This Week in Security: Adobe 0-Day Exploit, Dridex Disrupted, Vulnerable Androids

Our security roundup series covers the week’s trending topics in the world of InfoSec. In this quick-read compilation, we’ll let you know of the latest news and controversies that the industry has been talking about recently.
Here’s what you don’t want to miss from the week of October 12, 2015:
- Dow Jones & Co., the publisher of The Wall Street Journal, recently disclosed that hackers gained unauthorized access to its systems, potentially exposing the personal and financial information of some former and current subscribers. In a notice to customers, the company said the incident impacted fewer than 3,500 individuals, although it has yet to discover evidence that the information was in fact stolen. According to NBC News, intruders had access to the system from August 2012 up until July 2015 when the company was notified.
- Security researchers warned of a new zero-day exploit in Adobe Flash Player that attackers behind the long-running Pawn Storm espionage campaign are leveraging to install malware on high-profile targets’ computers. Adobe released a security advisory for the critical vulnerability stating, “Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.” The researchers noted that in this most recent campaign, Pawn Storm targeted several foreign affairs ministries from around the world.
- The UK’s National Crime Agency (NCA) alerted online users of the resurgence of a sophisticated strain of malware, known as Dridex, which enabled cyber criminals to drain more than £20 million from British bank accounts. The NCA said it estimates there could be thousands of computers infected in the UK – the majority being Windows users.
“In addition to its primary function of harvesting banking credentials, this particular strain of malware also exploits systems to send out phishing emails with infected attachments in an effort to compromise more systems,” explained Ken Westin, senior security analyst at Tripwire.
Law enforcement agencies in the US and UK have been working to disrupt the botnet, following the arrest of the alleged botnet administrator, Andrey Ghinkul, earlier this year.
- A new hacking group reportedly stole more than 150,000 credit cards from an unnamed casino with a “flat, firewall-free network.” Security researchers said the cybercrime ring – dubbed Fin5 – is linked to numerous retailers’ payment card breaches, including Goodwill, and multiple Visa security alerts to merchants due to the use of its “RawPOS” malware. “The incident should serve as a warning to businesses to secure any access that third party organizations have to corporate networks,” said the researchers.
- About 85 percent of Android devices are exposed to at least one of 13 critical vulnerabilities, according to a new study from the University of Cambridge. A group of security researchers examined more than 20,000 Android devices from a variety of carriers and manufacturers, revealing that the lack of updates to consumer’s devices is likely to blame.
“Unfortunately something has gone wrong with the provision of security updates in the Android market. Many smartphones are sold on 12–24 month contracts, and yet our data shows few Android devices receive many security updates, with an overall average of just 1.26 updates per year, leaving devices unpatched for long periods of time,” read the report.
- Uber inadvertently leaked the personal information of nearly 700 drivers, including Social Security numbers, tax forms and copies of driver licenses, following the launch of the company’s new “Uber Partner” app. According to reports, a bug in the software was discovered by an Uber driver, who began alerting others on Reddit and other forums. The company has since resolved the issue.
- Security provider Malwarebytes recently found that a malvertising campaign was targeting the popular British news site The Daily Mail. The campaign appeared have been redirecting users to the infamous Angler exploit kit – previously used to deliver ransomware. The Daily Mail, which attracts more than 156 million monthly visitors, has since removed the malicious ads.
Title image courtesy of Shutterstock.com