A week in security (January 27 – February 2)

Credit to Author: Malwarebytes Labs| Date: Mon, 03 Feb 2020 19:00:50 +0000

Last week on Malwarebytes Labs, we looked at the strengths and weaknesses of the Zero Trust model, gave you the low-down on spear phishing, and took a delve into the world of securing the managed service provider (MSP).

UN compromised via Sharepoint hack: An extraordinary tale highlighting that absolutely nobody is safe when bad things happen and are then covered up. (Source: The Register)
TA505 returns: A well-known financial phishing attack is back from hiatus to cause chaos once again. (Source: Bleeping Computer)
SMS phishing, aka smishing: Residents of Pitt County are warned to be wary of bogus FedEx notifications sent by text. (Source: News Channel 12)
Social media booster runs into password mayhem: Another organisation discovers too late that plaintext passwords aren’t a great idea. (Source: TechCrunch)
Ashley Madison breach returns to haunt us: Five years on, it’s causing problems in all new ways, fueling a new extortion scam. (Source: VadeSecure)
Hacking in Hong Kong: ESET looks at how the Winnti group are targeting two Hong Kong Universities. (Source: ESET)
Microsoft launches new bug bounty program: If you’re into gaming, this may be just what you’re looking for. (Source: Help Net Security)
Big breach, big numbers: A compromise could potentially include a large tally of (more than 30 million) credit card information. (Source: Krebs on Security)
The real world virus scammers have arrived: Booby-trapped Word documents pushing the Emotet Trojan are being fired out to people’s mailboxes, disguised as warnings about the coronavirus. (Source: TechRepublic)
Tricky phishing: It may be the case that we’re not as good at detecting scams as we think we are. (Source: ZDNet)

Stay safe, everyone!