A week in security (September 4 – September 10)

Credit to Author: Malwarebytes Labs| Date: Mon, 11 Sep 2017 19:53:29 +0000

Last week, we looked into expired domain names being used for malvertising, delved into dubious Facebook apps, and checked out Chinese seminar scams. We also explained the whys and wherefores of false positives, explained what Google is doing with HTTPs, warned you away from a fake DHS email, and outlined some early information about the Equifax breach.

Elsewhere:

Equifax mega-leak: The biggest story around, with updates on the initial breach coming thick and fast (Source: The Register)
IoT hackers shift to the dark side: A tangled tale of hacking, and personal information scattering (Source: NewSky Security)
Patch your Android device to foil Toast Overlay attacks: Overlay attacks are nothing new for Android users, and Palo Alto Networks Unit 42 researchers have found yet another way for attackers to perpetrate them. (Source: Help Net Security)
How hackers could send secret commands to speech recognition systems with ultrasound: Chinese security researchers have discovered a way to send secret, inaudible commands to speech recognition systems such as Siri, Amazon Alexa, and Google Home using ultrasound. (Source: Tripwire’s The State of Security Blog)
Fake browser font update drops RAT / locky Ransomware: Fake browser font scams have been around for a while now, but they remain just as deadly (source: HackRead)

Insider threats, Ransomware, and DDoS most feared: The latest workplace worries courtesy of a SANS survey (source: Help Net Security)
European courts and workplace surveillance, oh my: An interesting case of balancing workplace checks with employee privacy (source: Help Net Security)
Unsecured databases – the low hanging fruit of the Internet: This might be the perfect time to make sure your databases aren’t wide open to hack attacks (source: Naked Security)

Stay safe!

Malwarebytes Lab Team