Last week on Malwarebytes Labs, we talked about how Process Doppelgänging meets Process Hollowing in the Osiris dropper, provided hints, tips, and links for a safer school year, gave a recap of Black Hat USA 2018, offered some tips for a secure content management system, highlighted a silly snail-mail scamming attempt, and provided insight in why money, power, and ego drive hackers to cybercrime.
Walmart gains patent to eavesdrop on shoppers and employees in stores. (Source: CNet)
FBI warns of “unlimited” ATM cashout (Source: Krebs on Security)
Caesars Palace not-so-Praetorian guards intimidate DEF CON goers with searches. (Source: Ars Technica)
Researchers discovered a way to hack Echo smart speakers. (Source: Techspot)
Researchers have found another serious security flaw in computer chips designed by Intel. (Source: BBC)
Victims lose access to thousands of photos as Instagram hack spreads. (Source: ThreatPost)
Web cache poisoning just got real: How to fling evil code at v..
Last week, we published a review of exploit kits, talked about everyday tech that can give you a headache, and showed how to protect RDP access from ransomware. We also published a study on the true cost of cybercrime.
Discovered at Black Hat: WhatsApp “message manipulation” (Source: The Register)
Discovered at Black Hat: AI attacks (Source: The Register)
Once again, discovered at Black Hat: Meltdown panel (Source: The Register)
Indeed, discovered at Black Hat: Mobile payment bugs (Source: The Register)
PGA ransomware attack right before Ryder Cup (Source: Golf Week)
Adding bugs to deter attackers [PDF] (Source: Arxiv)
Botnets and irrigation systems (Source: Help Net Security)
Hunting Twitter bots at scale (Source: Duo Security)
Google to warn of government-backed attacks (Source: G Suite)
Stay safe, everyone!
The post A week in security (August 6 – August 12) appeared first on Malwarebytes Labs.
Last week, we posted a roundup of spam that may have landed in your mailbox, talked about what makes us susceptible to social engineering tactics, and took a deep dive into big data.
Facebook claimed to have removed accounts that display behavior consistent with possible Russian actors engaged in misinformation. (Source: The Wall Street Journal)
Yale University disclosed that they were breached at least a decade ago. (Source: NBC – Connecticut)
High school students, be on the lookout! If you receive email or snail mail from organizations with impressive-sounding names, consider that it may just be a carefully packaged marketing scheme. (Source: Sophos’s Naked Security Blog)
A researcher from Amnesty International revealed that hackers have targeted them with malware from an Israeli vendor. (Source: Motherboard)
Certain e-commerce providers in the UK were affected by a data breach and exposed potentially more than a million user data. (Source: Graham Cluley’s blog)
A game o..
Last week on Labs, we looked at an adware called MobiDash getting stealthy, a new strain of Mac malware called Proton that was found after two years, and the ‘Hidden Bee’ miner that was delivered via an improved drive-by download toolkit. We also delved into the security improvements expected in the new Android P, and had a fresh look at Trojans to help users define what they really are.
We also gave you a quick introduction to the Malwarebytes Browser Extensions for Chrome and Firefox.
Russian hackers reached US utility control rooms, Homeland Security officials say. (Source: The Wall Street Journal)
Dozens were sentenced for a call center scam, where victims bought iTunes gift cards under threat of arrest. (Source: Gizmodo)
Guardian US finds that 72 percent of video spend is fraudulent without Ads.txt. (Source: Mediapost)
No, you shouldn’t use the new version of Stylish. (Source: Robert Heaton)
These are 2018’s biggest hacks, leaks, and data breaches so far. (Source: ZD..
Last week on Labs, we looked at a Magniber expansion, explored open source vulnerabilities, and checked out the boons and drawbacks of smart assistants. We also continued our ad blocking article extravaganza, gave a whistlestop tour of third-party problems, and published our Q2 Cybercrime tactics & techniques report.
Huge data breach in Singapore (Source: Straights Times)
Venmo and public sharing (Source: 22.8 miles)
Leaky storage buckets (Source: Bob Diachenko, Linkedin post)
The UK is short on security experts (Source: Parliament)
Email blunder prompts £200k fine (Source: The Register)
Airport Wifi risks [PDF] (Source: Coronet)
80,000 healthcare records held to ransom (Source: Naked Security)
Protecting yourself from BEC scams (Source: Help Net Security)
Microsoft launches identity bounty program (Source: Microsoft)
Telefonica breach “exposes millions” (Source: The Inquirer)
Stay safe, everyone!
The post A week in security (July 16 – July 22) appeared first on Malwareby..