Last week in online security field was very busy. We have heard about WannaCry again, infecting computers in Boeing company. Microsoft released another patch fixing Patch Tuesday from previous week. There was big data breach of 150 million accounts in Under Armour company. And popular CMS Drupal issued highly critical patch to secure again around 1 million websites running on this system. End of the week brought huge data breach where credit card data of up to 5 million customers of US chain stores were stolen.
New ransomware attempts to attack your antivirus
A newly discovered ransomware called AVCrypt tries to disable antivirus/anti-malware software before it can be detected and removed. This new malware first tries to remove a number of Windows services that are required for Windows Defender and Malwarebytes to operate successfully. Researches reported that AVCrypt seems incomplete because of major missing pieces. While it does contact a command and control server and encrypts files it doesn’t include any ransom instructions nor provisions for decryption. The delivery mechanism appear to be the standard methods seen in other ransomware including malicious spam, drive-by URLs, and pirated software.
Android malware found in app with 500k downloads
It seems there is no week without discovery of some new mobile application infected by malware, which is available to download in official app store. This time the malware sneaked onto the Google Play store disguised as seven different apps – six QR readers and one “smart compass”. After the installation the malware waits for six hours before it begins to work. It servers adware, floods the user with full screen adverts, etc. All of this activity was designed with the intent of generating click-based revenue for the attackers.
WannaCry ransomware re-emerges at Boeing
Last Wednesday emerged reports about Boeing being attacked by the well known WannaCry ransomware. The company issued a statement that it has detected a limited intrusion of malware that had affected a small number of its system. This has not affected production or delivery. Boeing also said that a number of articles about malware disruption are overstated and inaccurate. The WannaCry ransomware spread with the help of a leaked NSA exploit and infected over 300,000 PCs around the globe in 2017.
Under Armour reports big data breach
The fitness apparel company learned that data of 150 million accounts of their MyFitnessPal app were breached. The investigation indicates that the affected information included usernames, email addresses and hashed passwords. The company said payment card data nor social numbers or driver’s license numbers weren’t affected. Under Armour notified its users about the breach via email and in-app messaging and required from all users to change their passwords.
Drupal issues critical patch: Over 1M sites vulnerable
Developers of popular open-source CMS Drupal are warning admins to immediately patch a flaw that an attacker can exploit just by visiting a vulnerable site. The bug affects all sites running on Drupal 8, 7, and 6. Based on Drupal’s information it’s about a million sites. So far, there haven’t been any attacks using the flaw, according to Drupal.
Facebook introduced new privacy settings
Amid the ongoing trust crisis, Facebook has announced new controls, privacy shortcuts, and tools to delete Facebook data. The new privacy changes are designed to offer users more control over their data. As part of the update, Facebook has released a new feature called Access Your Information, a new “secure way” for users to access and delete their posts, reactions, comments, and searches from their timeline or profile.
Microsoft fixes Windows flaw introduced by Meltdown patches
In January and February, Microsoft emitted fixes for Windows 7 and Server 2008 R2 machines to counter the Meltdown vulnerability in modern Intel x64 processors. Unfortunately, those patches blew a gaping hole in the operating systems. In March Microsoft pushed out fixes on Patch Tuesday to correct those January and February updates to close the security vulnerability it accidentally opened. Except that March update didn’t fully deliver – the bug remained in the kernel. So on Thursday Microsoft issued an emergency security update to correct a security update it issued earlier this month.
Credit card data from Saks and Lord & Taylor customers stolen
Hackers stole credit card information from about 5 millions of customers who have shopped at Saks Fifth Avenue and Lord & Taylor stores. At the time of research 125,000 records were for sale on the dark web by hackers known as the JokerStash syndicate or Fin7. Gemini Advisory, company carrying the investigation, expects hackers will offer all stolen data in the following weeks or months. The Hudson’s Bay Company, owner of the retail chains, confirmed the breach and once more information will be available they’ll notify customers quickly and will offer them identity protection services.
Kaspersky Lab open sources its threat-hunting tool
Kaspersky is now offering its threat-hunting application KLara as an open-source tool. KLara is a YARA rules-based malware scanner that runs multiple YARA identifier rules across multiple databases simultaneously as a way to speed up the process of malware identification. The open source tool is available via GitHub.