{"id":13863,"date":"2018-11-19T10:10:04","date_gmt":"2018-11-19T18:10:04","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2018\/11\/19\/news-7630\/"},"modified":"2018-11-19T10:10:04","modified_gmt":"2018-11-19T18:10:04","slug":"news-7630","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/11\/19\/news-7630\/","title":{"rendered":"A week in security (November 12 &#8211; 18)"},"content":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Mon, 19 Nov 2018 17:08:50 +0000<\/strong><\/p>\n<p>Last week on Malwarebytes Labs, we found out that <a href=\"https:\/\/blog.malwarebytes.com\/101\/2018\/11\/trickbot-takes-top-business-threat\/\" target=\"_blank\" rel=\"noopener\">TrickBot became a top business threat<\/a>, so we took a deeper look at <a href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/malware-threat-analysis\/2018\/11\/whats-new-trickbot-deobfuscating-elements\/\" target=\"_blank\" rel=\"noopener\">what&#8217;s new with it<\/a>.<\/p>\n<p>With Christmas just around the corner, the <a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2018\/11\/secret-sister-scam-returns-time-christmas\/\" target=\"_blank\" rel=\"noopener\">Secret Sister scam returned<\/a>.<\/p>\n<p>We also touched on the\u00a0<a href=\"https:\/\/blog.malwarebytes.com\/101\/2018\/11\/my-precious-security-privacy-smart-jewelry\/\" target=\"_blank\" rel=\"noopener\">security and privacy (or lack thereof) in smart jewelry<\/a>, <a href=\"https:\/\/blog.malwarebytes.com\/security-world\/business-security-world\/2018\/11\/compromising-vital-infrastructure-air-traffic-control\/\" target=\"_blank\" rel=\"noopener\">air traffic control compromise<\/a>, and\u00a0<a href=\"https:\/\/blog.malwarebytes.com\/101\/2018\/11\/6-security-concerns-to-consider-when-automating-your-business\/\" target=\"_blank\" rel=\"noopener\">what security concerns to take note<\/a>\u00a0of when automating your business.<\/p>\n<h3>Other cybersecurity news<\/h3>\n<ul>\n<li><a href=\"https:\/\/www.helpnetsecurity.com\/2018\/11\/12\/publicly-reported-breaches\/\" target=\"_blank\" rel=\"noopener\">3.9 billion records<\/a> were exposed due to breaches in the first 9 months of 2018. (Source: Help Net Security)<\/li>\n<li>Because of Facebook&#8217;s move to tackling propaganda, malicious actors were asked to\u00a0<a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/11\/12\/terrorists-told-to-hijack-social-media-accounts-to-spread-propaganda\/\" target=\"_blank\" rel=\"noopener\">hijack social media accounts<\/a>. (Source: Sophos&#8217;s Naked Security Blog)<\/li>\n<li>High-profile accounts on Twitter hijacked to <a href=\"https:\/\/www.grahamcluley.com\/target-twitter-cryptocurrency-scam\/\" target=\"_blank\" rel=\"noopener\">spew cryptocurrency scams<\/a>. (Source: Graham Cluley Security News)<\/li>\n<li>Evasive new ransomware strain, <a href=\"https:\/\/securityintelligence.com\/news\/new-ransomware-strain-evades-detection-by-all-but-one-antivirus-engine\/\" target=\"_blank\" rel=\"noopener\">Dharma<\/a>, came to light. (Source: Security Intelligence)<\/li>\n<li>Information of charity and political party supporters, and online shoppers in the US\u00a0<a href=\"https:\/\/www.bloombergquint.com\/technology\/major-american-companies-are-making-basic-security-mistakes\" target=\"_blank\" rel=\"noopener\">was quietly leaking<\/a>. (Source: Bloomberg)<\/li>\n<li>Meet <a href=\"https:\/\/www.csoonline.com\/article\/3319787\/advanced-persistent-threats\/cylance-researchers-discover-powerful-new-nation-state-apt.html\" target=\"_blank\" rel=\"noopener\">White Company<\/a>, a powerful new APT. (Source: CSO Online)<\/li>\n<li><a href=\"https:\/\/techcrunch.com\/2018\/11\/15\/millions-sms-text-messages-leaked-two-factor-codes\/\" target=\"_blank\" rel=\"noopener\">Voxox server exposed a database of millions of SMS<\/a>, which includes two-factor codes and password reset links among others. (Source: TechCrunch)<\/li>\n<li><a href=\"https:\/\/newsroom.fb.com\/news\/2018\/11\/enforcing-our-community-standards-2\/\" target=\"_blank\" rel=\"noopener\">Facebook updates its community<\/a> regarding how they&#8217;re doing on enforcing standards. (Source: Facebook Newsroom)<\/li>\n<li>Hawkeye keylogger takes advantage of <a href=\"https:\/\/securityintelligence.com\/news\/threat-actors-exploit-equation-editor-to-distribute-hawkeye-keylogger\/\" target=\"_blank\" rel=\"noopener\">an old MS Office vulnerability<\/a> to steal credentials, clipboard content. (Source: Security Intelligence)<\/li>\n<li>Bruce Schneier believes that <a href=\"https:\/\/motherboard.vice.com\/en_us\/article\/439wbw\/patching-is-failing-as-a-security-paradigm\" target=\"_blank\" rel=\"noopener\">patching software is failing<\/a>, and explains why. (Source: Motherboard)<\/li>\n<\/ul>\n<p>Stay safe, everyone!<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/security-world\/2018\/11\/week-security-november-12-18\/\">A week in security (November 12 &#8211; 18)<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/security-world\/2018\/11\/week-security-november-12-18\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Mon, 19 Nov 2018 17:08:50 +0000<\/strong><\/p>\n<table cellpadding='10'>\n<tr>\n<td valign='top' align='center'><a href='https:\/\/blog.malwarebytes.com\/security-world\/2018\/11\/week-security-november-12-18\/' title='A week in security (November 12 - 18)'><img src='https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/01\/shutterstock_610335074.jpg' border='0'  width='300px'  \/><\/a><\/td>\n<\/tr>\n<tr>\n<td valign='top' align='left'>A roundup of security news from November 12 to 18, including TrickBot, smart jewelry, Secret Sisters scam, and the compromise of air traffic control.<\/p>\n<p>Categories: <\/p>\n<ul class=\"post-categories\">\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/security-world\/\" rel=\"category tag\">Security world<\/a><\/li>\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/security-world\/week-in-security\/\" rel=\"category tag\">Week in security<\/a><\/li>\n<\/ul>\n<p>Tags: <a href=\"https:\/\/blog.malwarebytes.com\/tag\/a-week-in-security\/\" rel=\"tag\">a week in security<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/air-traffic-control\/\" rel=\"tag\">air traffic control<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/business-automation\/\" rel=\"tag\">business automation<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/christmas-threats\/\" rel=\"tag\">christmas threats<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/cryptocurrency-scams\/\" rel=\"tag\">cryptocurrency scams<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/hijack\/\" rel=\"tag\">hijack<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/recap\/\" rel=\"tag\">recap<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/secret-sister-scam\/\" rel=\"tag\">secret sister scam<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/smart-jewelry-privacy\/\" rel=\"tag\">smart jewelry privacy<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/smart-jewelry-security\/\" rel=\"tag\">smart jewelry security<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/trickbot\/\" rel=\"tag\">trickbot<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/weekly-blog-roundup\/\" rel=\"tag\">weekly blog roundup<\/a><\/p>\n<table width='100%'>\n<tr>\n<td align=right>\n<p><b>(<a href='https:\/\/blog.malwarebytes.com\/security-world\/2018\/11\/week-security-november-12-18\/' title='A week in security (November 12 - 18)'>Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/security-world\/2018\/11\/week-security-november-12-18\/\">A week in security (November 12 &#8211; 18)<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[12969,20184,20198,20199,20200,12569,10503,20201,10497,20202,20203,13256,10498,10506],"class_list":["post-13863","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-a-week-in-security","tag-air-traffic-control","tag-business-automation","tag-christmas-threats","tag-cryptocurrency-scams","tag-hijack","tag-recap","tag-secret-sister-scam","tag-security-world","tag-smart-jewelry-privacy","tag-smart-jewelry-security","tag-trickbot","tag-week-in-security","tag-weekly-blog-roundup"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/13863","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=13863"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/13863\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=13863"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=13863"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=13863"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}