{"id":15536,"date":"2019-06-10T10:10:02","date_gmt":"2019-06-10T18:10:02","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/06\/10\/news-9285\/"},"modified":"2019-06-10T10:10:02","modified_gmt":"2019-06-10T18:10:02","slug":"news-9285","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/06\/10\/news-9285\/","title":{"rendered":"A week in security (June 3 \u2013 9)"},"content":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Mon, 10 Jun 2019 17:30:58 +0000<\/strong><\/p>\n<p>Last week on Malwarebytes Labs, we <a rel=\"noreferrer noopener\" aria-label=\"rounded up some leaks and breaches (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/privacy-2\/2019\/06\/leaks-and-breaches-a-roundup\/\" target=\"_blank\">rounded up some leaks and breaches<\/a>, reported about <a rel=\"noreferrer noopener\" aria-label=\"Magecart skimmers found on Amazon CloudFront CDN (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2019\/06\/magecart-skimmers-found-on-amazon-cloudfront-cdn\/\" target=\"_blank\">Magecart skimmers found on Amazon CloudFront CDN<\/a>, proudly announced <a rel=\"noreferrer noopener\" aria-label=\"we were awarded as Best cybersecurity vendor blog (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/malwarebytes-news\/2019\/06\/malwarebytes-labs-wins-best-cybersecurity-vendor-blog-at-infosecs-european-security-blogger-awards\/\" target=\"_blank\">we were awarded as Best Cybersecurity Vendor Blog<\/a> at the annual EU Security Blogger Awards, <a rel=\"noreferrer noopener\" aria-label=\"discussed how Maine inches closer to shutting down ISP pay-for-privacy schemes (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/privacy-2\/2019\/06\/maine-inches-closer-to-shutting-down-isp-pay-for-privacy-schemes\/\" target=\"_blank\">discussed how Maine inches closer to shutting down ISP pay-for-privacy schemes<\/a>, <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/privacy-2\/2019\/06\/hyperlink-auditing-where-has-my-option-to-disable-it-gone\/\" target=\"_blank\">asked where our options to disable hyperlink auditing had gone<\/a>, and presented a <a rel=\"noreferrer noopener\" aria-label=\"video game portrayals of hacking: NITE Team 4 (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/hacking-2\/2019\/06\/video-game-portrayals-of-hacking-nite-team-4\/\" target=\"_blank\">video game portrayals of hacking: NITE Team 4<\/a>.<\/p>\n<h3> Other cybersecurity news <\/h3>\n<ul>\n<li>At Infosecurity Europe, a security expert from Guardicore discussed a new <a rel=\"noreferrer noopener\" aria-label=\"cryptomining (opens in a new tab)\" href=\"https:\/\/threatpost.com\/infosecurity-europe-cryptojacking-is-making-a-comeback\/145266\/\" target=\"_blank\">cryptomining<\/a> malware campaign called Nanshou, and why the cryptojacking threat is set to get worse. (Source: Threatpost)<\/li>\n<li>A security breach at a third-party billing collections firm exposed the personal and financial data on as many as 7.7 million medical testing giant <a rel=\"noreferrer noopener\" aria-label=\"LabCorp (opens in a new tab)\" href=\"https:\/\/www.cnet.com\/news\/collections-firm-breach-exposes-data-on-7-7m-labcorp-customers\/\" target=\"_blank\">LabCorp<\/a> customers. (Source: Cnet)<\/li>\n<li>A researcher has created a module for the Metasploit penetration testing framework that exploits the critical <a rel=\"noreferrer noopener\" aria-label=\"BlueKeep (opens in a new tab)\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/metasploit-module-created-for-bluekeep-flaw-private-for-now\/\" target=\"_blank\">BlueKeep<\/a> vulnerability on vulnerable Windows XP, 7, and Server 2008 machines to achieve remote code execution. (Source: BleepingComputer)<\/li>\n<li>Microsoft&#8217;s security researchers have issued a warning about an <a rel=\"noreferrer noopener\" aria-label=\"ongoing spam wave (opens in a new tab)\" href=\"https:\/\/www.zdnet.com\/article\/microsoft-warns-about-email-spam-campaign-abusing-office-vulnerability\/\" target=\"_blank\">ongoing spam wave<\/a> that is spreading emails carrying malicious RTF documents that infect users with malware without user interaction, once users open the RTF documents. (Source: ZDNet)<\/li>\n<li>The <a rel=\"noreferrer noopener\" aria-label=\"Federal Trade Commission (opens in a new tab)\" href=\"https:\/\/www.ftc.gov\/news-events\/press-releases\/2019\/06\/ftc-announces-two-actions-enforcing-consumer-review-fairness-act\" target=\"_blank\">Federal Trade Commission<\/a> has issued two administrative complaints and proposed orders which prohibit businesses from using form contract terms that bar consumers from writing or posting negative reviews online. (Source: FTC.gov)<\/li>\n<li>Security researchers have discovered a <a rel=\"noreferrer noopener\" aria-label=\"new botnet (opens in a new tab)\" href=\"https:\/\/www.zdnet.com\/article\/a-botnet-is-brute-forcing-over-1-5-million-rdp-servers-all-over-the-world\/\" target=\"_blank\">new botnet<\/a> that has been attacking over 1.5 million Windows systems running a Remote Desktop Protocol (RDP) connection exposed to the Internet. (Source: ZDNet)<\/li>\n<li><a rel=\"noreferrer noopener\" aria-label=\"Microsoft (opens in a new tab)\" href=\"https:\/\/www.bbc.com\/news\/technology-48555149\" target=\"_blank\">Microsoft<\/a> has deleted a massive database of 10 million images which was being used to train facial recognition systems. The database is believed to have been used to train a system operated by police forces and the military. (Source: BBC news)<\/li>\n<li>On Tuesday, the Government Accountability Office (GAO) said that the <a rel=\"noreferrer noopener\" aria-label=\"FBI\u2019s Facial Recognition office (opens in a new tab)\" href=\"http:\/\/nakedsecurity.sophos.com\/2019\/06\/07\/the-fbi-is-sitting-on-more-than-641m-photos-of-peoples-faces\/\" target=\"_blank\">FBI\u2019s Facial Recognition office<\/a> can now search databases containing more than 641 million photos, including 21 state databases. (Source: NakedSecurity)<\/li>\n<li>Despite sharing a common Chromium codebase, browser makers like Brave, Opera, and Vivaldi don&#8217;t have plans on <a rel=\"noreferrer noopener\" aria-label=\"crippling support for ad blocker extensions (opens in a new tab)\" href=\"https:\/\/www.zdnet.com\/article\/opera-brave-vivaldi-to-ignore-chromes-anti-ad-blocker-changes-despite-shared-codebase\/\" target=\"_blank\">crippling support for ad blocker extensions<\/a> in their products\u2014as Google is currently planning on doing within Chrome. (Source: ZDNet)<\/li>\n<li>Traffic destined for some of Europe&#8217;s biggest mobile providers was misdirected in a roundabout path through the Chinese-government-controlled <a rel=\"noreferrer noopener\" aria-label=\"China Telecom (opens in a new tab)\" href=\"https:\/\/arstechnica.com\/information-technology\/2019\/06\/bgp-mishap-sends-european-mobile-traffic-through-china-telecom-for-2-hours\/\" target=\"_blank\">China Telecom<\/a> on Thursday, in some cases for more than two hours. (Source: ArsTechnica)<\/li>\n<\/ul>\n<p>Stay safe, everyone!<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/a-week-in-security\/2019\/06\/a-week-in-security-june-3-9\/\">A week in security (June 3 \u2013 9)<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/a-week-in-security\/2019\/06\/a-week-in-security-june-3-9\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Mon, 10 Jun 2019 17:30:58 +0000<\/strong><\/p>\n<table cellpadding='10'>\n<tr>\n<td valign='top' align='center'><a href='https:\/\/blog.malwarebytes.com\/a-week-in-security\/2019\/06\/a-week-in-security-june-3-9\/' title='A week in security (June 3 \u2013 9)'><img src='https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/01\/shutterstock_610335074.jpg' border='0'  width='300px'  \/><\/a><\/td>\n<\/tr>\n<tr>\n<td valign='top' align='left'>A weekly roundup of security news from June 3\u20139, including Magecart, breaches, hyperlink auditing, Bluekeep, FTC, and facial recognition.<\/p>\n<p>Categories: <\/p>\n<ul class=\"post-categories\">\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/a-week-in-security\/\" rel=\"category tag\">A week in security<\/a><\/li>\n<\/ul>\n<p>Tags: <a href=\"https:\/\/blog.malwarebytes.com\/tag\/botnet\/\" rel=\"tag\">botnet<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/browsers\/\" rel=\"tag\">browsers<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/china\/\" rel=\"tag\">china<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/cryptomining\/\" rel=\"tag\">cryptomining<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/data-leaks\/\" rel=\"tag\">data leaks<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/facial-recognition\/\" rel=\"tag\">facial recognition<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/fbi\/\" rel=\"tag\">fbi<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/ftc\/\" rel=\"tag\">FTC<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/microsoft\/\" rel=\"tag\">microsoft<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/vulnerability\/\" rel=\"tag\">vulnerability<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/web-browsers\/\" rel=\"tag\">web browsers<\/a><\/p>\n<table width='100%'>\n<tr>\n<td align=right>\n<p><b>(<a href='https:\/\/blog.malwarebytes.com\/a-week-in-security\/2019\/06\/a-week-in-security-june-3-9\/' title='A week in security (June 3 \u2013 9)'>Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/a-week-in-security\/2019\/06\/a-week-in-security-june-3-9\/\">A week in security (June 3 \u2013 9)<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[12969,10410,12014,402,15080,15700,14753,6627,10665,10516,10467,11114],"class_list":["post-15536","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-a-week-in-security","tag-botnet","tag-browsers","tag-china","tag-cryptomining","tag-data-leaks","tag-facial-recognition","tag-fbi","tag-ftc","tag-microsoft","tag-vulnerability","tag-web-browsers"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/15536","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=15536"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/15536\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=15536"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=15536"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=15536"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}