A week in security (September 26 – October 2)
Last week on Malwarebytes Labs:
- Why (almost) everything we told you about passwords was wrong
- Two new Exchange Server zero-days in the wild
- Local government cybersecurity: 5 best practices
- Optus data breach “attacker” says sorry, it was a mistake
- Fast Company hacked to send obscene and racist messages
- APT28 attack uses old PowerPoint trick to download malware
- Spyware disguises itself as Zoom downloads
- FCC moves to block robotexts
- Erbium stealer on the hunt for data
- 4 times students compromised school cybersecurity
- Facebook users sue Meta for allegedly building “secret workaround” to Apple privacy safeguards
- TikTok faces $28m fine for failing to protect children’s privacy
- Flaw in some ManageEngine apps is being actively exploited, says CISA
- Exchange servers abused for spam through malicious OAuth applications
- Calling in the ransomware negotiator, with Kurtis Minder: Lock and Code S03E20
- Windows 11 pulls ahead of Windows 10 in anti-phishing stakes
- Twitter fixes bug that left devices logged in after password reset
Stay safe!