Alert

NEWS - February 29, 2016

Feb 29, 2016 4:58PM PST
Payroll data leaked for current, former Snapchat employees

In a blog post on Sunday, Snapchat executives revealed that the payroll data of some current and former employees was exposed as the result of a scam e-mail sent to a human resources employee at the company.

"The good news is that our servers were not breached, and our users’ data was totally unaffected by this," a company spokesperson said in the post. "The bad news is that a number of our employees have now had their identity compromised. And for that, we’re just impossibly sorry."

On February 26, an employee in Snapchat's payroll department received a "spear phishing" e-mail that appeared to be from Snapchat CEO Evan Spiegel—but that came from an external e-mail address. The message requested employee payroll information. The individual targeted didn't recognize the message as a scam, and they forwarded the requested information.

Continued: http://arstechnica.com/security/2016/02/payroll-data-leaked-for-current-former-snapchat-employees/

Related:
Snapchat worker falls for email phishing scam
http://www.cnet.com/news/snapchat-hit-by-email-phishing-scam/
A Snapchat employee has fallen for the oldest trick in the book
http://thenextweb.com/socialmedia/2016/02/29/snapchat-employee-falls-for-email-scam-pretending-to-be-from-ceo-evan-spiegel/

Discussion is locked

Follow
Reply to: NEWS - February 29, 2016
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: NEWS - February 29, 2016
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
CTB Locker ransomware now also encrypts websites
Feb 29, 2016 5:00PM PST

The well-known crypto ransomware CTB Locker is back. After a considerable slowdown in distribution, it is being pushed onto users again, and this time its executable has been signed with a stolen certificate.

But what is even more interesting is that there is a new variant of the malware, and this one targets websites instead of Windows workstations.

According to a security researcher that goes by the online handle Benkow, at least 102 websites have already been infected, and the infection campaign bates back to February 12.

Continued: https://www.helpnetsecurity.com/2016/02/29/ctb-locker-ransomware-now-also-encrypts-websites/

Related:
CTB-Locker/Critroni Finds New Legs Targeting Websites
https://threatpost.com/ctb-lockercritroni-finds-new-legs-targeting-websites/116457/

- Collapse -
Porn clicker trojans keep flooding Google Play
Feb 29, 2016 5:12PM PST

ESET researchers have found 343 malicious porn clicker trojans, which ESET detects as Android/Clicker, on Google Play over the last seven months – and their numbers keep rising. In one of the largest malware campaigns on the Google Play Store yet, criminals continue to upload further variants of these malicious apps to the official app store for the Android mobile platform.

“There have been many malware campaigns on Google Play, but none of the others have lasted so long or achieved such huge numbers of successful infiltrations,” explains Lukas Stefanko, a malware researcher at ESET, who specializes in Android malware.

On average, ten new porn clickers a week bypassed Google’s security checks during this campaign. These porn clickers not only made it into the store, but they also successfully compromised user devices. To get a sense of the scale, porn clickers on Google Play have on average, been downloaded 3600 times each.

Continued: http://www.welivesecurity.com/2016/02/24/porn-clicker-trojans-keep-flooding-google-play/

Related:
Invisible Porn-Clicking Trojans Invade Android’s Google Play Store
http://www.tripwire.com/state-of-security/security-data-protection/android-clicker/
Google screening missed hundreds of malicious Android apps, researchers say
http://www.theregister.co.uk/2016/02/29/worlds_worst_android_play_store_attack_sends_millions_to_p0rn_sites/

- Collapse -
IRS: 390K More Victims of IRS.Gov Weakness
Feb 29, 2016 5:22PM PST

The U.S. Internal Revenue Service (IRS) today sharply revised previous estimates on the number of citizens that had their tax data stolen since 2014 thanks to a security weakness in the IRS’s own Web site. According to the IRS, at least 724,000 citizens had their personal and tax data stolen after crooks figured out how to abuse a (now defunct) IRS Web site feature called “Get Transcript” to steal victim’s prior tax data.

The number is more than double the figures the IRS released in August 2015, when it said some 334,000 taxpayers had their data stolen via authentication weaknesses in the agency’s Get Transcript feature.

Turns out, those August 2015 estimates were more than tripled from May 2015, when the IRS shut down its Get Transcript feature and announced it thought crooks had abused the Get Transcript feature to pull previous year’s tax data on just 110,000 citizens.

Continued: http://krebsonsecurity.com/2016/02/irs-390k-more-victims-of-irs-gov-weakness/

- Collapse -
Hackers Can Trick One of Microsoft's Security Tools ..
Feb 29, 2016 5:38PM PST
.. to Disable Itself

"Researchers from security firm FireEye have discovered a method through which malware can use Microsoft EMET to disable... Microsoft EMET."

Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) is a collection of security features packed into one single toolkit, which Microsoft has offered as an optional download through its official website.

The project launched in 2009, and at the start of February, Microsoft released EMET version 5.5, adding Windows 10 support, and a few bug fixes.

The particular trick that FireEye security researchers discovered revolves around the notion that to protect applications from a series of exploits, EMET loads DLLs (Dynamic Link Libraries) into the applications it needs to protect.

Continued: http://news.softpedia.com/news/hackers-can-trick-one-of-microsoft-s-security-tool-to-disable-itself-501091.shtml

@ FireEye:
Using EMET to Disable EMET
https://www.fireeye.com/blog/threat-research/2016/02/using_emet_to_disabl.html
- Collapse -
Malicious websites exploit Silverlight bug that can pwn ..
Feb 29, 2016 6:24PM PST
.. Macs and Windows

Malicious websites are exploiting a recently fixed vulnerability in Microsoft's Silverlight application framework to perform drive-by malware attacks on vulnerable visitor devices, a security researcher has determined.

The critical code-execution vulnerability, which Microsoft patched last month, was actively exploited for two years in attack code owned by Italy-based exploit broker Hacking Team. As Ars reported last July, the Silverlight exploit came to light following a hack on Hacking Team's network that exposed gigabytes worth of private e-mails and other data. Researchers with Russian antivirus provider Kaspersky Lab later discovered the vulnerability being exploited in the wild and privately reported it to Microsoft.

Continued: http://arstechnica.com/security/2016/02/malicious-websites-exploit-silverlight-bug-that-can-pwn-macs-and-windows/

Related:
Angler Exploit Kit updated to target PCs and Macs with Silverlight attack
http://www.hotforsecurity.com/blog/angler-exploit-kit-updated-to-target-pcs-and-macs-with-silverlight-attack-13449.html

CNET Forums

Forum Info