Weekly security news

Security news in nutshell – Week 11, 2018

Last week Microsoft released another patch fixing 75 security issues, some of them connected with the Meltdown and Spectre vulnerabilities. AV Comparatives, an independent test laboratory, released results of Real-world Protection Test of top 18 antivirus solutions. We have focused on this test in more details in separate post couple days ago. And then just quickly about the rest – new malware infected apps were found on Google Play and another case of personal data of about 1.3 million customers exposed to the public. See more details below.

Microsoft released Patch Tuesday for March

Microsoft’s Patch Tuesday for March includes updates for 75 security issues and a change in patch deployment process for Windows 10. From the list of vulnerabilities patched this month, 14 were rated as critical and 61 as important.Microsoft also lifted the requirement of an antivirus registry key in order to receive patches, at least on devices running Windows 10. The requirement was a way to mitigate compatibility issues with the patches they released for Meltdown and Spectre last January. This month’s Patch Tuesday addresses security flaws in ASP.NET Core, ChakraCore, Edge, Internet Explorer, .NET Core, PowerShell Core, Windows operating system (OS), Microsoft Office, Exchange Server, Office Services and Web Apps. See Microsoft’s release notes for more details.

Real-World Protection Test – February

AV-Comparatives, the independent test laboratory, released results of their Real-World Protection Test for February. Tested were products of all major antivirus vendors in 203 live test cases. These cases are malicious URLs consisting or working exploits and URLs pointing directly to malware. All the test cases cover a wide range of current malicious sites. Top results were achieved by products of F-Secure, Kaspersky, Microsoft and Trend Micro. Detailed overall results will be released in July.

Potent malware hiding for six years

Researchers from Kaspersky Lab have discovered malware so stealthy it remained hidden for six years despite infecting at least 100 computers worldwide. It’s called Slingshot based on the text found inside some of the malware samples. It is ranked as one of the most advanced attack platforms ever discovered. The discovery reveals complex ecosystem of multiple components working together to provide a very flexible cyber-espionage platform. More details are in 25-page report published by Kaspersky Lab.

Georgia anti-hacking legislation as a threat

Security researchers are worried by the new Computer Intrusion Bill, which threatens to criminalize security researchers. This bill would create new crime called “unauthorized computer access”. It would include penalties for accessing a system without permission even if no information was taken or damaged. This could be detrimental to Georgia’s cybersecurity industry as the bill, if passed, could result in security researchers being penalized for necessary tasks like uncovering system bugs.

New Monero mining malware discovered in Google Play

Avast researchers identified two new cryptomining apps in Google Play. Those are SP Browser and Mr. MineRusher with a subscriber base in the thousands. The mining process begins once the application is downloaded and opened. It doesn’t require user action because an automatic connection to the apptrackers.org website is made. This website hosts the CoinHive JavaScript miner for the Monero cryptocurrency. The good news for users is that the impact is unlikely to raise any security or privacy concerns.

Microsoft Security Intelligence Report vol.23

Microsoft released its new Security Intelligence Report, which is based on Microsoft’s analysis of on-premise systems and cloud services, focuses on threat trends since February 2017. The three key themes from the report are:

  • botnets and how they continue to impact millions of computers globally
  • common used methods by cybercriminals like phishing
  • ransomware as a force to be reckoned with

You can get the full report directly from Microsoft website at www.microsoft.com/sir.

Walmart partner exposes personal data of 1.3 million customers

A Walmart jewelry partner left personal details and contact information of 1.3 million customers exposed to the public on a misconfigured Amazon Simple Storage Service (S3) bucket. The S3 repository containing a MSSQL database backup belongs to MBM Company, a Chicago jewelry company that operates mainly under the name Limogés Jewelry. Exposed data contained personal information including names, addresses, zip codes, phone numbers, e-mail addresses, IP addresses and plain text passwords of users from U.S. and Canada.

Leave a Reply

Your email address will not be published. Required fields are marked *