This campaign is interesting because of the evasion techniques that were used by the attackers: The phishing pages were hosted on legitimate, but compromised web servers; Client-side HTML code was obfuscated with AES encryption to evade text-based detection; Phishing pages were not displayed to users from certain IP addresses if its DNS resolved to companies such as Google or PhishTank.

At the time of posting, the phishing websites we observed were no longer active.
#1868 Android banking Trojan malware disguises itself as Super Mario Run
Cybercriminals are taking advantage of Android users who are desperate to play Nintendo's wildly popular Super Mario Run mobile game, in order to spread the notorious Marcher banking Trojan malware.

Nintendo's iconic plumber made his much anticipated debut on mobile devices in December and is currently exclusive to Apple iOS users, who can download the game via the App Store.

But some desperate users are looking for ways to gain access to it on Android by attempting to download versions from third-party websites. And, much like they did when Android users wanted to download Pokemon Go before it was available, attackers are actively looking to exploit that demand by tricking users into downloading the bank information stealing Marcher Trojan.
#1867 Google plugs severe Android vulnerability that exposed devices to spying
Google has shut down a "high-severity" exploit in its Nexus 6 and 6P phones which gave attackers with USB access the opportunity to take over the onboard modem during boot-up—allowing them to listen in on phonecalls, or intercept mobile data packets.

The vulnerability was part of a cluster of security holes found by security researchers at IBM's X-Force all related to a flaw—tagged CVE-2016-8467—in the phones' bootmode, which uses malware-infected PCs and malicious power chargers to access hidden USB interfaces. Patches were rolled out before the vulnerabilities were made public, in November for the Nexus 6, and January for the 6P.
#1866 The official Tor browser for iOS is free to use
When Mike Tigas first created the Onion Browser app for iOS in 2012, he never expected it to become popular. He was working as a newsroom Web developer at The Spokesman-Review in Spokane, Washington, at the time, and wanted a Tor browser app for himself and his colleagues. Expecting little interest, he then put Onion Browser on the Apple App Store at just $0.99/£0.69, the lowest non-zero price that Apple allows.

Fast forward to 2016, and Tigas found himself living in New York City, working as a developer and investigative journalist at ProPublica, while earning upwards of $2,000 a month from the app—and worrying that charging for it was keeping anonymous browsing out of the hands of people who needed it.
#1865 This ransomware scheme is targeting schools, colleges and head teachers, warn police
Cybercriminals are pretending to be government officials as part of a ransomware scheme which is targeting schools and demanding payments of up to £8,000 to unencrypt the locked files.

Action Fraud, the UK's fraud and cybercrime centre, and the City of London police, have issued a warning over the activity, which begins with criminals contacting the targeted schools with a phone call.

Claiming to be from 'The Department of Education', the caller asks for the email address of the head teacher which they claim they need in order to send them sensitive information which is unsuitable for the school's general email address.
#1864 Unsecure routers, webcams prompt feds to sue DLink
The Federal Trade Commission on Thursday sued Taiwan-based D-link in federal court. The FTC alleges that D-link routers and webcams left "thousands of consumers at risk" to hacking attacks.

"Defendants have failed to take reasonable steps to protect their routers and IP cameras from widely known and reasonably foreseeable risks of unauthorized access, including by failing to protect against flaws which the Open Web Application Security Project has ranked among the most critical and widespread web application vulnerabilities since at least 2007," the FTC said in a complaint (PDF) filed in San Francisco federal court.
#1863 MongoDB attacks jump from hundreds to 28,000 in just days
Security researchers report a massive uptick in the number of MongoDB databases hijacked and held for ransom. On Monday, researcher Niall Merrigan reported 28,000 misconfigured MongoDB were attacked by more than a dozen hacker groups. That’s sharp increase from last week when 2,000 MongoDB had been hijacked by two or three criminals.

A wave attacks was first spotted on Dec. 27 by Victor Gevers, an ethical hacker and founder of GDI Foundation. That’s when he said a hacker going by the handle “Harak1r1” was compromising open MongoDB installations, deleting their contents, and leaving behind a ransom note demanding 0.2 BTC (about $220).
#1862 Experts warn of novel PDF-based phishing scam
The SANS Internet Storm Center published a warning on Wednesday about an active phishing campaign that utilizes PDF attachments in a novel ploy to harvest email credentials from victims.

According to the SANS bulletin, the email has the subject line “Assessment document” and the body contains a single PDF attachment that claims to be locked. A message reads: “PDF Secure File UNLOCK to Access File Content.”
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12