February 2, WTIC 61 Hartford – (International) Beware of phishing scam pretending to be Better Business Bureau questionnaire. The Better Business Bureau (BBB) warned February 2 that scammers sent bogus emails to possibly tens of thousands of businesses across the country, prompting the recipients to open a ZIP file attachment which leads to a Web site that delivers malware onto the user’s computer. The BBB is working with security vendors to mitigate the threat and disable the Web site. Source
February 2, Help Net Security – (International) Raptr hacked, user info and passwords compromised. A representative from Raptr, a gaming social network site, announced January 28 that its network may have been breached and an unidentified number of users’ data, including names, email addresses, and password hashes, may have been accessed. Officials advised users to update log-in credentials associated with their Raptr account and change any related passwords. Source
February 2, Threatpost – (International) Another Flash zero day emerges. Adobe released February 2 that it is working on a patch for a zero day vulnerability in Flash Player 16.0.0.296 that could cause a crash and allow an attacker to take control of the affected system. The vulnerability is reportedly being exploited via drive-by-download attacks against Windows, OS X, and Linux systems running Internet Explorer and Firefox. Source
February 1, Securityweek – (International) Hackers compromise business IM service HipChat. HipChat posted a security notice January 31 warning that hackers breached the firm’s defenses and accessed names, usernames, email addresses, and encrypted passwords for less than 2 percent of its customers. HipChat triggered a password reset for all affected users as a precaution. Source
January 30, Threatpost – (International) Facebook malware poses as Flash update, infects 110K users. A trojan posing as a Flash update infected approximately 110,000 Facebook users in 2 days by posting malicious video links that lead to a malware downloader on the profiles of previously infected users. Facebook is aware of the malware that can manipulate keystrokes and mouse movement on an infected computer and is working to block links to the scam. Source