{"id":14111,"date":"2018-12-17T11:10:06","date_gmt":"2018-12-17T19:10:06","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/12\/17\/news-7878\/"},"modified":"2018-12-17T11:10:06","modified_gmt":"2018-12-17T19:10:06","slug":"news-7878","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/12\/17\/news-7878\/","title":{"rendered":"A week in security (December 10 \u2013 16)"},"content":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Mon, 17 Dec 2018 17:58:31 +0000<\/strong><\/p>\n<p>Last week on Labs, we took a look at some new <a href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2018\/12\/flurry-new-mac-malware-drops-december\/\" target=\"_blank\" rel=\"noopener\">Mac malware<\/a>, a collection of various <a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2018\/12\/data-scraping-treasure\/\" target=\"_blank\" rel=\"noopener\">scraped data dumps<\/a>, the <a href=\"https:\/\/blog.malwarebytes.com\/security-world\/business-security-world\/2018\/12\/compromising-vital-infrastructure-power-grid\/\" target=\"_blank\" rel=\"noopener\">protection of power grids<\/a>, and how bad actors are using <a href=\"https:\/\/blog.malwarebytes.com\/101\/2018\/12\/how-threat-actors-are-using-smb-vulnerabilities\/\" target=\"_blank\" rel=\"noopener\">SMB vulnerabilities<\/a>.<span class=\"Apple-converted-space\">\u00a0<\/span><\/p>\n<h3>Other cybersecurity news<\/h3>\n<ul>\n<li>Millions affected by Facebook photo API bug: An issue granted third-party apps more <a href=\"https:\/\/developers.facebook.com\/blog\/post\/2018\/12\/14\/notifying-our-developer-ecosystem-about-a-photo-api-bug\/\" target=\"_blank\" rel=\"noopener\">access to photos<\/a> than should normally be granted, including images uploaded but not published. (source: Facebook)<\/li>\n<li>Bomb threats may be a hoax: An email in circulation urging ransom payments in Bitcoin lest bombs across the US be detonated <a style=\"font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen-Sans, Ubuntu, Cantarell, 'Helvetica Neue', sans-serif\" href=\"https:\/\/www.theregister.co.uk\/2018\/12\/14\/nationwide_bitcoin_bomb_threat_a_bust\/\" target=\"_blank\" rel=\"noopener\">may well be a fake<\/a><span style=\"font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen-Sans, Ubuntu, Cantarell, 'Helvetica Neue', sans-serif\">, according to US law enforcement. (source: The Register)<\/span><\/li>\n<li>Man jailed for fraud offenses: A man in the UK has been jailed for taking part in fraudulent activities. The main point of interest is surely the <a style=\"font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen-Sans, Ubuntu, Cantarell, 'Helvetica Neue', sans-serif\" href=\"http:\/\/news.met.police.uk\/news\/man-jailed-for-fraud-offences-340402\" target=\"_blank\" rel=\"noopener\">spectacular device<\/a><span style=\"font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen-Sans, Ubuntu, Cantarell, 'Helvetica Neue', sans-serif\"> he built. (source: Met Police)<\/span><\/li>\n<li>Another Google Plus bug: For six days, developer were able to <a style=\"font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen-Sans, Ubuntu, Cantarell, 'Helvetica Neue', sans-serif\" href=\"https:\/\/www.blog.google\/technology\/safety-security\/expediting-changes-google-plus\/\" target=\"_blank\" rel=\"noopener\">access profile data<\/a><span style=\"font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen-Sans, Ubuntu, Cantarell, 'Helvetica Neue', sans-serif\"> not made public by the users. (source: Google)<\/span><\/li>\n<li>Windows 10 data collection: Reddit users complained Windows 10 is <a style=\"font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen-Sans, Ubuntu, Cantarell, 'Helvetica Neue', sans-serif\" href=\"https:\/\/www.howtogeek.com\/fyi\/windows-10-sends-your-activity-history-to-microsoft-even-if-you-tell-it-not-to\/\" target=\"_blank\" rel=\"noopener\">grabbing a certain kind of data<\/a><span style=\"font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen-Sans, Ubuntu, Cantarell, 'Helvetica Neue', sans-serif\"> even with the setting disabled. (source: How to Geek)<\/span><\/li>\n<li>Taylor Swift concert tracks stalkers with facial recognition software: At a recent event, cutting-edge tech was deployed to ensure the crowds were <a style=\"font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen-Sans, Ubuntu, Cantarell, 'Helvetica Neue', sans-serif\" href=\"https:\/\/www.rollingstone.com\/culture\/culture-lists\/future-entertainment-technology-music-tv-movies-760659\/facial-recognition-concert-security-760696\/\" target=\"_blank\" rel=\"noopener\">free of potential troublemakers<\/a>.<span style=\"font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen-Sans, Ubuntu, Cantarell, 'Helvetica Neue', sans-serif\"> (Source: Rolling Stone)<\/span><\/li>\n<li>Password disasters of 2018: A tongue in cheek look at some of the more <a style=\"font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen-Sans, Ubuntu, Cantarell, 'Helvetica Neue', sans-serif\" href=\"https:\/\/www.helpnetsecurity.com\/2018\/12\/13\/worst-password-offenders\/\" target=\"_blank\" rel=\"noopener\">spectacular password mishaps<\/a><span style=\"font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen-Sans, Ubuntu, Cantarell, 'Helvetica Neue', sans-serif\"> seen rumbling into view this year. (Source: Help Net Security)<\/span><\/li>\n<li>Android Trojan steals from PayPal accounts: Even with 2FA enabled, it <a style=\"font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen-Sans, Ubuntu, Cantarell, 'Helvetica Neue', sans-serif\" href=\"https:\/\/www.welivesecurity.com\/2018\/12\/11\/android-trojan-steals-money-paypal-accounts-2fa\/\" target=\"_blank\" rel=\"noopener\">might not be enough<\/a><span style=\"font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen-Sans, Ubuntu, Cantarell, 'Helvetica Neue', sans-serif\"> to keep your account balance safe. (Source: ESET)<\/span><\/li>\n<li>Character recognition collects URLs in YouTube videos: Theoretically private data in hidden videos may <a style=\"font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen-Sans, Ubuntu, Cantarell, 'Helvetica Neue', sans-serif\" href=\"https:\/\/sudofox.hatenablog.com\/entry\/google-is-scanning-for-and-crawling-urls-in-your-private-youtube-videos\" target=\"_blank\" rel=\"noopener\">not be as private<\/a><span style=\"font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen-Sans, Ubuntu, Cantarell, 'Helvetica Neue', sans-serif\"> as you\u2019d first hoped. (Source: Austin Burk\u2019s blog)<\/span><\/li>\n<li>Traveller data left lying around on USB sticks: Border Agents aren\u2019t being <a style=\"font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen-Sans, Ubuntu, Cantarell, 'Helvetica Neue', sans-serif\" href=\"https:\/\/nakedsecurity.sophos.com\/2018\/12\/13\/border-agents-are-copying-travelers-data-leaving-it-on-usb-drives\/\" target=\"_blank\" rel=\"noopener\">quite as careful<\/a><span style=\"font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen-Sans, Ubuntu, Cantarell, 'Helvetica Neue', sans-serif\"> as they should be where potentially sensitive passenger data is concerned. (Source: Naked Security)<\/span><\/li>\n<\/ul>\n<p>Stay safe, everyone!<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/security-world\/2018\/12\/week-security-december-10-16\/\">A week in security (December 10 \u2013 16)<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/security-world\/2018\/12\/week-security-december-10-16\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Mon, 17 Dec 2018 17:58:31 +0000<\/strong><\/p>\n<table cellpadding='10'>\n<tr>\n<td valign='top' align='center'><a href='https:\/\/blog.malwarebytes.com\/security-world\/2018\/12\/week-security-december-10-16\/' title='A week in security (December 10 \u2013 16)'><img src='https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/01\/shutterstock_610335074.jpg' border='0'  width='300px'  \/><\/a><\/td>\n<\/tr>\n<tr>\n<td valign='top' align='left'>A roundup of last week&#8217;s security news from December 10\u201316, including facial recognition technology, abandoned USB sticks, even more trouble at Facebook, Google bugs, and more.<\/p>\n<p>Categories: <\/p>\n<ul class=\"post-categories\">\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/security-world\/\" rel=\"category tag\">Security world<\/a><\/li>\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/security-world\/week-in-security\/\" rel=\"category tag\">Week in security<\/a><\/li>\n<\/ul>\n<p>Tags: <a href=\"https:\/\/blog.malwarebytes.com\/tag\/android\/\" rel=\"tag\">Android<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/bitcoin-bomb-threat\/\" rel=\"tag\">Bitcoin bomb threat<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/bug\/\" rel=\"tag\">bug<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/facebook\/\" rel=\"tag\">facebook<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/mac-malware\/\" rel=\"tag\">mac malware<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/passwords\/\" rel=\"tag\">passwords<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/smb-vulnerabilities\/\" rel=\"tag\">SMB vulnerabilities<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/usb-sticks\/\" rel=\"tag\">USB sticks<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/windows-10\/\" rel=\"tag\">windows 10<\/a><\/p>\n<table width='100%'>\n<tr>\n<td align=right>\n<p><b>(<a href='https:\/\/blog.malwarebytes.com\/security-world\/2018\/12\/week-security-december-10-16\/' title='A week in security (December 10 \u2013 16)'>Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/security-world\/2018\/12\/week-security-december-10-16\/\">A week in security (December 10 \u2013 16)<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[10462,20470,11210,3589,11976,10602,10497,20435,18953,10498,10761],"class_list":["post-14111","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-android","tag-bitcoin-bomb-threat","tag-bug","tag-facebook","tag-mac-malware","tag-passwords","tag-security-world","tag-smb-vulnerabilities","tag-usb-sticks","tag-week-in-security","tag-windows-10"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/14111","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=14111"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/14111\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=14111"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=14111"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=14111"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}