{"id":11119,"date":"2018-01-15T12:10:09","date_gmt":"2018-01-15T20:10:09","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/01\/15\/news-4890\/"},"modified":"2018-01-15T12:10:09","modified_gmt":"2018-01-15T20:10:09","slug":"news-4890","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/01\/15\/news-4890\/","title":{"rendered":"A week in security (January 8 &#8211; January 14)"},"content":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Mon, 15 Jan 2018 19:24:48 +0000<\/strong><\/p>\n<p>It&#8217;s very early in the year, yet everyone has already had a complete meltdown <em>(pun intended)<\/em> over a number of serious vulnerabilities found in legacy and modern microprocessors. Last week, rightly so, vendors released patches for hardware and OSes to\u00a0help mitigate these threats. However, <a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/exploits\/2018\/01\/meltdown-and-spectre-fallout-patching-problems-persist\/\" target=\"_blank\" rel=\"noopener\">problems in patching persisted<\/a>.<\/p>\n<p>As if this wasn&#8217;t challenging enough, some online criminals jumped on the bandwagon to take advantage of the hullabaloo to <a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2018\/01\/fake-spectre-and-meltdown-patch-pushes-smoke-loader\/\" target=\"_blank\" rel=\"noopener\">push out the Smoke Loader malware<\/a> to inconspicuous user systems.<\/p>\n<p>On our blog, we also touched on <a href=\"https:\/\/blog.malwarebytes.com\/security-world\/2018\/01\/wpa3-will-secure-wi-fi-connections-in-four-significant-ways-in-2018\/\" target=\"_blank\" rel=\"noopener\">WPA3<\/a>, <a href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/social-engineering-threat-analysis\/2018\/01\/stripchat-bot-spells-block\/\" target=\"_blank\" rel=\"noopener\">misleading marketing tactics<\/a>, more <a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2018\/01\/of-princes-and-perpetrators\/\" target=\"_blank\" rel=\"noopener\">419 scams<\/a>, and <a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2018\/01\/alleged-creator-of-fruitfly-indicted-for-13-years-of-malware-assisted-spying\/\" target=\"_blank\" rel=\"noopener\">the indictment of alleged Fruitfly creator<\/a>\u2014a win for the security community.<\/p>\n<p>Lastly, in the realm of cryptocurrency, we saw <a href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2018\/01\/rig-exploit-kit-campaign-gets-deep-into-crypto-craze\/\" target=\"_blank\" rel=\"noopener\">an increase in malware payloads from the RIG exploit kit<\/a>.<\/p>\n<h3>Other news<\/h3>\n<ul>\n<li>The <a href=\"https:\/\/www.welivesecurity.com\/wp-content\/uploads\/2018\/01\/ESET_Turla_Mosquito.pdf\" target=\"_blank\" rel=\"noopener\">espionage group named Turla came back<\/a>, but not with a bang [PDF]. (Source: ESET&#8217;s We Live Security Blog)<\/li>\n<li>Aadhar, the world&#8217;s largest biometric database located in India, houses the data of 1.2 billion citizens. Unfortunately, it was <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/01\/09\/aadhaar-breaches-fuelled-by-rogue-admin-accounts\/\" target=\"_blank\" rel=\"noopener\">one of the easiest systems to breach<\/a>. (Source: Sophos&#8217;s Naked Security Blog)<\/li>\n<li>Several apps in Google Play that left children\u00a0exposed to adult entertainment ads were booted off the store. <a href=\"https:\/\/threatpost.com\/apps-exposing-children-to-porn-ads-booted-from-google-play\/129400\/\" target=\"_blank\" rel=\"noopener\">Good<\/a>. (Source: Kaspersky&#8217;s Threatpost)<\/li>\n<li>Kotlin-coded Android malware was found on Google Play stealing data. <a href=\"https:\/\/www.hackread.com\/android-malware-in-kotlin-on-play-store\/\" target=\"_blank\" rel=\"noopener\">Not good<\/a>. (Source: Hack Read)<\/li>\n<li>In spite\u00a0of its end-to-end encryption, <a href=\"https:\/\/www.wired.com\/story\/whatsapp-security-flaws-encryption-group-chats\/\" target=\"_blank\" rel=\"noopener\">a flaw found in WhatsApp allows snoopers to infiltrate supposedly secure group chats<\/a>. Researchers who found the flaw advised the vendor to introduce an authentication feature for new group invites. (Source: Wired)<\/li>\n<li>Connecting to public Wi-Fi? <a href=\"http:\/\/www.zdnet.com\/article\/how-to-hack-public-wi-fi-to-mine-for-cryptocurrency\/\" target=\"_blank\" rel=\"noopener\">Beware of CoffeeMiner<\/a>. (Source: ZDNet)<\/li>\n<li>Once again, <a href=\"https:\/\/www.ft.com\/content\/026a6ce0-f27e-11e7-b220-857e26d1aca4\" target=\"_blank\" rel=\"noopener\">hackers took center stage for an upcoming global sports event<\/a> by targeting organizations involved in the Winter Olympics. (Source: Financial Times)<\/li>\n<li>VTech, a well-known company that makes kids toys, agreed to <a href=\"https:\/\/www.infosecurity-magazine.com\/news\/vtech-to-pay-650k-to-settle-kids\/\" target=\"_blank\" rel=\"noopener\">settle a privacy lawsuit to the tune of $650,000<\/a>. (Source: InfoSecurity Magazine)<\/li>\n<li>Savvy cybercrime syndicate source <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/python-based-botnet-targets-linux-systems-with-exposed-ssh-ports\/\" target=\"_blank\" rel=\"noopener\">Linux systems with susceptible SSH ports<\/a> to scour for Monero. (Source: Bleeping Computer)<\/li>\n<\/ul>\n<p>Stay safe, everyone!<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/malwarebytes-news\/2018\/01\/a-week-in-security-january-8-january-14\/\">A week in security (January 8 &#8211; January 14)<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/malwarebytes-news\/2018\/01\/a-week-in-security-january-8-january-14\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Mon, 15 Jan 2018 19:24:48 +0000<\/strong><\/p>\n<table cellpadding='10'>\n<tr>\n<td valign='top' align='center'><a href='https:\/\/blog.malwarebytes.com\/malwarebytes-news\/2018\/01\/a-week-in-security-january-8-january-14\/' title='A week in security (January 8 - January 14)'><img src='https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/01\/shutterstock_610335074.jpg' border='0'  width='300px'  \/><\/a><\/td>\n<\/tr>\n<tr>\n<td valign='top' align='left'>A compilation of notable security news and blog posts from January 8 to January 14, including Meltdown and Spectre fallout, apps with naughty ads, and cybercrime surrounding the Winter Olympics.<\/p>\n<p>Categories: <\/p>\n<ul class=\"post-categories\">\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/malwarebytes-news\/\" rel=\"category tag\">Malwarebytes news<\/a><\/li>\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/security-world\/\" rel=\"category tag\">Security world<\/a><\/li>\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/security-world\/week-in-security\/\" rel=\"category tag\">Week in security<\/a><\/li>\n<\/ul>\n<p>Tags: <a href=\"https:\/\/blog.malwarebytes.com\/tag\/google-play\/\" rel=\"tag\">Google Play<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/meltdown-and-spectre\/\" rel=\"tag\">meltdown and spectre<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/winter-olympics\/\" rel=\"tag\">winter olympics<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/wpa3\/\" rel=\"tag\">WPA3<\/a><\/p>\n<table width='100%'>\n<tr>\n<td align=right>\n<p><b>(<a href='https:\/\/blog.malwarebytes.com\/malwarebytes-news\/2018\/01\/a-week-in-security-january-8-january-14\/' title='A week in security (January 8 - January 14)'>Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/malwarebytes-news\/2018\/01\/a-week-in-security-january-8-january-14\/\">A week in security (January 8 &#8211; January 14)<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[11268,10546,17085,10497,10498,17177,17154],"class_list":["post-11119","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-google-play","tag-malwarebytes-news","tag-meltdown-and-spectre","tag-security-world","tag-week-in-security","tag-winter-olympics","tag-wpa3"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11119","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=11119"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11119\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=11119"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=11119"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=11119"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}