LinkedIn has bit the target of a new phishing campaign which has spread through users via direct messages and the LinkedIn InMail feature. They are sent from legitimate LinkedIn Premium accounts that have been hijacked by the phishers, thus increasing the likelihood that recipients will trust the message and click on the link.
A WordPress plugin named Display Widgets has been used to install a backdoor on WordPress sites and has been installed more than 200,000 times. The backdoor code was found between Display Widgets version 2.6.1 (released June 30) and version 2.6.3 (released September 2). The WordPress.org team has intervened and removed the plugin from the official WordPress Plugins repository. Despite the number of downloads, it is not known how many of these were updated to a version that included the malicious behavior.
It has been discovered that more apps on Google’s Play Store are carrying the malicious BankBot Android banking malware. The malware, which surfaced back in January, targets legitimate banking apps and uses fake overlay screens to trick unsuspecting users into providing their credentials. The malware is even able to hijack and intercept SMS messages, allowing it to bypass the SMS-based two-factor authentication security feature.
Adobe has announced its monthly security updates which include patched vulnerabilities in three products — Adobe Flash Player, Adobe ColdFusion, and Adobe RoboHelp, the company’s lesser known help authoring tool (HAT), used for the creation of online or offline documentation and help files. In total, Adobe patched eight security bugs — two in Flash Player, four in ColdFusion, and two in RoboHelp. The company did not receive reports of public exploits or in-the-wild attacks for any of the patched issues, but that doesn’t mean system administrators can skip this month’s security updates.
Tips for Safe Web Downloads
Downloading content over the internet is a great way to enjoy music, video, games and other entertainment. Downloading is also a very convenient way to obtain information in the form of Word documents, PDFs, photos and other files. Also, most software and its periodical updates are now downloaded from the internet. Downloading should not be confused with streaming, which is where video, music or sound is sent over the internet for you to watch or listen to in real time, rather than being able to be saved on your computer to use later.
The Risks
- Inadvertently allowing viruses on to your computer – from both websites and peer-to-peerfile-sharing programs.
- Inadvertently installing adware that enables annoying popup advertisements.
- Installing spyware that enables criminals to obtain private information for financial gain or identity theft.
- Having your firewall breached, especially when using peer-to-peer file-sharing programs.
- Downloading offensive/illegal material or viruses disguised as something else.
- Breaching copyright. Although downloading free music, videos and software could be tempting, it is illegal to pirate material that is under copyright.
Safe Downloading
- Ensure you have effective and updated antivirus/antispyware software and firewall running before you start downloading.
- Download executable files (.exe) with extreme caution. These are files used by programs to run on your computer. However, they are also commonly used in viruses.
- Use trusted download websites rather than peer-to-peer systems to obtain programs.
- Be wary about downloading anything, as people can call their files anything they like. Something that appears to be a clip from a new sci-fi movie could in fact be hardcore porn or a virus-infected file.
- Download music only from paid sites such as iTunes, Napster or trusted retailers’ websites.
Safe Peer-to-Peer File Sharing
- If you must use file-sharing software, make sure you choose safe software, install it safely and use it properly.
- Install file sharing applications only when you have effective and updated antivirus/antispyware software and firewall running.
- Consider paying for a premium version that is not funded by advertising, to reduce the risk of adware being installed.
- Download software only from manufacturers’ or authorised resellers’ websites.
- Don’t let people browse your files directly, and configure the program carefully so that you only share the files you want to and keep the rest of your files and personal information private. This avoids sharing your emails, photos, financial information or work files with complete strangers.
- Don’t share material that is under copyright.
