Stay ahead of trending internet threats with CYREN Security blog. Take a quick peek at what was trending in October 2014 and visit our blog for more detailed information: www.blog.CYREN.com
2. 22
October Highlights
âą Shellshock vulnerability exploded on to
the scene and exploitation of another
vulnerability known as Sandworm
âą Recent Home Depot breach used in
phishing scam
âą As well as some usual suspects:
WordPress vulnerability major player in
phishing story, simple yet sophisticated
password stealing and Android malware
that locks the phone but doesnât request
a ransom
3. 3
A Little Phishing Story
âCybercriminals are now using
the Fabtrol content
management system to place
automated software; in the
foreground the Fabtrol system
appears to run normally; in the
background cybercriminals are
using the Fabtrol content
management system to collect
the phishing script data entered
by unsuspecting Amazon.de
victims.â
4. 4
Shellshockâs Payload Leads to Malware
âBy simply sending a
malformed request to the Web
server, an attacker can cause
Bash to execute any command
allowed based on the system
permission. In other words,
Bash makes hacking into a
vulnerable website rather easy.
Hacked servers can then be
used as DDOS or spam zombies
or could hide phishing,
malware, or spam pages. â
5. 5
Home Depot Breach Results in First Phishing Scam
âThe email takes an insidiously
effective approach, reminding
customers of the Home Depot
breach and advising them to
regularly check their online
accounts for suspicious activity.
Of course, the login link
provided takes consumers to a
phishing address.â
6. 6
Web Security in Asia and Pacific
âToday, employees work
remotely and globally, using
laptops, smart phones, and
tablets. Data is at their
fingertips, delivered on-demand
via cloud computing. In fact,
more than half of the worldâs
mobile subscribers are located
in the Asia Pacific region and
Asia-Pac is anticipated to
remain one of the worldâs
fastest growing mobile markets
through 2020 and beyond.â
7. 7
Malicious Use of Freely Available Password Recover Tools
âWith the readily available and
easy access to these so-called
Network Admin / Forensic
Tools, and by just using simple
scripts, anyone with malicious
intent will be able to easily steal
any users Email and Website
accounts and passwords.â
8. 8
Weaponized by Sandworm
âIt appears that the Sandworm
group has weaponized a
dangerously exposed zero-day
vulnerability (also known as
Sandworm) CVE-2014-4114
(MS14-060) that exists in the
Object Linking and Embedding
(OLE) package manager in
Microsoft Windows and Server
to launch their campaign.â
9. 9
Wipelocker: Obey Or Be Hacked!
â[âŠ] the Trojan then sends
multiple SMS messages to every
single contact in the userâs
phone book every 5 seconds.
The messages that the Trojan
sends is HEY!!! âName of
contactâ Elite has hacked you.
Obey or be hacked"
10. 10
Visit the CYREN Security
Blog for more details and
watch out for upcoming
articles on the latest
trends in malware, spam
and phishing
www.blog.CYREN.com