Every day, 50,000 infected unique URLs of HTTPS-protected websites are detected and blocked. Scientists from the Concordia University in Montreal, Canada, have tested 14 antivirus programs offering HTTPS scanning and found that these programs create more security problems than they actually solve. There was only one exemption from this: Avast. The only issue mentioned in their study is a lack of revoked certificates checking by Avast, which has been in the market since November 2015 and is fixed in 2016 products.

What’s the deal with these “you won something” texts?

I recently received a text message saying an iPhone 6s is waiting for me. I normally delete these messages, but this time I was curious… I have been considering upgrading from my iPhone 5 for a while now J. So, I decided to consult with my friend, Avast senior malware analyst Jan Sirmer and see what would happen if I believed the text.

How did they get my number?

The first question I had about this was: How did they get my number? “A computer probably sent it to you,” said Jan. How did a computer get my number? “There are programs that allow computers to send text messages to a bunch of numbers at once. They probably use the same area code and the rest of the digits in the number are generated by the program.”

LinkedIn members’ login credentials are being sold on the dark web.

The 2012 breach of social networking site LinkedIn, has come back to haunt us. That breach resulted in 6.5 million members’ credentials being stolen. Articles published in the last day report that the number was way short of reality – it’s actually more than 167 million email and password combinations – or nearly all the members of LinkedIn. 

LinkedIn members’ login credentials are being sold on the dark web.

The 2012 breach of social networking site LinkedIn, has come back to haunt us. That breach resulted in 6.5 million members’ credentials being stolen. Articles published in the last day report that the number was way short of reality – it’s actually more than 167 million email and password combinations – or nearly all the members of LinkedIn. 

A brief update on Locky, the latest ransomware targeting PCs.

Beware of emails from random email addresses with subject lines like “Upcoming Payment – 1 Month Notice”. These emails typically come with a zip attachment that attackers have created to run a script that downloads and runs the now well-known ransomware, Locky. These phishing emails prove that Locky is not going anywhere anytime soon.

The emails are written in typical phishing style. The attacker tries to entice a potential victim to read the email and subsequently download the attachment. Attackers seem to be targeting   small and medium sized businesses, to gain access to valuable company data.   

Content of the email.

Last week, Talos discovered multiple vulnerabilities in 7-Zip, a popular, open source file archiver. The vulnerabilities are particularly severe as many products, including antivirus software, implement 7-Zip in their software. When vulnerabilities are found, it is the responsibility of software owners to patch them. However, these patches are useless, unless users update their software.

Avast is not affected by these vulnerabilities, but if you are a non-Avast user we recommend you update your antivirus software, if you haven’t done so already.

About the vulnerabilities

The two vulnerabilities found are CVE-2016-2335 and CVE-2016-2334. The first vulnerability is an out-of-bounds read vulnerability, which exists due to how 7-Zip handles Universal Disk Format (UDF) files and could allow attackers to remotely execute code.

The second vulnerability is an exploitable heap overflow vulnerability, found in the Archive::NHfs::CHandler::ExtractZlibFile method functionality. In the HFS+ file system, files, depending on their size, can be split into blocks. There is no check to see if the size of the block is bigger than size of the buffer, which can result in a malformed block size which exceeds the buffer size. This will cause a buffer overflow and heap corruption.

What you should do

As mentioned above, it is up to software publishers to provide their users with vulnerability fixes, but these are futile if users don’t take action and update their software. It is vital that you frequently update all software, including your operating system, on a regular basis.

Most of popular botnet Andromeda’s (also known as Gamarue) distribution channels have been discovered and analyzed by antivirus vendors. This has forced Andromeda’s distributors to come up with a new attack strategy to continue to drop Andromeda binaries onto PCs.

Meanwhile at the Andromeda headquarters…

Operator: “Captain, all of our distribution channels have been discovered!”

Captain: “Report the loss..”

Operator: “Email scams, exploit kits, everything is known to the public.”

Captain: “Operator, let’s start with plan N!”

Operator: “Roger that, captain”

Before we dive into Andromeda’s new tactic, I’d recommend you to read this article by fellow security researchers from Stormshield, which describes one of Andromeda’s most recent phishing campaigns. We have observed similar Andromeda email phishing campaigns. Most of the emails we have seen seem to be targeting Germans and Italians. However, these two target groups seem to be too clever to fall for the bait, as they are not the top infected users.

Some of the popular subject lines used to target Germans and Italians are “Your current bill” and “A nude photo of you has appeared on the Internet”.

From football stars to cheating spouses, using easy-to-crack passwords puts everything from your livelihood to your relationships at risk.

Change your passwords regularly and don’t share them with others

A tweet showing top NFL draft pick Laremy Tunsil taking a hit off a bong through a gas mask cost him upwards of $13 million. Tunsil’s Twitter account was allegedly hacked at the worst time – just minutes before the draft began – making his fall from the first round to thirteenth swift, decisive, and oh, so costly. Minutes after that, his Instagram account was hacked to show screenshots of a text conversation implicating Ole Miss in NCAA rule-breaking that will likely end up in an investigation.

This mind-boggling turn of events in what should have been a night of triumph for Tunsil and his university has a lesson for the rest of us.