February 11, Softpedia – (International) Fake Netflix apps deliver banking trojans. Symantec security researchers reported that a new malware campaign was targeting Netflix users in an effort to gain victims’ Netflix credentials and to steal users’ credit card data to make fraudulent purchases by tricking victims into believing the campaign is a company method of accessing online content at a cheaper rate. The malware steals information by using ads to redirect victims to a direct download website embedded with a banking trojan, Infostealer.Banload that steals credentials. Source
February 11, SecurityWeek – (International) Flaws found in tollgrade power distribution monitoring product. Tollgrade Communications released software updates patching four vulnerabilities for its LightHouse Sensor Management System (SMS) used by energy corporations after a security researcher found flaws similar to a cross-site scripting (XSS) flaw, an information disclosure flaw, insecure credentials, and a cross-site request forgery (CSRF) flaw that can allow unauthenticated attackers to execute commands on an authenticated users’ behalf and gain access to their accounts, among other malicious actions. Source
February 12, Softpedia – (International) Bad UI design sabotages security of ASUS SoHo routers. An independent researcher reported that a design flaw in the Web administrative panel in 122,000 ASUS SoHo routers running ASUSWRT firmware unintentionally exposed devices to the Internet even after users configured the device as private, allowing attackers to access the devices’ administrator login via Hypertext Transfer Protocol (HTTP) and control the device if the default username and password were still intact. Researchers advised users to leave their firmware firewall on and have the “Enable Web Acces from WAN” setting left on “No.” Source