Malwarebytes Week in Security

Taken from

20th August 2018

A week in security (August 13 – 19)

Last week on Malwarebytes Labs, we talked about how Process Doppelgänging meets Process Hollowing in the Osiris dropper, provided hints, tips, and links for a safer school year, gave a recap of Black Hat USA 2018, offered some tips for a secure content management system, highlighted a silly snail-mail scamming attempt, and provided insight in why money, power, and ego drive hackers to cybercrime. Other news Walmart gains patent to eavesdrop on shoppers and employees in stores. (Source: CNet) FBI warns of “unlimited” ATM cashout (Source: Krebs on Security) Caesars Palace not-so-Praetorian guards intimidate DEF CON goers with searches. (Source: Ars Technica) Researchers discovered a way to hack Echo smart speakers. (Source: Techspot) Researchers have found another serious security flaw in computer chips designed by Intel. (Source: BBC) Victims lose access to thousands of photos as Instagram hack spreads. (Source: ThreatPost) Web cache poisoning just got real: How to fling evil code at v..
13th August 2018

A week in security (August 6 – August 12)

Last week, we published a review of exploit kits, talked about everyday tech that can give you a headache, and showed how to protect RDP access from ransomware. We also published a study on the true cost of cybercrime. Other news: Discovered at Black Hat: WhatsApp “message manipulation” (Source: The Register) Discovered at Black Hat: AI attacks (Source: The Register) Once again, discovered at Black Hat: Meltdown panel (Source: The Register) Indeed, discovered at Black Hat: Mobile payment bugs (Source: The Register) PGA ransomware attack right before Ryder Cup (Source: Golf Week) Steer clear of evil JavaScript (Source: APNIC) Adding bugs to deter attackers [PDF] (Source: Arxiv) Botnets and irrigation systems (Source: Help Net Security) Hunting Twitter bots at scale (Source: Duo Security) Google to warn of government-backed attacks (Source: G Suite) Stay safe, everyone! The post A week in security (August 6 – August 12) appeared first on Malwarebytes Labs.
6th August 2018

A week in security (July 30 – August 5)

Last week, we posted a roundup of spam that may have landed in your mailbox, talked about what makes us susceptible to social engineering tactics, and took a deep dive into big data. Other news: Facebook claimed to have removed accounts that display behavior consistent with possible Russian actors engaged in misinformation. (Source: The Wall Street Journal) Yale University disclosed that they were breached at least a decade ago. (Source: NBC – Connecticut) High school students, be on the lookout! If you receive email or snail mail from organizations with impressive-sounding names, consider that it may just be a carefully packaged marketing scheme. (Source: Sophos’s Naked Security Blog) A researcher from Amnesty International revealed that hackers have targeted them with malware from an Israeli vendor. (Source: Motherboard) Certain e-commerce providers in the UK were affected by a data breach and exposed potentially more than a million user data. (Source: Graham Cluley’s blog) A game o..
30th July 2018

A week in security (July 23 – July 29)

Last week on Labs, we looked at an adware called MobiDash getting stealthy, a new strain of Mac malware called Proton that was found after two years, and the ‘Hidden Bee’ miner that was delivered via an improved drive-by download toolkit. We also delved into the security improvements expected in the new Android P, and had a fresh look at Trojans to help users define what they really are. We also gave you a quick introduction to the Malwarebytes Browser Extensions for Chrome and Firefox. Other news: Russian hackers reached US utility control rooms, Homeland Security officials say. (Source: The Wall Street Journal) Dozens were sentenced for a call center scam, where victims bought iTunes gift cards under threat of arrest. (Source: Gizmodo) Guardian US finds that 72 percent of video spend is fraudulent without Ads.txt. (Source: Mediapost) No, you shouldn’t use the new version of Stylish. (Source: Robert Heaton) These are 2018’s biggest hacks, leaks, and data breaches so far. (Source: ZD..
23rd July 2018

A week in security (July 16 – July 22)

Last week on Labs, we looked at a Magniber expansion, explored open source vulnerabilities, and checked out the boons and drawbacks of smart assistants. We also continued our ad blocking article extravaganza, gave a whistlestop tour of third-party problems, and published our Q2 Cybercrime tactics & techniques report. Other news: Huge data breach in Singapore (Source: Straights Times) Venmo and public sharing (Source: 22.8 miles) Leaky storage buckets (Source: Bob Diachenko, Linkedin post) The UK is short on security experts (Source: Parliament) Email blunder prompts £200k fine (Source: The Register) Airport Wifi risks [PDF] (Source: Coronet) 80,000 healthcare records held to ransom (Source: Naked Security) Protecting yourself from BEC scams (Source: Help Net Security) Microsoft launches identity bounty program (Source: Microsoft) Telefonica breach “exposes millions” (Source: The Inquirer) Stay safe, everyone! The post A week in security (July 16 – July 22) appeared first on Malwareby..