{"id":10643,"date":"2017-11-28T15:10:23","date_gmt":"2017-11-28T23:10:23","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/11\/28\/news-4415\/"},"modified":"2017-11-28T15:10:23","modified_gmt":"2017-11-28T23:10:23","slug":"news-4415","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/11\/28\/news-4415\/","title":{"rendered":"A week in security (November 20 &#8211; November 26)"},"content":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Mon, 27 Nov 2017 19:25:39 +0000<\/strong><\/p>\n<p>Last week, we warned you about a new method by which the <a href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/mac-threat-analysis\/2017\/11\/osx-proton-spreading-through-fake-symantec-blog\/\" target=\"_blank\" rel=\"noopener\">Mac malware OSX.Proton<\/a> is being spread, we informed you where all those <a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2017\/11\/text-messages-and-bitcoin-codes-follow-the-money-trail\/\" target=\"_blank\" rel=\"noopener\">free Bitcoins<\/a> you were texted about were being held up, how the EU intends to <a href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/social-engineering-threat-analysis\/2017\/11\/eu-intends-battle-fake-news\/\" target=\"_blank\" rel=\"noopener\">battle fake news<\/a>, and how the <a href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/malware-threat-analysis\/2017\/11\/terdot-trojan-likes-social-media\/\" target=\"_blank\" rel=\"noopener\">Terdot Trojan<\/a> likes social media. We also revealed our <a href=\"https:\/\/press.malwarebytes.com\/2017\/11\/20\/malwarebytes-reveals-2018-security-predictions\/\" target=\"_blank\" rel=\"noopener\">2018 security predictions<\/a>.<\/p>\n<h3>Other news<\/h3>\n<ul>\n<li>Due to zero entropy implementation of Address Space Layout Randomization (ASLR), the <a href=\"http:\/\/www.zdnet.com\/article\/key-windows-10-defense-is-worthless-and-bug-dates-back-to-windows-8\/\" target=\"_blank\" rel=\"noopener\">Windows 10 defense is &#8216;worthless&#8217;<\/a> and this bug dates back to Windows 8. (source: ZDNet)<\/li>\n<li>A new tech support scam technique streamlines the entire scam experience, leaving the potential victims only <a href=\"A%20new%20tech%20support%20scam%20technique%20streamlines%20the%20entire%20scam%20experience,%20leaving%20potential%20victims%20only%20one%20click%20or%20tap%20away%20from%20speaking%20with%20a%20scammer.\" target=\"_blank\" rel=\"noopener\">one click or tap<\/a> away from speaking with a scammer. (Source: Microsoft blog)<\/li>\n<li>You have <a href=\"https:\/\/www.tripwire.com\/state-of-security\/featured\/western-union-refund\/\" target=\"_blank\" rel=\"noopener\">less than 90 days<\/a> to claim your share of $586 million refund if you were scammed via (not by) Western Union. (Source: Tripwire)<\/li>\n<li>Firefox 59 to make it a lot harder to use <a href=\"https:\/\/www.virusbulletin.com\/blog\/2017\/11\/firefox-59-make-it-lot-harder-use-data-uris-phishing-attacks\/\" target=\"_blank\" rel=\"noopener\">data URIs in phishing attacks<\/a>, as it will stop rendering them in certain scenarios. (Source: Virusbulletin blog)<\/li>\n<li>An increasing number of vendors have warned customers over the past weeks that their <a href=\"http:\/\/www.securityweek.com\/more-industrial-products-risk-krack-attacks\" target=\"_blank\" rel=\"noopener\">industrial networking products are vulnerable<\/a> to the recently disclosed Wi-Fi attack method known as <a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/mobile\/2017\/10\/release-the-kracken-flaw-in-wi-fi-security-leaves-users-vulnerable\/\" target=\"_blank\" rel=\"noopener\">KRACK<\/a>. (Source: SecurityWeek)<\/li>\n<li><a href=\"https:\/\/www.reuters.com\/article\/us-uber-cyberattack\/regulators-to-press-uber-after-it-admits-covering-up-data-breach-idUSKBN1DL2UQ\" target=\"_blank\" rel=\"noopener\">Regulators to press Uber<\/a> after <a href=\"https:\/\/www.uber.com\/en-NL\/newsroom\/2016-data-incident\/\" target=\"_blank\" rel=\"noopener\">it admits<\/a> covering up a data breach containing some personal information of 57 million Uber users around the world. (Sources: Reuters and Uber press release)<\/li>\n<li>Security researchers have discovered a potentially dangerous vulnerability in the firmware of various <a href=\"https:\/\/thehackernews.com\/2017\/11\/hp-printer-hacking.html\" target=\"_blank\" rel=\"noopener\">Hewlett Packard (HP) enterprise printer models<\/a> that could be abused by attackers to run arbitrary code on affected printer models remotely. (Source: The Hacker News)<\/li>\n<li>Facebook will soon be creating a portal to enable people to learn which of the Internet Research Agency (<a href=\"https:\/\/newsroom.fb.com\/news\/2017\/11\/continuing-transparency-on-russian-activity\/\" target=\"_blank\" rel=\"noopener\">Russian activity<\/a>)Facebook pages or Instagram accounts they may have liked or followed. (Source: Facebook Newsroom)<\/li>\n<li>Imgur came clean about a <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/imgur-suffered-a-small-data-breach-in-2014\/\" target=\"_blank\" rel=\"noopener\">security breach<\/a> that took place in 2014. During the incident, <a href=\"https:\/\/blog.imgur.com\/2017\/11\/24\/notice-of-data-breach\/\" target=\"_blank\" rel=\"noopener\">Imgur says<\/a> an unknown attacker managed to steal details on 1.7 million users. (Source: Bleeping Computer and Imgur blog)<\/li>\n<li>KrebsOnSecurity has sought to call attention to online services which <a href=\"https:\/\/krebsonsecurity.com\/2017\/11\/namedobssnfafsa-data-gold-mine\/\" target=\"_blank\" rel=\"noopener\">expose sensitive consumer data.<\/a>\u00a0The user only needs to know a handful of static details about a person that are broadly for sale in the cybercrime underground. (Source: KrebsonSecurity)<\/li>\n<\/ul>\n<p>Stay safe everyone!<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/security-world\/2017\/11\/week-in-security-november-20-november-26\/\">A week in security (November 20 &#8211; November 26)<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/security-world\/2017\/11\/week-in-security-november-20-november-26\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Mon, 27 Nov 2017 19:25:39 +0000<\/strong><\/p>\n<table cellpadding='10'>\n<tr>\n<td valign='top' align='center'><a href='https:\/\/blog.malwarebytes.com\/security-world\/2017\/11\/week-in-security-november-20-november-26\/' title='A week in security (November 20 - November 26)'><img src='https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2017\/01\/photodune-702886-calendar-l.jpg' border='0'  width='300px'  \/><\/a><\/td>\n<\/tr>\n<tr>\n<td valign='top' align='left'>Learn what happened in the world of security during the week of November 20 to November 26.<\/p>\n<p>Categories: <\/p>\n<ul class=\"post-categories\">\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/security-world\/\" rel=\"category tag\">Security world<\/a><\/li>\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/security-world\/week-in-security\/\" rel=\"category tag\">Week in security<\/a><\/li>\n<\/ul>\n<p>Tags: <a href=\"https:\/\/blog.malwarebytes.com\/tag\/bitcoins\/\" rel=\"tag\">bitcoins<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/facebook\/\" rel=\"tag\">facebook<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/imgur\/\" rel=\"tag\">imgur<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/imgur-breach\/\" rel=\"tag\">Imgur breach<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/krack\/\" rel=\"tag\">KRACK<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/mac-malware\/\" rel=\"tag\">mac malware<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/osx-proton\/\" rel=\"tag\">OSX.Proton<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/security\/\" rel=\"tag\">security<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/terdot-trojan\/\" rel=\"tag\">Terdot Trojan<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/trojan\/\" rel=\"tag\">trojan<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/uber-breach\/\" rel=\"tag\">Uber breach<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/week-in-security\/\" rel=\"tag\">week in security<\/a><\/p>\n<table width='100%'>\n<tr>\n<td align=right>\n<p><b>(<a href='https:\/\/blog.malwarebytes.com\/security-world\/2017\/11\/week-in-security-november-20-november-26\/' title='A week in security (November 20 - November 26)'>Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/security-world\/2017\/11\/week-in-security-november-20-november-26\/\">A week in security (November 20 &#8211; November 26)<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[14719,3589,16726,16764,15793,11976,16691,714,10497,16765,10833,16766,10498],"class_list":["post-10643","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-bitcoins","tag-facebook","tag-imgur","tag-imgur-breach","tag-krack","tag-mac-malware","tag-osx-proton","tag-security","tag-security-world","tag-terdot-trojan","tag-trojan","tag-uber-breach","tag-week-in-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/10643","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=10643"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/10643\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=10643"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=10643"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=10643"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}