{"id":11912,"date":"2018-04-02T09:10:40","date_gmt":"2018-04-02T17:10:40","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/04\/02\/news-5681\/"},"modified":"2018-04-02T09:10:40","modified_gmt":"2018-04-02T17:10:40","slug":"news-5681","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/04\/02\/news-5681\/","title":{"rendered":"A week in security (March 26 \u2013 April 01)"},"content":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Mon, 02 Apr 2018 16:03:51 +0000<\/strong><\/p>\n<p>Last week, we looked at the <a href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2018\/03\/encryption-101-decryptors-thought-process\/\" target=\"_blank\" rel=\"noopener\">thought process<\/a> behind creating a ransomware decryptor, the inner workings of <a href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2018\/03\/an-in-depth-malware-analysis-of-quantloader\/\" target=\"_blank\" rel=\"noopener\">QuantLoader<\/a>, the <a href=\"https:\/\/blog.malwarebytes.com\/101\/2018\/03\/10-ways-to-protect-your-android-phone\/\" target=\"_blank\" rel=\"noopener\">ways one can protect their Android devices<\/a>, the <a href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2018\/03\/exploit-kits-winter-2018-review\/\" target=\"_blank\" rel=\"noopener\">exploit kits<\/a> we have encountered this winter, the now-known <a href=\"https:\/\/blog.malwarebytes.com\/101\/2018\/03\/the-data-breach-epidemic-no-info-is-safe\/\" target=\"_blank\" rel=\"noopener\">epidemic of data breaches<\/a>, the coming of <a href=\"https:\/\/blog.malwarebytes.com\/security-world\/2018\/03\/tls-1-3-is-nearly-here\/\" target=\"_blank\" rel=\"noopener\">TLS 1.3<\/a>, and the ways one can protect their <a href=\"https:\/\/blog.malwarebytes.com\/101\/2018\/03\/you-down-with-p2p-10-tips-to-secure-your-mobile-payment-app\/\" target=\"_blank\" rel=\"noopener\">P2P payment apps<\/a>.<\/p>\n<h3>Other news<\/h3>\n<ul>\n<li>&#8220;Lone wolf&#8221; sextortionists <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/03\/23\/beware-the-fake-facebook-sirens-that-flirt-you-into-sextortion\/\" target=\"_blank\" rel=\"noopener\">pose as hot women<\/a> behind fake Facebook profiles. (Source: Sophos&#8217;s Naked Security Blog)<\/li>\n<li>Sad fact: <a href=\"https:\/\/www.securityweek.com\/pwner-lonely-heart-sad-reality-romance-scams\" target=\"_blank\" rel=\"noopener\">Willing victims of romance scams<\/a> actually do exist. Not only do they send money to &#8220;their partner&#8221; whom they haven&#8217;t met yet but they also knowingly act as mules. (Source: Security Week)<\/li>\n<li>While a majority of IT pros recognize that <a href=\"http:\/\/www.zdnet.com\/article\/most-it-professionals-fear-iot-cyber-attacks-new-research-suggests-few-are-doing-anything-about\/\" target=\"_blank\" rel=\"noopener\">IoTs are so insecure<\/a>, not that many are actually doing anything about it. (Source: ZDNet)<\/li>\n<li>What happens when you send an application into the background? This SANS diary <a href=\"https:\/\/isc.sans.edu\/forums\/diary\/Sidechannel+information+leakage+in+mobile+applications\/23487\/\" target=\"_blank\" rel=\"noopener\">attempts to answer that<\/a>. (Source: SANS ISC InfoSec Forums)<\/li>\n<li>Well, will you look at that\u2014<a href=\"https:\/\/www.wired.com\/story\/monero-privacy\/\" target=\"_blank\" rel=\"noopener\">Monero isn&#8217;t that untraceable<\/a> after all. (Source: Wired)<\/li>\n<li>A <a href=\"https:\/\/www.hackread.com\/iphone-camera-app-flaw-takes-users-to-phishing-sites\/\" target=\"_blank\" rel=\"noopener\">flaw in the iOS camera application<\/a>\u00a0with the way it handles QR codes can be used to redirect users to malicious destinations. (Source: HackRead)<\/li>\n<li>Cryptojacking via browsers has been around for a while, and it&#8217;s <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/in-browser-cryptojacking-is-getting-harder-to-detect\/\" target=\"_blank\" rel=\"noopener\">getting more difficult to spot<\/a> them. (Source: Bleeping Computer)<\/li>\n<li>Tax season is getting really close, so <a href=\"https:\/\/www.proofpoint.com\/us\/threat-insight\/post\/tax-themed-email-campaigns-steal-credentials-spread-banking-trojans-rats-ransomware\" target=\"_blank\" rel=\"noopener\">scams<\/a> surrounding this are active with varying payloads. (Source: Proofpoint Blog)<\/li>\n<li>As it happens, <a href=\"https:\/\/www.theverge.com\/2018\/3\/29\/17177848\/under-armour-myfitnesspal-data-breach-150-million-accounts-security\" target=\"_blank\" rel=\"noopener\">Under Armor has left some areas uncovered<\/a>, causing MyFitnessPal to be compromised and affecting 150 million accounts. (Source: The Verge)<\/li>\n<li>&#8216;Cyber bullets&#8217;? <a href=\"https:\/\/www.fifthdomain.com\/show-reporter\/global-force-symposium\/2018\/03\/29\/cyber-bullets-were-once-a-spy-tool-but-may-soon-scan-wi-fi-networks-for-the-army\/\" target=\"_blank\" rel=\"noopener\">Cyber bullets!<\/a> (Source: Fifth Domain)<\/li>\n<\/ul>\n<p>Stay safe, everyone!<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/security-world\/2018\/04\/a-week-in-security-march-26-april-01\/\">A week in security (March 26 \u2013 April 01)<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/security-world\/2018\/04\/a-week-in-security-march-26-april-01\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Mon, 02 Apr 2018 16:03:51 +0000<\/strong><\/p>\n<table cellpadding='10'>\n<tr>\n<td valign='top' align='center'><a href='https:\/\/blog.malwarebytes.com\/security-world\/2018\/04\/a-week-in-security-march-26-april-01\/' title='A week in security (March 26 \u2013 April 01)'><img src='https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/01\/shutterstock_610335074.jpg' border='0'  width='300px'  \/><\/a><\/td>\n<\/tr>\n<tr>\n<td valign='top' align='left'>A roundup of notable security news from March 26 to April 1, including data breaches, encryption, exploit kits, and more.<\/p>\n<p>Categories: <\/p>\n<ul class=\"post-categories\">\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/security-world\/\" rel=\"category tag\">Security world<\/a><\/li>\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/security-world\/week-in-security\/\" rel=\"category tag\">Week in security<\/a><\/li>\n<\/ul>\n<p>Tags: <a href=\"https:\/\/blog.malwarebytes.com\/tag\/android\/\" rel=\"tag\">Android<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/data-breach\/\" rel=\"tag\">data breach<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/encryption\/\" rel=\"tag\">encryption<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/exploit-kits\/\" rel=\"tag\">exploit kits<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/p2p-payment\/\" rel=\"tag\">p2p payment<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/quantloader\/\" rel=\"tag\">QuantLoader<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/tls\/\" rel=\"tag\">TLS<\/a><\/p>\n<table width='100%'>\n<tr>\n<td align=right>\n<p><b>(<a href='https:\/\/blog.malwarebytes.com\/security-world\/2018\/04\/a-week-in-security-march-26-april-01\/' title='A week in security (March 26 \u2013 April 01)'>Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/security-world\/2018\/04\/a-week-in-security-march-26-april-01\/\">A week in security (March 26 \u2013 April 01)<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[10462,11172,10439,10528,17966,17928,10497,11309,10498],"class_list":["post-11912","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-android","tag-data-breach","tag-encryption","tag-exploit-kits","tag-p2p-payment","tag-quantloader","tag-security-world","tag-tls","tag-week-in-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11912","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=11912"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11912\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=11912"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=11912"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=11912"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}