{"id":15353,"date":"2019-05-20T09:10:09","date_gmt":"2019-05-20T17:10:09","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/05\/20\/news-9102\/"},"modified":"2019-05-20T09:10:09","modified_gmt":"2019-05-20T17:10:09","slug":"news-9102","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/05\/20\/news-9102\/","title":{"rendered":"A week in security (May 13 &#8211; 19)"},"content":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Mon, 20 May 2019 15:57:29 +0000<\/strong><\/p>\n<p>Last week, Malwarebytes Labs reviewed <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2019\/05\/exploit-kits-spring-2019-review\/\" target=\"_blank\">active and unique exploit kits<\/a> targeting consumers and businesses alike, reported about <a rel=\"noreferrer noopener\" aria-label=\"a flaw in WhatsApp (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2019\/05\/whatsapp-fix-goes-live-after-targeted-attack-on-human-rights-lawyer\/\" target=\"_blank\">a flaw in WhatsApp<\/a> used to target a human rights lawyer, and wrote about <a rel=\"noreferrer noopener\" aria-label=\"an important Microsoft patch (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2019\/05\/microsoft-pushes-patch-to-prevent-wannacry-level-vulnerability\/\" target=\"_blank\">an important Microsoft patch<\/a> that aimed to prevent a &#8220;WannaCry level&#8221; attack. We also profiled <a rel=\"noreferrer noopener\" aria-label=\"the Dharma ransomware (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2019\/05\/threat-spotlight-crysis-aka-dharma-ransomware-causing-a-crisis-for-businesses\/\" target=\"_blank\">the Dharma ransomware<\/a>\u2014aka CrySIS\u2014and imparted <a rel=\"noreferrer noopener\" aria-label=\"4 lessons from the DDoS attack (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/101\/2019\/05\/4-lessons-to-be-learned-from-the-does-ddos-attack\/\" target=\"_blank\">four lessons from the DDoS attack<\/a> against the US Department of Energy that disrupted major operations.<\/p>\n<h3>Other cybersecurity news<\/h3>\n<ul>\n<li>Cybersecurity agencies from Canada and Saudi Arabia issued advisories about <a rel=\"noreferrer noopener\" aria-label=\"hacking groups actively exploiting Microsoft SharePoint server vulnerabilities (opens in a new tab)\" href=\"https:\/\/www.zdnet.com\/article\/microsoft-sharepoint-servers-are-under-attack\/\" target=\"_blank\">hacking groups actively exploiting Microsoft SharePoint server vulnerabilities<\/a> to gain access to private business and government networks. A different patch for the flaw, which was officially designated as <a rel=\"noreferrer noopener\" aria-label=\"CVE-2019-0604 (opens in a new tab)\" href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2019-0604\" target=\"_blank\">CVE-2019-0604<\/a>, was already available as of February this year. (Source: ZDNet)<\/li>\n<li> Nefarious actors behind adware try hard to be legit\u2014or at least look the part. A recent discovery of <a rel=\"noreferrer noopener\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/fake-pirate-chick-vpn-pushed-azorult-info-stealing-trojan\/\" target=\"_blank\">a pseudo-VPN called Pirate Chick VPN<\/a> in an adware bundle was one of the ways they attempted to do this. However, the software is actually a Trojan that pushes malware, particularly the AZORult information stealer. (Source: Bleeping Computer)<\/li>\n<li><a rel=\"noreferrer noopener\" aria-label=\"SIM-swapping (opens in a new tab)\" href=\"https:\/\/businesstech.co.za\/news\/technology\/315082\/this-is-how-much-money-south-africans-are-losing-to-sim-swap-fraud\/\" target=\"_blank\">SIM-swapping<\/a>, the fraudulent act of convincing a mobile carrier to swap a target&#8217;s phone number over to a SIM card owned by the criminal, doubled in South Africa. This scam is used to divert incoming SMS-based tokens used in 2FA-enabled accounts. (Source: BusinessTech)<\/li>\n<li><a rel=\"noreferrer noopener\" aria-label=\"Ransomware attacks on US cities was on the uptick (opens in a new tab)\" href=\"https:\/\/www.abcactionnews.com\/news\/national\/crippling-ransomware-attacks-targeting-us-cities-on-the-rise\" target=\"_blank\">Ransomware attacks on US cities are on the uptick<\/a>. So far, there have been 22 known attacks this year. (Source: ABC Action News)<\/li>\n<li><a rel=\"noreferrer noopener\" aria-label=\"Typosquatting (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/glossary\/typosquatting\/\" target=\"_blank\">Typosquatting<\/a> is back on the radar, and it&#8217;s mimicking online major new websites to push out fake news or disinformation reports, according to <a rel=\"noreferrer noopener\" aria-label=\"a report from The Citizen Lab (opens in a new tab)\" href=\"https:\/\/citizenlab.ca\/2019\/05\/burned-after-reading-endless-mayflys-ephemeral-disinformation-campaign\/\" target=\"_blank\">a report from The Citizen Lab<\/a>. Some of the sites copied were Politico, Bloomberg, and The Atlantic. The group behind this campaign is Endless Mayfly, an Iranian &#8220;disinformation supply chain.&#8221; (Source: The Citizen Lab)<\/li>\n<li>No surprise here: Researchers from Charles III University of Madrid (Universidad Carlos III de Madrid) and Stony Brook University in the US found that <a rel=\"noreferrer noopener\" aria-label=\"Android smartphones are riddled with bloatware (opens in a new tab)\" href=\"https:\/\/nakedsecurity.sophos.com\/2019\/05\/13\/study-finds-android-smartphones-riddled-with-suspect-bloatware\/\" target=\"_blank\">Android smartphones are riddled with bloatware<\/a>, which creates hidden privacy and security risks to users. (Source: Sophos&#8217;s Naked Security Blog)<\/li>\n<li>Organizations who are using the cloud to store PII <a rel=\"noreferrer noopener\" aria-label=\"were considering moving back to on-premise means to store data (opens in a new tab)\" href=\"https:\/\/www.netwrix.com\/survey_organizations_that_store_customer_pii_in_the_cloud_consider_moving_it_back_on_premises_due_to_security_concerns.html\" target=\"_blank\">were considering moving back to on-premise means to store data<\/a> due to cloud security concerns, according to a survey. (Source: Netwrix)<\/li>\n<li>The Office of the Australian Information Commissioner (OAIC) recently released <a rel=\"noreferrer noopener\" aria-label=\"a report about their findings on breaches in healthcare (opens in a new tab)\" href=\"https:\/\/www.crn.com.au\/news\/health-sector-still-plagued-by-breaches-according-to-latest-oaic-report-525046\" target=\"_blank\">a report about their findings on breaches in healthcare<\/a>, which is still an ongoing problem. They found that such breaches were caused mainly by human error. (Source: CRN)<\/li>\n<li>Websites of retailers are continuously <a rel=\"noreferrer noopener\" aria-label=\"facing billions of hacking attempts every year (opens in a new tab)\" href=\"https:\/\/biztechmagazine.com\/article\/2019\/05\/retailers-are-under-siege-botnets\" target=\"_blank\">facing billions of hacking attempts every year<\/a>, according to an Akamai Technology report. Consumers should take this as a wake-up call to stop reusing credentials across all their online accounts. (Source: BizTech Magazine)<\/li>\n<li>After the discovery of Meltdown and Spectre, security flaws found in Intel and AMD chips, <a rel=\"noreferrer noopener\" aria-label=\"several researchers have again uncovered another flaw (opens in a new tab)\" href=\"https:\/\/www.wired.com\/story\/intel-mds-attack-speculative-execution-buffer\/\" target=\"_blank\">several researchers have again uncovered another flaw<\/a> that could allow attackers to eavesdrop on every piece of user data that a processor touches. Intel collectively calls attacks against this flaw as Microarchitectural Data Sampling (MDS). (Source: Wired)<\/li>\n<\/ul>\n<p>Stay safe, everyone!<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/security-world\/2019\/05\/a-week-in-security-may-13-19\/\">A week in security (May 13 &#8211; 19)<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/security-world\/2019\/05\/a-week-in-security-may-13-19\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Mon, 20 May 2019 15:57:29 +0000<\/strong><\/p>\n<table cellpadding='10'>\n<tr>\n<td valign='top' align='center'><a href='https:\/\/blog.malwarebytes.com\/security-world\/2019\/05\/a-week-in-security-may-13-19\/' title='A week in security (May 13 - 19)'><img src='https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/01\/shutterstock_610335074.jpg' border='0'  width='300px'  \/><\/a><\/td>\n<\/tr>\n<tr>\n<td valign='top' align='left'>A roundup of security news from May 13\u201319, including ransomware attacks on the upswing, website hacking, pseudo-VPNs, bloatware, and more.<\/p>\n<p>Categories: <\/p>\n<ul class=\"post-categories\">\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/security-world\/\" rel=\"category tag\">Security world<\/a><\/li>\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/security-world\/week-in-security\/\" rel=\"category tag\">Week in security<\/a><\/li>\n<\/ul>\n<p>Tags: <a href=\"https:\/\/blog.malwarebytes.com\/tag\/android\/\" rel=\"tag\">Android<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/bloatware\/\" rel=\"tag\">bloatware<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/breaches\/\" rel=\"tag\">breaches<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/crysis-ransomware\/\" rel=\"tag\">crysis ransomware<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/ddos-attack\/\" rel=\"tag\">DDos attack<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/dharma\/\" rel=\"tag\">dharma<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/hacking\/\" rel=\"tag\">hacking<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/healthcare-cybersecurity\/\" rel=\"tag\">healthcare cybersecurity<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/mds\/\" rel=\"tag\">mds<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/meltdown\/\" rel=\"tag\">Meltdown<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/microsoft\/\" rel=\"tag\">microsoft<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/ransomware\/\" rel=\"tag\">ransomware<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/server-vulnerabilities\/\" rel=\"tag\">server vulnerabilities<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/spectre\/\" rel=\"tag\">Spectre<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/typosquatting\/\" rel=\"tag\">typosquatting<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/vpn\/\" rel=\"tag\">vpn<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/vulnerabilities\/\" rel=\"tag\">vulnerabilities<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/whatsapp\/\" rel=\"tag\">whatsapp<\/a><\/p>\n<table width='100%'>\n<tr>\n<td align=right>\n<p><b>(<a href='https:\/\/blog.malwarebytes.com\/security-world\/2019\/05\/a-week-in-security-may-13-19\/' title='A week in security (May 13 - 19)'>Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/security-world\/2019\/05\/a-week-in-security-may-13-19\/\">A week in security (May 13 &#8211; 19)<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[10462,18798,12928,21831,17689,21783,3919,17547,21832,14989,10516,3765,10497,21833,17082,15550,10863,10752,10498,10440],"class_list":["post-15353","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-android","tag-bloatware","tag-breaches","tag-crysis-ransomware","tag-ddos-attack","tag-dharma","tag-hacking","tag-healthcare-cybersecurity","tag-mds","tag-meltdown","tag-microsoft","tag-ransomware","tag-security-world","tag-server-vulnerabilities","tag-spectre","tag-typosquatting","tag-vpn","tag-vulnerabilities","tag-week-in-security","tag-whatsapp"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/15353","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=15353"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/15353\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=15353"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=15353"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=15353"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}