{"id":14427,"date":"2019-01-28T11:10:03","date_gmt":"2019-01-28T19:10:03","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2019\/01\/28\/news-8179\/"},"modified":"2019-01-28T11:10:03","modified_gmt":"2019-01-28T19:10:03","slug":"news-8179","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/01\/28\/news-8179\/","title":{"rendered":"A week in security (January 21 \u2013 27)"},"content":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Mon, 28 Jan 2019 18:00:14 +0000<\/strong><\/p>\n<p>Last week on the Malwarebytes Labs blog, we took a look at <a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2019\/01\/two-factor-authentication-defeated-spotlight-2fas-latest-challenge\/\" target=\"_blank\" rel=\"noopener\">Modlishka<\/a>, the latest hurdle in <a href=\"https:\/\/blog.malwarebytes.com\/101\/2017\/01\/understanding-the-basics-of-two-factor-authentication\/\" target=\"_blank\" rel=\"noopener\">two-factor authentication (2FA)<\/a>, the potential for abuse of <a href=\"https:\/\/blog.malwarebytes.com\/security-world\/technology\/2019\/01\/browser-push-notifications-feature-asking-abused\/\" target=\"_blank\" rel=\"noopener\">push notifications<\/a>, a malware-phishing combo by the name of <a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2019\/01\/sly-criminals-package-ransomware-malicious-ransom-note\/\" target=\"_blank\" rel=\"noopener\">CryTekk ransomware<\/a>, and why we detect PUPs, but enforce <a href=\"https:\/\/blog.malwarebytes.com\/malwarebytes-news\/2019\/01\/users-right-to-choose-why-malwarebytes-detects-potentially-unwanted-programs-pups\/\" target=\"_blank\" rel=\"noopener\">the power of users&#8217; choice.<\/a><\/p>\n<p>We also pushed out the 2019 State of Malware report, which you can readily <a href=\"https:\/\/resources.malwarebytes.com\/resource\/2019-state-malware-malwarebytes-labs-report\/?utm_source=blog&amp;utm_medium=post&amp;utm_campaign=0119_ws_stateofmalwarereportq119_mb\" target=\"_blank\" rel=\"noopener\">download here<\/a>.<\/p>\n<h3>Other cybersecurity news<\/h3>\n<ul>\n<li>Fortnight, the hugely popular video game, uses in-game currency. And this, <em>The Independent<\/em> has found, <a href=\"https:\/\/www.pymnts.com\/news\/security-and-risk\/2019\/fortnite-in-game-currency-money-laundering\/\" target=\"_blank\" rel=\"noopener\">is fueling money laundering schemes<\/a>. (Source: PYMNTS.com)<\/li>\n<li>Thanks to the new European General Data Protection Regulation (GDPR) privacy law, a French regulator fined Google <a href=\"https:\/\/www.wsj.com\/articles\/google-fined-57-million-by-french-regulator-11548085558\" target=\"_blank\" rel=\"noopener\">to the tune of \u20ac50 million ($56.8 million)<\/a> for not getting enough user consent to data collection and targeted advertising. (Source: The Wall Street Journal)<\/li>\n<li>A clever mobile malware affected Android devices <a href=\"https:\/\/arstechnica.com\/information-technology\/2019\/01\/google-play-malware-used-phones-motion-sensors-to-conceal-itself\/\" target=\"_blank\" rel=\"noopener\">is able to elude emulators<\/a>, tools which are used by security researchers to study potentially malicious apps, by running only when it detects the that device it&#8217;s installed in moves. (Source: Ars Technica)<\/li>\n<li>A recently released <a href=\"https:\/\/www.helpnetsecurity.com\/2019\/01\/23\/most-out-of-date-applications\/\" target=\"_blank\" rel=\"noopener\">list of top out-of-date (aka vulnerable) applications<\/a> installed on computer systems include a number of Adobe products, Skype, Firefox, and VLC. If you have any of these installed, now is a good time to update them. (Source: Help Net Security)<\/li>\n<li>Automatic license plate recognition (ALPR)\u2014or automatic number plate recognition (ANPR) in the UK\u2014are cameras that track license plates. <a href=\"https:\/\/techcrunch.com\/2019\/01\/22\/police-alpr-license-plate-readers-accessible-internet\/\" target=\"_blank\" rel=\"noopener\">And some of them are connected to the Internet<\/a>, leaking sensitive data and vulnerable to attacks. (Source: TechCrunch)<\/li>\n<li><a href=\"https:\/\/krebsonsecurity.com\/2019\/01\/bomb-threat-sextortion-spammers-abused-weakness-at-godaddy-com\/\" target=\"_blank\" rel=\"noopener\">Because of authentication weaknesses in GoDaddy<\/a>, the world&#8217;s largest domain name registrar, disruptive spam, malware, and phishing campaigns taking advantage of dormant web sites owned by trusted brands are possible. (Source: KrebsOnSecurity)<\/li>\n<li>Japanese car manufacturer, Mitsubishi, <a href=\"https:\/\/www.securityweek.com\/mitsubishi-develops-cybersecurity-technology-cars\" target=\"_blank\" rel=\"noopener\">has created its own cybersecurity technology for cars<\/a>, which is inspired by defenses designed for systems in critical infrastructures. (Source: Security Week)<\/li>\n<li>Researchers from the Cyprus University of Technology, the University of Alabama at Birmingham, Telefonica Research, and Boston University, authored a paper and created a deep learning classifier algorithm that protects children from videos in YouTube <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/researchers-create-algorithm-to-protect-kids-from-disturbing-youtube-videos\/\" target=\"_blank\" rel=\"noopener\">by detecting disturbing content<\/a>. (Source: Bleeping Computer)<\/li>\n<li>A <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/voicemail-phishing-campaign-tricks-you-into-verifying-password\/\" target=\"_blank\" rel=\"noopener\">new voicemail phishing campaign<\/a> that uses recorded messages attached to emails are fooling recipients into verifying their passwords twice to confirm the legitimacy of credentials. (Source: Bleeping Computer)<\/li>\n<li>A convincing new attack abusing the App Engine Google Cloud Platform (GCP) comes to light, which is found to be <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/cyberattackers-bait-financial-firms-with-google-cloud-platform\/d\/d-id\/1333729\" target=\"_blank\" rel=\"noopener\">targeting mostly organizations in the financial sector<\/a>. The Cobalt Strike group is behind this campaign. (Source: Dark Reading)<\/li>\n<\/ul>\n<p>Stay safe, everyone!<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/security-world\/2019\/01\/week-security-january-21-27\/\">A week in security (January 21 \u2013 27)<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/security-world\/2019\/01\/week-security-january-21-27\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Mon, 28 Jan 2019 18:00:14 +0000<\/strong><\/p>\n<table cellpadding='10'>\n<tr>\n<td valign='top' align='center'><a href='https:\/\/blog.malwarebytes.com\/security-world\/2019\/01\/week-security-january-21-27\/' title='A week in security (January 21 \u2013 27)'><img src='https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/01\/shutterstock_610335074.jpg' border='0'  width='300px'  \/><\/a><\/td>\n<\/tr>\n<tr>\n<td valign='top' align='left'>A roundup of last week&#8217;s security news from January 21 to 27, including Modlishka, Crytekk, PUPs, and the State of Malware report.<\/p>\n<p>Categories: <\/p>\n<ul class=\"post-categories\">\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/security-world\/\" rel=\"category tag\">Security world<\/a><\/li>\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/security-world\/week-in-security\/\" rel=\"category tag\">Week in security<\/a><\/li>\n<\/ul>\n<p>Tags: <a href=\"https:\/\/blog.malwarebytes.com\/tag\/2019-state-of-malware-report\/\" rel=\"tag\">2019 State of Malware report<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/2fa\/\" rel=\"tag\">2fa<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/alpr\/\" rel=\"tag\">ALPR<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/android-malware\/\" rel=\"tag\">android malware<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/anpr\/\" rel=\"tag\">anpr<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/ars-technica\/\" rel=\"tag\">Ars Technica<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/bleeping-computer\/\" rel=\"tag\">Bleeping Computer<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/crytekk\/\" rel=\"tag\">crytekk<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/crytekk-ransomware\/\" rel=\"tag\">crytekk ransomware<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/dark-reading\/\" rel=\"tag\">Dark Reading<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/fortnight\/\" rel=\"tag\">fortnight<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/gdpr\/\" rel=\"tag\">gdpr<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/godaddy\/\" rel=\"tag\">GoDaddy<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/help-net-security\/\" rel=\"tag\">Help Net Security<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/krebsonsecurity\/\" rel=\"tag\">KrebsOnSecurity<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/mitsubishi\/\" rel=\"tag\">mitsubishi<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/modlishka\/\" rel=\"tag\">modlishka<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/phishing\/\" rel=\"tag\">phishing<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/recap\/\" rel=\"tag\">recap<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/security-week\/\" rel=\"tag\">Security Week<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/techcrunch\/\" rel=\"tag\">TechCrunch<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/the-wall-street-journal\/\" rel=\"tag\">The Wall Street Journal<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/vishing\/\" rel=\"tag\">vishing<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/voicemail-phishing\/\" rel=\"tag\">voicemail phishing<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/vulnerability\/\" rel=\"tag\">vulnerability<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/week-in-security\/\" rel=\"tag\">week in security<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/weekly-blog-roundup\/\" rel=\"tag\">weekly blog roundup<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/youtube\/\" rel=\"tag\">youtube<\/a><\/p>\n<table width='100%'>\n<tr>\n<td align=right>\n<p><b>(<a href='https:\/\/blog.malwarebytes.com\/security-world\/2019\/01\/week-security-january-21-27\/' title='A week in security (January 21 \u2013 27)'>Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/security-world\/2019\/01\/week-security-january-21-27\/\">A week in security (January 21 \u2013 27)<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[20763,10598,20791,11254,20792,11203,12246,20780,20781,20420,20793,12116,13648,20662,17621,8552,20741,3924,10503,20794,10497,12653,11699,14136,20795,10467,10498,10506,2593],"class_list":["post-14427","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-2019-state-of-malware-report","tag-2fa","tag-alpr","tag-android-malware","tag-anpr","tag-ars-technica","tag-bleeping-computer","tag-crytekk","tag-crytekk-ransomware","tag-dark-reading","tag-fortnight","tag-gdpr","tag-godaddy","tag-help-net-security","tag-krebsonsecurity","tag-mitsubishi","tag-modlishka","tag-phishing","tag-recap","tag-security-week","tag-security-world","tag-techcrunch","tag-the-wall-street-journal","tag-vishing","tag-voicemail-phishing","tag-vulnerability","tag-week-in-security","tag-weekly-blog-roundup","tag-youtube"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/14427","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=14427"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/14427\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=14427"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=14427"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=14427"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}