Archive By Year: 2008 - 2009 - 2010 - 2011 - 2012 - 2013 - 2014 - 2015

washington-post-logo-vertical

Yahoo ads accidentally spewed malware

August 4, 2015

Yahoo’s ad network sent malware to the computers of people who visited the company’s popular family of sites for a week, the New York Times reported.

The issue, uncovered by researchers at Malwarebytes, is a warning that even the most trusted sites can sometimes contain hidden threats. The attack started on July 28 and has now been resolved, according to the Times. A Yahoo spokesperson declined to comment to The Washington Post on how long the issue persisted, saying that the company’s investigation is ongoing.

Read More
engadget

Huge malware campaign used Yahoo’s ad network

August 4, 2015

You’ve probably heard of malware-laden ads causing havoc on the web, but rarely on this scale. Malwarebytes has discovered a malware campaign that was using Yahoo’s ad network to target legions upon legions of visitors — Yahoo’s main site racks up 6.9 billion visits per month. While it’s not clear what would happen if you fell victim to an attack, the Flash-based exploit kit linked to the campaign typically includes both ad fraud and ransomware. In short, there’s a real chance that you could have been locked out of your PC simply by checking on your fantasy sports league.

Read More
ars-technica-logo

0-day bug in fully patched OS X comes under active exploit to hijack Macs

August 4, 2015

On Monday, researchers from anti-malware firm Malwarebytes said a new malicious installer is exploiting the vulnerability to surreptitiously infect Macs with several types of adware including VSearch, a variant of the Genieo package, and the MacKeeper junkware. Malwarebytes researcher Adam Thomas stumbled on the exploit after finding the installer modified the sudoers configuration file.

Read More
net-security.org

Hackers actively exploiting OS X zero-day to root machines, deliver adware

August 4, 2015

The attack was unearthed by Malwarebytes researcher Adam Thomas, who analyzed a new adware installer and discovered that his sudoers file had been modified.

“For those who don’t know, the sudoers file is a hidden Unix file that determines, among other things, who is allowed to get root permissions in a Unix shell, and how. The modification made to the sudoers file, in this case, allowed the app to gain root permissions via a Unix shell without needing a password,” Malwarebytes’ Thomas Reed explained.

Read More
The Inquirer

OS X zero-day flaw leaves Mac users open to hackers

August 4, 2015

An active exploit is in the wild, according to Malwarebytes, and it relies on print-to-file functionality and a threat with malice on its mind. The vulnerability is called DYLD_PRINT_TO_FILE – we don’t name ’em – and is “very bad news”.

Read More
Business-Insider

Hackers are installing malware on Macbooks — and there’s nothing you can do to stop them

August 4, 2015

Hackers are exploiting a critical vulnerability in Apple’s OS X operating system to install malware on Macbooks.

Malwarebytes Apple security expert Thomas Reed reported uncovering the attacks in a threat advisory.

Read More

Yahoo! Malvertising attacks largest seen in recent years

August 4, 2015

Malwarebytes have revealed a a large scale attack abusing Yahoo!’s own ad network. The research uncovered that June and July have set new records for malvertising attacks, with a potential 6.9m users per month at risk.

Malwarebytes immediately informed Yahoo! of the malicious activity, with the campaign no longer active as of yesterday. The campaign started on July 28th, as seen from Malwarebytes’

Read More
New-York-Times-Logo

Hackers Exploit ‘Flash’ Vulnerability in Yahoo Ads

August 3, 2015

For seven days, hackers used Yahoo’s ad network to send malicious bits of code to computers that visit Yahoo’s collection of heavily trafficked websites, the company said on Monday.

The attack, which started on July 28, was the latest in a string that have exploited Internet advertising networks, which are designed to reach millions of people online. It also highlighted growing anxiety over a much-used graphics program called Adobe Flash, which has a history of security issues that have irked developers at Silicon Valley companies.

“Right now, the bad guys are really enjoying this,” said Jérôme Segura, a security researcher at Malwarebytes, the security company that uncovered the attack. “Flash for them was a godsend.”

Read More
Business-Insider

Hackers are using ads on Yahoo’s biggest websites to try to infect millions of people’s computers with malware

August 3, 2015

Malwarebytes security researchers say Yahoo is victim to the same group that has been involved in a number of large-scale campaigns that exploit vulnerabilities in Adobe Flash. Recently, Jamie Oliver’s website was victim to attacks by the group, which saw the site riddled with malware. The Angler Exploit Kit (which was used in this latest attack) is dominating the underground malware scene right now, and it has seen its market share grow from a quarter to 83% in the past nine months, according to SophosLabs researcher Fraser Howard.

Read More
IB Times

Car Hacking: Security Experts Caution Automakers On Greater Need For Cybersecurity And Anti-Hacking Measures

July 29, 2015

“Manufacturers are rushing headlong into implementing technologies that rely on connectivity without taking into account the possible unintended consequences and the accompanying increase in attack surface,” said Jean Taggart, senior security researcher at Malwarebytes Labs, the research arm of a leading anti-malware company. “Careful thought and evaluating the possible drawbacks of emerging technologies needs to be done by car manufacturers. Up until now they have operated in a vacuum of sorts.”

Read More