A week in security (April 15 – 21)

April 22, 2019 admin a week in security, cyber resilience, ellen degeneres, fake Airbnb sites, Flame 2.0, IE vulnerability, like-farming, notre dame disinformation, Security world, VPN flaw, Week in security

Credit to Author: Malwarebytes Labs| Date: Mon, 22 Apr 2019 15:47:21 +0000

Last week, Malwarebytes Labs revealed multiple giveaway online scam campaigns banking on the popularity (and generosity) of Ellen DeGeneres, weighed in on the hack that compromised legacy Microsoft email service accounts like Hotmail and MSN, explained what “like-farming” means and how to spot it on social media, and spotlighted on uncharacteristic executable file formats one of our researchers presented at the SAS conference.

We also exposed persistent phishing campaigns targeting Electrum wallet users to defraud them of Bitcoins and how malware can pose a physical threat to those inside industrial plants and to the residents nearby them.

Other cybersecurity news

According to a cyber resilience study by IBM Security and the Ponemon Institute, more than three-quarters of organizations don’t have a cybersecurity incident response plan. (Source: Help Net Security)
Homeland Security issued a security alert on a flaw present in several enterprise virtual private network (VPN) software from popular vendors, including Cisco and Palo Alto Networks. (Source: TechCrunch)
Researchers from Chronicle Security discovered Flame 2.0—a newer version of the nation-state backed spying malware, Flame, which made headlines in 2012—years after the threat actors behind Flame purportedly pulled the plug on the campaign. (Source: InfoSecurity Magazine)
Airbnb-hoppers, beware! Scammers who are out to swindle current and potential Airbnb customers are using an automated tool to create fake Airbnb sites and then send out ads for these listings. (Source: KrebsOnSecurity)
The latest IE flaw publicly disclosed by a security researcher (because Microsoft refused to patch it) can make it possible for hackers to steal files from affected systems. (Source: ZDNet)
A popular but flawed children’s smartwatch in Australia can allow hackers and stalkers to track minors, spoof their location, or view PII on the victim’s account. (Source: Threatpost)
Potentially hijacked verified Instagram accounts peddling verification badges to influencers was the latest scam that made rounds on Instagram: a fake Instagram verification service. (Source: Forbes)
Yes, CT scans can be manipulated to show false results. Then again, why do this when you can simply swap one scan with another’s? (Source: C4ISRNET)
The Notre Dame Cathedral fire did not only bring a quick turnaround of monetary support for the cathedral’s rebuilding. It has also opened a door for disinformation surrounding the event to creep in. (Source: KnowBe4)
The Scranos rootkit family is a cross-platform password- and data-stealing malware. It started spreading in China first, which researchers believed was its testbed, before the malware was eventually deployed globally. (Source: Dark Reading)

Stay safe, everyone!

The post A week in security (April 15 – 21) appeared first on Malwarebytes Labs.

https://blog.malwarebytes.com/feed/