February 18, Softpedia – (International) Author of Android Xbot malware includes curse at AV companies. Avast security researchers discovered that the Xbot Android malware infected over 2,570 installations in 350 unique files through third-party marketplaces since the beginning of February. The malware persistently runs on infected devices, has the capability to download content to command and control (C&C) servers, and primarily focuses on capturing, reading, and writing short text messages. Source
February 18, Help Net Security – (International) Credit card info stolen in BigFish Games site compromise. BigFish Games reported that the personal and financial information of some of its customers that made purchases between December 24, 2014 and January 8 may have been compromised after the company discovered malware installed on the billing and payment pages of their Web site January 12. Affected customers were notified of the breach February 11, and the company removed the malware and has taken steps to prevent the malware from being reinstalled. Source
February 17, Softpedia – (International) Siemens fixes security flaws in Simatic Step 7 (TIA Portal). Siemens patched two minor and two more severe vulnerabilities due to glitches in Simatic Step 7 that allowed hackers to possibly learn user passwords, escalate privileges, or hijack and intercept industrial communication on TCP port 102. Source
February 17, Help Net Security – (International) Flaw in Netgear Wi-Fi routers exposes admin password, WLAN details. A network engineer discovered and notified Netgear support that certain versions of the brand’s WNDR3700v4, WNR2200, and WNR2500 home wireless routers contain a vulnerability in the embedded simple object access protocol (SOAP) service that could allow unauthenticated remote and locally-connected attackers to obtain the administrator password, device serial number, WLAN details, and various information related to clients connected to the device. Source
February 17, Securityweek – (International) Arabic threat group attacking thousands of victims globally. Kaspersky Lab security researchers reported that “Desert Falcons,” the first known full-scale Arabic cyber-espionage group, has used spear-phishing and social engineering techniques to deliver two backdoors though 100 malware samples to infect Windows PCs and Android devices of targets based in Egypt, Palestine, Israel, Jordan, the U.S., and other countries for at least 2 years. The malware has full-backdoor capability as well as the capability to steal call and SMS logs in Android versions, and attackers have targeted victims from political, military, government individuals and organizations, media outlets, energy and utility providers, physical security companies, and others holding geopolitical information. Source
February 18, Tribune Washington Bureau – (International) Accused Russian hacker to face charges in US court. A Russian national was extradited to the U.S. and charged February 17 in New Jersey for his alleged involvement in an international scheme that stole more than 160 million credit card numbers resulting in hundreds of millions of dollars in losses to consumers and financial institutions including Dow Jones, 7-Eleven, Nasdaq, Visa, and JetBlue. The suspect, arrested in the Netherlands in 2012, allegedly hacked victims’ networks to gain access to usernames and passwords, credit card and personal identifiable information, and sold them to resellers around the world. Source
February 17, Softpedia – (International) Vawtrak trojan downloaded via malicious macro for Microsoft Word. Trend Micro security researchers discovered a new cyber criminal campaign targeting banks including Bank of America, Barclays, Citibank, HSBC, Lloyd’s Bank, and J.P. Morgan with emails containing malicious macro-enabling Microsoft Word documents that install the Vawtrak banking trojan by downloading a batch file, a visual basic scripting edition (VBS script), and Powershell file. The malware serves clients modified pages to trick them into providing log in data for Microsoft Outlook, Google Chrome, Mozilla Firefox, and file transfer protocol (FTP) clients. Source
February 16, Help Net Security – (International) Banking trojan Dyreza sends 30,000 malicious emails in one day. Bitdefender security researchers discovered that 30,000 malicious emails containing the banking trojan Dyreza were sent in one day to customers of banks including HSBC, NatWest, Barclays, RBS, Lloyds Bank, and Santander from servers in the U.K., France, Turkey, Russia, and the U.S. The trojan allows hackers to covertly steal credentials and manipulate accounts. Source