Updated: The DNC cyberattack was deemed to be a simulated test by an unknown third party. This has been removed from our security roundup for the week.
Security flaws haunt Ghostscript
For the third year in a row, researchers have found exploitable flaws in the open source software Ghostscript, a PDF and PostScript interpreter used by hundreds of programs on all major platforms. While the software includes a sandbox protection option, researchers have now identified a series of sandbox bypass vulnerabilities. For a bad actor to take advantage of the flaw, he or she would only need to send their victim a specially modified file in a format that triggers interaction with Ghostscript (PDF, PS, EPS, or XPS). Doing so would grant the malware’s C&C remote code execution privileges on the infected system, thereby allowing them to essentially take it over. No patch is available yet, so experts are advising that Linux distributions disable PS, EPS, PDF, and XPS coders in ImageMagick’s policy.xml, as the image processing library seems to be the most affected project by the flaw.
In 2016, an app called “Sex Game” was available in the Google Play store. And while it was legitimate, the bluntly titled app did not last long in the store. Soon it was gone.
Google may still be tracking you...
Adding to the growing mistrust consumers have about what tech companies do with the data they collect, we learned this week from an Associated Press investigation that Google still tracks and stores your whereabouts even if you turn off “location history” in your privacy settings. It turns out that disabling location history, on Android devices and iPhones, only removes your location from the Google Maps Timeline feature — which shows you where you've been in Google's data — but some Google apps still store your time-stamped location data, in part so they can better target ads based on where you’ve been. The company argues that it makes clear to users how to disable this setting and delete location history. So, what can you do to prevent Google from saving these location markers? First, disable a setting called “Web and App Activity,” which stores a variety of information from Google apps and websites to your Google account. Then, delete your location data in your Google account at myactivity.google.com.
Steam game found to be secretly cryptomining
SamSam ransomware was first spotted in the digital wild back in 2015. Since then, its purveyors have racked up approximately $6M in extorted ransom money, experts surmise, and its diabolical reign shows no sign of slowing. The malware continues to be improved upon to make it sneakier, with its newest version encrypting files late at night, hoping to infect the system when the user is away from the screen. Additionally, the SamSam attacks all seem strategic and deliberate, as opposed to automated outbreaks, making them some of the most feared and destructive cyberattacks active today.
Social website Reddit announced this week that they suffered a data breach in June. In its official statement, the company calls the breach a “security incident” and provides a detailed account of how it happened.
An elaborate and sophisticated criminal operation like something out of an Oceans 11 sequel has just been uncovered, and the caper here is mass malvertising. While investigating exploit kits, security researchers stumbled upon an operation where criminal activity abused the legitimate online advertising industry to spread trojans, ransomware, and more.
Magniber ransomware grows stronger and scarier
The Magniber strain of ransomware is back, stronger than before, and starting to spread through much of Asia. Cybersecurity experts are taking note of the substantial changes the malware has undergone over the past year.
Fake apps on Google Play open the door for BankBot Anubis
Mobile users in Turkey, beware. IBM cybersecurity researchers announced this week that they’ve discovered at least ten fake apps on the Google Play Store that seem to be a unified campaign to spread the banking Trojan BankBot Anubis, which is designed to steal bank login credentials, payment card numbers, and e-wallet info.