It’s been business as usual on this week’s security battlefield. Just after last week’s security roundup, we published a security alert about a mobile malware called Mazar BOT. This little fellow targets Android devices and spreads via text messages. It can gain administrators rights, read and send SMS, steal your data, erase the phone – long story short, it can do anything it pleases. Surprisingly, the malware cannot be installed on Android smartphones set on Russian language option, so you will be safe if you learn Russian. Or simply don’t install any fishy apps that you run into. Afterwards we met Locky – and we’re not talking about the Asgardian God of Mischief and Evil. Locky is a new ransomware that made its entrance with a bang: it extorted money from a Hollywood hospital. And since we brought cryptoware into discussion, we also have an article on how cyber criminals behind Angler exploit kit grew their distribution network. Over 350 domains related to the Angler exploit kit infrastructure were blocked only Monday. We also published two security guides that you shouldn’t miss. If you’re struggling with your online security, use this free plan to solve your issues. And last but not least, we explained how Zombies and Botnets work. Don’t worry, we’re not talking about Michael Jackson’s “Thriller” kind of zombies, that will strangle you while you sleep. No, this kind of zombies will only attack other computers. And you won’t even have a clue about what they’re up to (unless you read our article on Botnets and how to prevent your PC from being enslaved). Before you wrap up your browser tabs and fly off into the weekend, take a quick look over the most important security news of this week:


Security articles of the week


1. Tim Cook’s letter to Apple’s customers

A subject that’s been on everybody’s lips in these past days: in an open letter addressed to Apple customers, Tim Cook reveals the US government’s demand to build a backdoor to iPhone. He explains how this could turn into a dangerous precedent. Here are two more articles regarding this issue that you should read: one’s from Troy Hunt, who takes his time to explain all the grey shades from this Apple vs FBI case. The other one presents John McAfee’s take:

And why do the best hackers on the planet not work for the FBI? Because the FBI will not hire anyone with a 24-inch purple mohawk, 10-gauge ear piercings, and a tattooed face who demands to smoke weed while working and won’t work for less than a half-million dollars a year. But you bet your ass that the Chinese and Russians are hiring similar people with similar demands and have been for many years. It’s why we are decades behind in the cyber race.

2. Hollywood Hospital hit with Ransomware, ends up paying the cyber attackers

As we were pointing out earlier, when we introduced you to Locky, not even hospitals are immune to ransomware attacks. After not being able to access their electronic records for a ten day period, a Hollywood hospital decided to give up and pay the attacker.

CEO Allen Stefanek confirmed that the center had paid the fee, a decision that he said was “the quickest and most efficient way to restore our systems and administrative functions.”

3. What happens when you flash your cash on Snapchat

And we thought it’s obvious that you shouldn’t flash your cash on social networks. Or your bank card. Or concert tickets. Or vacation details. Or your kids photos. Or… ah, nevermind, we’ll just follow up with an extended article on this subject.

4. Leaked info on hundreds of Spotify premium accounts

The title is pretty much self-explanatory, right? Hundreds of Spotify premium accounts details were dumped online this week. Email addresses, coressponding passwords, home countries, account types and renewal dates were leaked. No payment credentials left out in the open, whatsoever.

5. Instagram adds two-factor authentication

Instagram finally started to roll out two-factor authentication option. It was about time! Btw, if you don’t have any idea why we’re so enthusiasted about this, check out our huge security guide on two-factor authentication. We covered how it works and why should activate it immediately everywhere it’s available. (Immediately, you hear that?)

6. Password recovery bug affected thousands of Twitter users

Bad news is: because of a security flaw related to password recovery, thousands of Twitter accounts were affected. Good news is: the bug was fixed. Useful tip before we move on to the next issue: activate login verification on your Twitter account to enhance your security.

7. Email phishing campaign on the loose targets Airbnb customers

A new email phishing campaign has been targeting Airbnb customers. Make sure you don’t fall into this trap.

Scammers have plenty of options after successfully hijacking an account, especially those that are verified and have obtained stellar reviews, making it easier to lure potential victims into paying in advance in order to secure their rental.

8. Spear phishing incident average cost is $1.6 million

And since we opened the phishing subject, here’s an overview of spear phishing costs. Spear phishing is at present the most effective phishing technique. It requires greater efforts, but it also provides cyber criminals better pay-off.

9. Research: attackers drained $103,000 out of Bitcoin wallets protected by passwords

Just cyber attackers attacking favorite cyber attackers’ payment method.

10. The most popular hacking methods

According to Balbait’s recent survey, IT security experts believe that attackers are mostly using or taking advantage of social engineering techniques.


In “The Art of War”, Sun Tzu said that you should fully know your enemy and know yourself. Our weekly security roundup is about knowing thy enemy. But you should also do something about it, don’t just ignore all these privacy and security warnings we keep babbling about.

Leave a Reply

Your email address will not be published. Required fields are marked *