{"id":13205,"date":"2018-08-27T10:10:03","date_gmt":"2018-08-27T18:10:03","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/08\/27\/news-6972\/"},"modified":"2018-08-27T10:10:03","modified_gmt":"2018-08-27T18:10:03","slug":"news-6972","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/08\/27\/news-6972\/","title":{"rendered":"A week in security (August 20 \u2013 26)"},"content":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Mon, 27 Aug 2018 17:06:17 +0000<\/strong><\/p>\n<p>Last week on Labs, we took a look at <a href=\"https:\/\/blog.malwarebytes.com\/101\/2018\/08\/the-enemy-is-us-a-look-at-insider-threats\/\" target=\"_blank\" rel=\"noopener\">insider threats<\/a>, doubled back on the privacy of <a href=\"https:\/\/blog.malwarebytes.com\/puppum\/2018\/08\/can-search-extensions-keep-searches-private\/\" target=\"_blank\" rel=\"noopener\">search browser extensions<\/a>, profiled <a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2018\/08\/green-card-scams-preying-desperate\/\" target=\"_blank\" rel=\"noopener\">green card scams<\/a>, revisited Defcon\u00a0<a href=\"https:\/\/blog.malwarebytes.com\/security-world\/2018\/08\/badgelife-a-defcon-26-retrospective\/\" target=\"_blank\" rel=\"noopener\">badgelife<\/a>, and talked about <a href=\"https:\/\/blog.malwarebytes.com\/101\/2018\/08\/the-digital-entropy-of-death-bsides-manchester\/\" target=\"_blank\" rel=\"noopener\">what happens to a user&#8217;s accounts when they die<\/a>.<\/p>\n<h3>Other cybersecurity news<\/h3>\n<ul>\n<li>There was an archiving error in Twitch HQ. Unfortunately, that left some private user messages (even those with sensitive info in them) <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/08\/21\/twitch-admits-exposing-user-messages-after-archiving-error\/\" target=\"_blank\" rel=\"noopener\">exposed<\/a> to the public for a time. (Source: Sophos&#8217; Naked Security Blog)<\/li>\n<li>Researchers from Catholic University found that apps offering ad blocking and privacy can be <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/08\/20\/adblocking-and-browser-privacy-can-be-bypassed-researchers-find\/\" target=\"_blank\" rel=\"noopener\">bypassed<\/a>. (Source: Sophos&#8217; Naked Security Blog)<\/li>\n<li>Researchers associated with Project Insecurity <a href=\"https:\/\/threatpost.com\/canadian-telcos-patch-an-apt-ready-flaw-in-disability-services\/136704\/\" target=\"_blank\" rel=\"noopener\">found<\/a> a flaw in disability services in Canadian telcos. (Source: Kaspersky&#8217;s Threatpost)<\/li>\n<li>Facebook continued to clean house, removing more pages of campaigns that originated from Iran and Russia to <a href=\"https:\/\/newsroom.fb.com\/news\/2018\/08\/more-coordinated-inauthentic-behavior\/\" target=\"_blank\" rel=\"noopener\">curb<\/a> &#8220;coordinated inauthentic behavior.&#8221; (Source: Facebook Newsroom)<\/li>\n<li>A computer science professor at Vanderbilt University published a 55-page study on how Google continues to <a href=\"https:\/\/www.washingtonpost.com\/technology\/2018\/08\/22\/dont-want-google-tracking-you-you-have-almost-no-choice-according-new-study\/?utm_term=.7c429f9cb355\" target=\"_blank\" rel=\"noopener\">collect<\/a> data on users, even when the device is idle. (Source: The Washington Post)<\/li>\n<li>Philips revealed that their cardiovascular imaging devices have a flaw that could <a href=\"https:\/\/www.zdnet.com\/article\/philips-reveals-code-execution-vulnerabilities-in-cardiovascular-devices\/\" target=\"_blank\" rel=\"noopener\">provide<\/a> a low-level hacker &#8220;improper privilege management.&#8221; (Source: ZDNet)<\/li>\n<li>Videomaker service provider Animoto was <a href=\"https:\/\/techcrunch.com\/2018\/08\/20\/animoto-hack-exposes-personal-information-geolocation-data\/\" target=\"_blank\" rel=\"noopener\">breached<\/a>. (Source: TechCrunch)<\/li>\n<li>Ryuk, a new ransomware, <a href=\"https:\/\/www.zdnet.com\/article\/this-new-ransomware-campaign-targets-business-and-demands-a-massive-bitcoin-ransom\/\" target=\"_blank\" rel=\"noopener\">trained<\/a> their crosshairs at large organizations capable of paying high-valued ransom in Bitcoin. (Source: ZDNet)<\/li>\n<li>North Korea&#8217;s The Lazarus Group pushed out its first Mac malware and successfully <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/lazarus-group-deploys-its-first-mac-malware-in-cryptocurrency-exchange-hack\/\" target=\"_blank\" rel=\"noopener\">infiltrated<\/a> IT systems of a cryptocurrency exchange platform based in Asia. (Source: Bleeping Computer)<\/li>\n<li>Superdrug, the popular health and beauty retailer based in the UK, was <a href=\"https:\/\/www.infosecurity-magazine.com\/news\/superdrug-held-to-ransom-after\/\" target=\"_blank\" rel=\"noopener\">breached<\/a>. (Source: InfoSecurity Magazine)<\/li>\n<li>Cobalt Dickens, a campaign that originated in Iran, <a href=\"https:\/\/www.secureworks.com\/blog\/back-to-school-cobalt-dickens-targets-universities\" target=\"_blank\" rel=\"noopener\">targeted<\/a> universities in 14 countries to steal credentials. (Source: SecureWorks)<\/li>\n<li>Hackers make millions by <a href=\"https:\/\/www.theverge.com\/2018\/8\/22\/17716622\/sec-business-wire-hack-stolen-press-release-fraud-ukraine\" target=\"_blank\" rel=\"noopener\">selling<\/a> unpublished press releases. (Source: The Verge)<\/li>\n<\/ul>\n<p>Stay safe, everyone!<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/security-world\/week-in-security\/2018\/08\/a-week-in-security-august-20-august-26\/\">A week in security (August 20 \u2013 26)<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/security-world\/week-in-security\/2018\/08\/a-week-in-security-august-20-august-26\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Mon, 27 Aug 2018 17:06:17 +0000<\/strong><\/p>\n<table cellpadding='10'>\n<tr>\n<td valign='top' align='center'><a href='https:\/\/blog.malwarebytes.com\/security-world\/week-in-security\/2018\/08\/a-week-in-security-august-20-august-26\/' title='A week in security (August 20 \u2013 26)'><img src='https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/01\/shutterstock_610335074.jpg' border='0'  width='300px'  \/><\/a><\/td>\n<\/tr>\n<tr>\n<td valign='top' align='left'>A roundup of the security news from August 20 \u2013 26, including a look at insider threats, several breaches, and what tech giants Google and Facebook are doing about their privacy issues.<\/p>\n<p>Categories: <\/p>\n<ul class=\"post-categories\">\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/security-world\/\" rel=\"category tag\">Security world<\/a><\/li>\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/security-world\/week-in-security\/\" rel=\"category tag\">Week in security<\/a><\/li>\n<\/ul>\n<p>Tags: <a href=\"https:\/\/blog.malwarebytes.com\/tag\/a-week-in-security\/\" rel=\"tag\">a week in security<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/badgelife\/\" rel=\"tag\">badgelife<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/cobalt-dickens\/\" rel=\"tag\">cobalt dickens<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/cybersecurity\/\" rel=\"tag\">cybersecurity<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/cybersecurity-awareness\/\" rel=\"tag\">cybersecurity awareness<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/digital-entropy-of-death\/\" rel=\"tag\">digital entropy of death<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/elections\/\" rel=\"tag\">elections<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/facebook\/\" rel=\"tag\">facebook<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/google\/\" rel=\"tag\">Google<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/green-card-scam\/\" rel=\"tag\">green card scam<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/privacy\/\" rel=\"tag\">privacy<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/project-insecurity\/\" rel=\"tag\">project insecurity<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/ransomware\/\" rel=\"tag\">ransomware<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/recap\/\" rel=\"tag\">recap<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/ryuk\/\" rel=\"tag\">ryuk<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/search-browser-extensions\/\" rel=\"tag\">search browser extensions<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/superdrug\/\" rel=\"tag\">superdrug<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/the-lazarus-group\/\" rel=\"tag\">the lazarus group<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/twitch\/\" rel=\"tag\">twitch<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/vulnerabilities\/\" rel=\"tag\">vulnerabilities<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/weekly-blog-roundup\/\" rel=\"tag\">weekly blog roundup<\/a><\/p>\n<table width='100%'>\n<tr>\n<td align=right>\n<p><b>(<a href='https:\/\/blog.malwarebytes.com\/security-world\/week-in-security\/2018\/08\/a-week-in-security-august-20-august-26\/' title='A week in security (August 20 \u2013 26)'>Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/security-world\/week-in-security\/2018\/08\/a-week-in-security-august-20-august-26\/\">A week in security (August 20 \u2013 26)<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[12969,19279,19315,4500,12081,19266,941,3589,1670,19298,5897,19316,3765,10503,19317,19318,10497,19319,19320,7000,10752,10498,10506],"class_list":["post-13205","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-a-week-in-security","tag-badgelife","tag-cobalt-dickens","tag-cybersecurity","tag-cybersecurity-awareness","tag-digital-entropy-of-death","tag-elections","tag-facebook","tag-google","tag-green-card-scam","tag-privacy","tag-project-insecurity","tag-ransomware","tag-recap","tag-ryuk","tag-search-browser-extensions","tag-security-world","tag-superdrug","tag-the-lazarus-group","tag-twitch","tag-vulnerabilities","tag-week-in-security","tag-weekly-blog-roundup"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/13205","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=13205"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/13205\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=13205"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=13205"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=13205"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}