{"id":11452,"date":"2018-02-12T10:10:13","date_gmt":"2018-02-12T18:10:13","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/02\/12\/news-5223\/"},"modified":"2018-02-12T10:10:13","modified_gmt":"2018-02-12T18:10:13","slug":"news-5223","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/02\/12\/news-5223\/","title":{"rendered":"A week in security (February 5 \u2013 February 11)"},"content":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Mon, 12 Feb 2018 17:00:10 +0000<\/strong><\/p>\n<p>Last week on Malwarebytes Labs, we featured a <a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2018\/02\/new-flash-player-zero-day-comes-inside-office-document\/\" target=\"_blank\" rel=\"noopener\">new Flash Player zero-day<\/a> that has been found in recent targeted attacks. And we talked about a new <a href=\"https:\/\/blog.malwarebytes.com\/malwarebytes-news\/2018\/02\/tech-support-scammers-find-new-way-jam-google-chrome\/\" target=\"_blank\" rel=\"noopener\">trick to cripple browsers<\/a> that came out of the hat of tech support scammers.<\/p>\n<p>We also covered several methods of stealing cryptocurrencies, including <a href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2018\/02\/new-information-unfolds-regarding-mac-cryptominer\/\" target=\"_blank\" rel=\"noopener\">one for the Mac<\/a> that wasn\u2019t as new as it seemed, one for Android that <a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2018\/02\/bogus-hack-apps-hack-users-back-for-cryptocash\/\" target=\"_blank\" rel=\"noopener\">poses as hack apps<\/a>, and yet another abusing the fact that <a href=\"from%20their%20networks\" target=\"_blank\" rel=\"noopener\">Deepfakes content<\/a> was banned from most major networks. We even threw in an overview of several major <a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2018\/02\/bank-robbers-2-0-digital-thievery-stolen-cryptocoins\/\" target=\"_blank\" rel=\"noopener\">cryptocurrency related thefts<\/a>.<\/p>\n<p>For Safer Internet Day 2018, we provided you with some fast and free tools to make your Internet experience safer and more private using <a href=\"https:\/\/blog.malwarebytes.com\/security-world\/2018\/02\/safer-internet-day-2018\/\" target=\"_blank\" rel=\"noopener\">ad blockers and anti-trackers<\/a>.<\/p>\n<h3>Other news<\/h3>\n<ul>\n<li>Security researcher Scott Helme reported that thousands of US and UK government sites were running a <a href=\"https:\/\/news.sky.com\/story\/hackers-take-uk-government-websites-offline-and-infect-thousands-more-worldwide-11246618\" target=\"_blank\" rel=\"noopener\">compromised BrowserAloud<\/a> plugin, making visitors mine for the Monero cryptocurrency. (Source: Sky News)<\/li>\n<li><a href=\"https:\/\/threatpost.com\/lenovo-warns-critical-wifi-vulnerability-impacts-dozens-of-thinkpad-models\/129860\/\" target=\"_blank\" rel=\"noopener\">Lenovo<\/a> warned customers about two critical Broadcom (Wifi) vulnerabilities that impact 25 models of its popular ThinkPad brand. (Source: ThreatPost)<\/li>\n<li>Research shows that LiteCoin will be the <a href=\"https:\/\/go.recordedfuture.com\/hubfs\/reports\/cta-2018-0208.pdf\" target=\"_blank\" rel=\"noopener\">next dominating cryptocurrency on the Dark Web<\/a>, and not Monero as expected. (Source: Recorded Future)<\/li>\n<li>A free <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/free-decryption-tool-released-for-cryakl-ransomware\/\" target=\"_blank\" rel=\"noopener\">decryption tool was released for Cryakl<\/a> ransomware by Belgian Federal Police together with Kaspersky Lab. (Source: Bleeping Computer)<\/li>\n<li>The Russian Research Institute of Experimental Physics was found to be using their nuclear <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/02\/10\/have-federal-nuclear-supercomputer-go-cryptomining\/\" target=\"_blank\" rel=\"noopener\">supercomputer for cryptomining<\/a>. (Source: Naked Security)<\/li>\n<li>Researchers have identified a new strain of point-of-sale (PoS) malware that impersonates a LogMeIn service pack to <a href=\"https:\/\/www.tripwire.com\/state-of-security\/latest-security-news\/new-udpos-malware-exfiltrates-credit-card-details-via-dns-server\/\" target=\"_blank\" rel=\"noopener\">steal credit card data<\/a> via a DNS server. (Source: Tripwire)<\/li>\n<li>The US Justice Department announced charges on Wednesday against three dozen individuals thought to be key members of \u2018<a href=\"https:\/\/krebsonsecurity.com\/2018\/02\/u-s-arrests-13-charges-36-in-infraud-cybercrime-forum-bust\/\" target=\"_blank\" rel=\"noopener\">Infraud<\/a>,\u201d a long-running cybercrime forum that federal prosecutors say cost consumers more than half a billion dollars. (Source: Krebs on Security)<\/li>\n<li>Working with Fujitsu, Microsoft is further embracing <a href=\"https:\/\/www.cbronline.com\/news\/microsoft-palm-vein-biometric-technology\" target=\"_blank\" rel=\"noopener\">biometric technology<\/a> with the implementation of a palm-vein authentication system that will be supported by Windows 10 Pro. (Source: CBR online)<\/li>\n<li>Key <a href=\"https:\/\/motherboard.vice.com\/en_us\/article\/a34g9j\/iphone-source-code-iboot-ios-leak\" target=\"_blank\" rel=\"noopener\">iPhone source code<\/a> gets posted online that could pave the way for hackers and security researchers to find vulnerabilities in iOS and make iPhone jailbreaks easier to achieve. (Source: Motherboard)<\/li>\n<li><a href=\"http:\/\/www.theregister.co.uk\/2018\/02\/09\/vmware_temp_fixes_for_meltdown_spectre_for_virtual_appliances\/\" target=\"_blank\" rel=\"noopener\">VMware<\/a> has advised on how to mitigate the Meltdown and Spectre chip design flaws in several of its products. (Source: The Register)<\/li>\n<\/ul>\n<p>Stay safe, everyone!<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/security-world\/week-in-security\/2018\/02\/week-security-february-5-february-11\/\">A week in security (February 5 \u2013 February 11)<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/security-world\/week-in-security\/2018\/02\/week-security-february-5-february-11\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Mon, 12 Feb 2018 17:00:10 +0000<\/strong><\/p>\n<table cellpadding='10'>\n<tr>\n<td valign='top' align='center'><a href='https:\/\/blog.malwarebytes.com\/security-world\/week-in-security\/2018\/02\/week-security-february-5-february-11\/' title='A week in security (February 5 \u2013 February 11)'><img src='https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/01\/shutterstock_610335074.jpg' border='0'  width='300px'  \/><\/a><\/td>\n<\/tr>\n<tr>\n<td valign='top' align='left'>We bring you an overview of what happened in cybersecurity during the last week, including new developments in drive-by cryptomining, including Mac and Android miners, and yet another abusing the fact that Deepfakes content was banned from most major networks. <\/p>\n<p>Categories: <\/p>\n<ul class=\"post-categories\">\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/security-world\/\" rel=\"category tag\">Security world<\/a><\/li>\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/security-world\/week-in-security\/\" rel=\"category tag\">Week in security<\/a><\/li>\n<\/ul>\n<p>Tags: <a href=\"https:\/\/blog.malwarebytes.com\/tag\/a-week-in-security\/\" rel=\"tag\">a week in security<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/android-cryptomining\/\" rel=\"tag\">android cryptomining<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/cryptomining\/\" rel=\"tag\">cryptomining<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/deepfakes\/\" rel=\"tag\">deepfakes<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/mac-cryptomining\/\" rel=\"tag\">mac cryptomining<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/safer-internet-day\/\" rel=\"tag\">safer internet day<\/a><\/p>\n<table width='100%'>\n<tr>\n<td align=right>\n<p><b>(<a href='https:\/\/blog.malwarebytes.com\/security-world\/week-in-security\/2018\/02\/week-security-february-5-february-11\/' title='A week in security (February 5 \u2013 February 11)'>Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/security-world\/week-in-security\/2018\/02\/week-security-february-5-february-11\/\">A week in security (February 5 \u2013 February 11)<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[12969,17492,15080,17473,17493,11228,10497,10498],"class_list":["post-11452","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-a-week-in-security","tag-android-cryptomining","tag-cryptomining","tag-deepfakes","tag-mac-cryptomining","tag-safer-internet-day","tag-security-world","tag-week-in-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11452","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=11452"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11452\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=11452"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=11452"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=11452"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}