The app was filled with ads and pulled in a second application to be installed too. It looked legitimate, having 'Whatsapp Inc. ' as its publisher but with an extra Unicode character at the end which renders as a space.
Quite an impressive form of malware distribution. The attackers target very specific keyword searches like 'al rajhi bank working hours during ramadan', and make sure they are the first result. When clicked the visitor gets redirected and asked to download a Word document that brings in the Zeus banking trojan.
The last thing you want when using Tor is for your IP to still be visible. On Mac and Linux there was an issue where just that happened. Users are urged to upgrade to the latest version.
And just so you know it when you see it: this one is apparently called the 'Tormoil' bug. Because all vulnerabilities need catchy names of course.
This is no doubt in response to the various s3 bucket leaks of late. The features include default encryption for buckets, clear warnings of making buckets public, and reports on the encryption status of all objects.
The mobile version of Pwn2Own has been completed. $500,000 was rewarded to various teams for successfully exploiting a range of mobile devices. The vendors get 90 days to fix the issues before disclosure. A more detailed write-up of day one and two can be found on the blog of the organiser, Zero Day Initiative.
It includes fixes for the KRACK vulnerability and several bugs in the Media framework.
It looks very convincing, telling the recipient to log in and re-activate their membership. While doing that it asks for personal information and their payment information.
Very welcome news that Chrome will stop things like redirect-ads that pretend to be the video play button, unwarranted redirects from ads that weren't clicked, and more. Good for user experience and user security. The changes are expected early 2018.
These malicious documents don't use macro's to pull in malware. Instead they make use of the Dynamic Data Exchange (DDE) feature, normally used to share data between applications. The user will get a "This document contains linked files. Do you want to update this document with the data from those files" pop-up. You can edit the registry to limit this capability to an extent, but mostly Microsoft advises to, well, not open suspicious documents.
Fortunately he also made the mistake of taunting them through e-mail, which the FBI could get the IP address from, pointing to his home.
The article explains how two guys were able to abuse the URL-shortening and auto-display of the original link to send a tweet with 30,000 characters. Twitter has since patched the issue :)
Integration of web application security in the SDLC has become really important. Businesses are pushing new code to production multiple times in a day, so it is vital that security flaws are identified at source. Listen to Paul’s Security Weekly podcast discussing this, scaling up web application security, time management for penetration testers and more.