Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

NEWS - March 04, 2016

Mar 4, 2016 1:40PM PST
It’s 2016, so why is the world still falling for Office macro malware?

In the late 1990s, Microsoft Office macros were a favorite vehicle for surreptitiously installing malware on the computers of unsuspecting targets. Microsoft eventually disabled the automated scripts by default, a setting that forced attackers to look for new infection methods. Remotely exploiting security bugs in Internet Explorer, Adobe Flash, and other widely used software soon came into favor.

Over the past two years, Office Macros have made a dramatic comeback that has reached almost a fevered pitch in the past few months. Booby-trapped Excel macros, for instance, were one of the means by which Ukrainian power authorities were infected in the weeks or months leading up to December's hacker-caused outage that affected 225,000 people.

"Locky," a particularly aggressive strain of crypto ransomware that appeared out of nowhere two weeks ago, also relies on Word macros. The return of the macro-delivered malware seemed to begin in late 2014 with the advent of a then-new banking trojan called Dridex.

Continued: http://arstechnica.com/security/2016/03/its-2016-so-why-is-the-world-still-falling-for-office-macro-malware/

Related:
Macro Malware Dridex, Locky Using Forms to Hide Code
http://www.securityweek.com/macro-malware-dridex-locky-using-forms-hide-code

Discussion is locked

- Collapse -
Mozilla blocks popular Firefox add-on due to security issues
Mar 4, 2016 1:42PM PST

Mozilla has put the YouTube Unblocker add-on on its “blocklist”, as it has been discovered that it was changing users’ security settings and covertly downloading and installing an additional, malicious extension that injects ads in pages visited by users.

The popularity of YouTube Unblocker was due to it allowing users to view YouTube videos blocked in their country. The add-on used to be offered for download on the organization’s official portal for Firefox extensions and themes, but no more: [...]

The various comments in the discussion about the bug that has been started on Mozilla’s bug tracker a few days ago showed that the developers of YouTube Unblocker have been repeatedly trying to bundle it with adware through the years.

Continued: https://www.helpnetsecurity.com/2016/03/04/mozilla-blocks-youtube-unblocker-firefox-add-on-due-to-security-issues/

See:
Firefox Add-on YouTube Unblocker blocked by Mozilla
http://www.ghacks.net/2016/03/03/beware-firefox-add-on-youtube-unblocker-put-on-blocklist/

- Collapse -
Amazon Faces Backlash Over Removal Of Device Encryption
Mar 4, 2016 1:43PM PST

Amazon’s decision to remove encryption from its tablets running the latest Fire OS 5 release of its software has many privacy-minded tablet owners are crying foul. They are blasting Amazon for making their tablets less secure and no longer safe to store personal data from email credentials, credit card numbers and sensitive business information.

“Amazon rolled over, exposed all our bellies to be eviscerated by the bad actors if lost or stolen,” wrote an Amazon Fire tablet owner on an Amazon message board. Fire tablet owners shared similar sentiments on other social media channels on Friday.

Continued: https://threatpost.com/amazon-faces-backlash-over-removal-of-device-encryption/116594/

Related:
Amazon Quietly Removes Device Encryption From Fire Devices
http://www.securityweek.com/amazon-quietly-removes-device-encryption-fire-devices
Terrorists, drug lords and paedophiles - please use the Amazon Fire
https://www.grahamcluley.com/2016/03/terrorists-drug-lords-paedophiles-use-amazon/

- Collapse -
Dotdo Adware Blocks Security-Related Websites
Mar 4, 2016 2:01PM PST

Potentially Unwanted Programs (PUPs) have a reputation for sneaky behavior and the Dotdo adware PUP has its own methods of going about it.

You see, this particular PUP, which gets installed on your system bundled with other legitimate programs, is an adware family that sneakily inserts ads in the websites users visit.

To be able to do this, it first needs to know what users are surfing online. For this, Dotdo will install its own version of the Fiddler Web traffic debug application, which inspects traffic using a local proxy running on 127.0.0.1:8877.

Continued: http://news.softpedia.com/news/dotdo-adware-blocks-security-related-websites-501354.shtml

Also see:
Adware PUP Dotdo FastInternet Blocks Security Related Domains
https://blog.malwarebytes.org/intelligence/2016/03/adware-pup-dotdo-fastinternet-blocks-security-related-domains/

- Collapse -
Bank password policies are often substandard, study finds
Mar 4, 2016 2:12PM PST

A study of 17 major US banks shows that six of them have weak password handling and that their password procedures are weaker than most social websites.

The six banks, 35 percent of the test group, appear to have a significant weakness in their password policy: ignoring case sensitivity, a study by the University of New Haven Cyber Forensic Research and Education Group (UNHcFREG) showed.

The banks ask users to set up passwords that include letters and special symbols, but the study shows the passwords may not be case sensitive. This means any combination of upper and lower case letters might work and the passwords may not be reliable.

Continued: https://www.helpnetsecurity.com/2016/03/04/bank-password-policies-are-often-substandard-study-finds/

Related:
Weak Bank Password Policies Leave 350 Million Vulnerable, Say Researchers
https://threatpost.com/weak-bank-password-policies-leave-350-million-vulnerable-say-researchers/116574/

- Collapse -
not a problem
Mar 4, 2016 2:41PM PST

I do not think it is much of a problem since the banks only allow a certain number of attempts before locking the account. Great security includes a number of factors not just a password.

- Collapse -
If NatWest texts you about online banking fraud, don't ..
Mar 4, 2016 3:37PM PST
.. click the link

British customers of the NatWest bank should be on their guard against a particularly convincing SMS-based phishing scam, Action Fraud warns.

The spoofed texts being sent out by fraudsters “could catch you out if it appears in an existing message thread,” the UK's national fraud & cyber reporting centre advised on Wednesday.

Reg reader Nicholas was among those targeted by the link-containing message. He was concerned that fraudsters had managed to get their hands on his mobile phone number in the first place.

Continued: http://www.theregister.co.uk/2016/03/04/natwest_sms_phishing_scam/

@ NatWest:
Protect yourself against this scam
http://personal.natwest.com/global/security-centre/text-message-smsphishing.html
- Collapse -
$17 smartwatch includes a backdoor in the pairing app
Mar 4, 2016 3:37PM PST

A group of researchers that analyzed security of a number of smart watches discovered a $17 smartwatch is sold with a backdoor in the pairing app.

Be careful of cheap smartwatch offered on the web, security researchers at Mobile Iron have found that the U8 Smartwatch available on eBay for sale is offered with an Android or iOS app that contains a backdoor that is linked to a Chinese IP address.

The discovery was presented at the BSides San Francisco conference and of course, the wearable device represents a serious threat to the users’ privacy.

Continued : http://securityaffairs.co/wordpress/44987/hacking/smartwatch-with-backdoor.html