{"id":15256,"date":"2019-05-06T08:10:03","date_gmt":"2019-05-06T16:10:03","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/05\/06\/news-9005\/"},"modified":"2019-05-06T08:10:03","modified_gmt":"2019-05-06T16:10:03","slug":"news-9005","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/05\/06\/news-9005\/","title":{"rendered":"A week in security (April 29 &#8211; May 5)"},"content":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Mon, 06 May 2019 15:21:13 +0000<\/strong><\/p>\n<p>Last week on Labs we discussed the<a rel=\"noreferrer noopener\" aria-label=\" possible exit scam of dark net market Wall Street Market (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2019\/04\/wall-street-market-reported-to-have-exit-scammed\/\" target=\"_blank\"> possible exit scam of dark net market Wall Street Market<\/a>, how the <a rel=\"noreferrer noopener\" aria-label=\"Electrum DDoS botnet reaches 152,000 infected hosts (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2019\/04\/electrum-ddos-botnet-reaches-152000-infected-hosts\/\" target=\"_blank\">Electrum DDoS botnet reaches 152,000 infected hosts<\/a>, we looked at the <a rel=\"noreferrer noopener\" aria-label=\"sophisticated threats plague ailing healthcare industry (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2019\/04\/sophisticated-threats-plague-ailing-healthcare-industry\/\" target=\"_blank\">sophisticated threats plague ailing healthcare industry<\/a>, a <a rel=\"noreferrer noopener\" aria-label=\"mysterious database that exposed personal information of 80 million US households (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2019\/05\/mysterious-database-exposed-personal-information-of-80-million-us-households\/\" target=\"_blank\">mysterious database that exposed personal information of 80 million US households<\/a>, how <a rel=\"noreferrer noopener\" aria-label=\"Mozilla urges Apple to make privacy a team sport (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/security-world\/2019\/05\/mozilla-urges-apple-to-make-privacy-a-team-sport\/\" target=\"_blank\">Mozilla urges Apple to make privacy a team sport<\/a>, the state of <a rel=\"noreferrer noopener\" aria-label=\"Cryptojacking in the post-Coinhive era (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2019\/05\/cryptojacking-in-the-post-coinhive-era\/\" target=\"_blank\">cryptojacking in the post-Coinhive era<\/a>, and we digested <a rel=\"noreferrer noopener\" aria-label=\"the top six takeaways for corporate data privacy compliance (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/security-world\/2019\/05\/the-top-six-takeaways-for-corporate-data-privacy-compliance\/\" target=\"_blank\">the top six takeaways for corporate data privacy compliance<\/a>.<\/p>\n<h3>Other cybersecurity news <\/h3>\n<ul>\n<li>The news that <a rel=\"noreferrer noopener\" href=\"https:\/\/www.europol.europa.eu\/newsroom\/news\/double-blow-to-dark-web-marketplaces\" target=\"_blank\">Europol<\/a> shut down two prolific dark web marketplaces in simultaneous global operations, one of which was Wall Street Market, shed a new light on the possible exit scam. The other marketplace was Silkkitie aka the Valhalla Marketplace. (Source: Europol) <\/li>\n<li>Scammers are now sending <a rel=\"noreferrer noopener\" aria-label=\"sextortion (opens in a new tab)\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-extortion-email-scam-threatens-to-release-your-sex-tape\/\" target=\"_blank\">sextortion<\/a> emails stating that they have a tape of you and them having intercourse and are threatening to release it if you do not send them a $1,500 in bitcoins.  (Source: Bleeping Computer)<\/li>\n<li><a rel=\"noreferrer noopener\" aria-label=\"Mozilla (opens in a new tab)\" href=\"https:\/\/www.zdnet.com\/article\/mozilla-releases-firefox-66-0-4-with-fix-disabled-add-ons-issue\/\" target=\"_blank\">Mozilla<\/a> has released an update today for Firefox that fixes the issue with an expired signing certificate that disabled add-ons for the vast majority of its userbase over the weekend. (Source: ZDNet)<\/li>\n<li>A Pennsylvania credit union is suing financial industry technology giant <a rel=\"noreferrer noopener\" aria-label=\"Fiserv (opens in a new tab)\" href=\"https:\/\/krebsonsecurity.com\/2019\/05\/credit-union-sues-fintech-giant-fiserv-over-security-claims\/\" target=\"_blank\">Fiserv<\/a>, alleging that security vulnerabilities in the company\u2019s software are wreaking havoc on its customers. (Source: Krebs on Security)<\/li>\n<li>A researcher has discovered vulnerabilities in more than 100 plugins designed for the <a rel=\"noreferrer noopener\" aria-label=\"Jenkins (opens in a new tab)\" href=\"https:\/\/www.securityweek.com\/vulnerabilities-found-over-100-jenkins-plugins\" target=\"_blank\">Jenkins<\/a> open source software development automation server and many of them have yet to be patched. (Source: SecurityWeek) <\/li>\n<li><a rel=\"noreferrer noopener\" aria-label=\"Facebook (opens in a new tab)\" href=\"https:\/\/thehackernews.com\/2019\/04\/facebook-privacy-investigation.html\" target=\"_blank\">Facebook<\/a> has been hit with three new separate investigations from various governmental authorities\u2014both in the United States and abroad\u2014over the company&#8217;s mishandling of its users&#8217; data. (Source: The Hacker News)<\/li>\n<li><a rel=\"noreferrer noopener\" aria-label=\"NIST (opens in a new tab)\" href=\"https:\/\/www.nist.gov\/news-events\/news\/2019\/04\/nist-tool-enables-more-comprehensive-tests-high-risk-software\" target=\"_blank\">NIST<\/a> tool uses updated combinatorial testing to enable more comprehensive tests on high-risk software to reduce potential errors. (Source: NIST)<\/li>\n<li>A hacker exploited the fact that some botnet operators had used weak or default credentials to secure the backend panels of their command and control (C&amp;C) servers and was able to take over the IoT DDoS <a rel=\"noreferrer noopener\" aria-label=\"botnets (opens in a new tab)\" href=\"https:\/\/www.zdnet.com\/article\/hacker-takes-over-29-iot-botnets\/\" target=\"_blank\">botnets<\/a> of 29 other hackers. (Source: ZDNet)<\/li>\n<li>Programmers say they&#8217;ve been hit by ransomware that seemingly wipes their <a rel=\"noreferrer noopener\" aria-label=\"Git (opens in a new tab)\" href=\"https:\/\/www.theregister.co.uk\/2019\/05\/03\/git_ransomware_bitcoin\/\" target=\"_blank\">Git<\/a> repositories&#8217; commits and replaces them with a ransom note demanding Bitcoin. (Source: The Register)<\/li>\n<li><a rel=\"noreferrer noopener\" aria-label=\"Mirrorthief (opens in a new tab)\" href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/mirrorthief-group-uses-magecart-skimming-attack-to-hit-hundreds-of-campus-online-stores-in-us-and-canada\/\" target=\"_blank\">Mirrorthief<\/a> group uses Magecart skimming attack to hit hundreds of campus online stores in US and Canada. (Source: Trendlabs)<\/li>\n<\/ul>\n<p>Stay safe everyone!<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/security-world\/2019\/05\/a-week-in-security-april-29-may-5\/\">A week in security (April 29 &#8211; May 5)<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/security-world\/2019\/05\/a-week-in-security-april-29-may-5\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Mon, 06 May 2019 15:21:13 +0000<\/strong><\/p>\n<table cellpadding='10'>\n<tr>\n<td valign='top' align='center'><a href='https:\/\/blog.malwarebytes.com\/security-world\/2019\/05\/a-week-in-security-april-29-may-5\/' title='A week in security (April 29 - May 5)'><img src='https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/01\/shutterstock_610335074.jpg' border='0'  width='300px'  \/><\/a><\/td>\n<\/tr>\n<tr>\n<td valign='top' align='left'>A roundup of security news from April 29 &#8211; May 5, covering Electrum botnet, Wall Street Market takedown, privacy news, and the state of cryptojacking.<\/p>\n<p>Categories: <\/p>\n<ul class=\"post-categories\">\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/security-world\/\" rel=\"category tag\">Security world<\/a><\/li>\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/security-world\/week-in-security\/\" rel=\"category tag\">Week in security<\/a><\/li>\n<\/ul>\n<p>Tags: <a href=\"https:\/\/blog.malwarebytes.com\/tag\/electrum\/\" rel=\"tag\">Electrum<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/europol\/\" rel=\"tag\">europol<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/facebook\/\" rel=\"tag\">facebook<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/fiserv\/\" rel=\"tag\">fiserv<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/git\/\" rel=\"tag\">git<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/healthcare\/\" rel=\"tag\">healthcare<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/jenkins\/\" rel=\"tag\">jenkins<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/mirrorthief\/\" rel=\"tag\">mirrorthief<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/mozilla\/\" rel=\"tag\">mozilla<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/nist\/\" rel=\"tag\">NIST<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/sextortion\/\" rel=\"tag\">sextortion<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/wall-street-market\/\" rel=\"tag\">Wall Street Market<\/a><\/p>\n<table width='100%'>\n<tr>\n<td align=right>\n<p><b>(<a href='https:\/\/blog.malwarebytes.com\/security-world\/2019\/05\/a-week-in-security-april-29-may-5\/' title='A week in security (April 29 - May 5)'>Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/security-world\/2019\/05\/a-week-in-security-april-29-may-5\/\">A week in security (April 29 &#8211; May 5)<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[21568,13114,3589,17716,21738,5976,21739,21740,13271,11711,10497,18952,21736,10498],"class_list":["post-15256","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-electrum","tag-europol","tag-facebook","tag-fiserv","tag-git","tag-healthcare","tag-jenkins","tag-mirrorthief","tag-mozilla","tag-nist","tag-security-world","tag-sextortion","tag-wall-street-market","tag-week-in-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/15256","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=15256"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/15256\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=15256"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=15256"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=15256"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}