Week in security (April 09 – April 15)
Credit to Author: Malwarebytes Labs| Date: Mon, 16 Apr 2018 15:05:00 +0000
Last week, we took a look at a malware-campaign called FakeUpdates, methods to use secure instant messaging, the inner workings of a decryption tool, and some Facebook spam campaigns.
We also published our first quarterly Malwarebytes Labs CTNT report of 2018.
Other news
- A security researcher discovered a flaw in P.F.Changs Rewards website. (Source: AkshaySharmaUS@medium.com)
- Security Consultant Xavier Mertens described a suspicious use of certutil.exe. (Source: InfoSec Handlers Diary Blog)
- A significant number of Cisco devices belonging to organizations in Russia and Iran were hacked by a group calling itself JHT. (Source: The Hacker News)
- Facebook CEO Mark Zuckerberg spoke at a joint hearing of the US Senate judiciary and commerce committees in Washington, DC. (Source: siliconrepublic)
- A vulnerability in Microsoft Outlook allowed hackers to steal a user’s Windows password. (Source: ThreatPost)
- A malware gang is going for identity theft and phony tax refunds by targeting CPAs. (Source: Krebs on Security)
- Researchers sinkholed the infamous EITest infection chain. (Source: SecurityWeek)
- A Microsoft network engineer was charged with money laundering linked to Reveton computer ransomware. (Source: SunSentinel)
- Intel has addressed a vulnerability in the configuration of several CPU series that allow an attacker to alter the behavior of the chip’s SPI Flash memory. (Source: Bleeping Computer)
- An old and flawed Javascript crypto-library could allow Bitcoin theft. (Source: The Register)
Stay safe, everyone!
The post Week in security (April 09 – April 15) appeared first on Malwarebytes Labs.