{"id":16515,"date":"2019-10-07T08:10:07","date_gmt":"2019-10-07T16:10:07","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2019\/10\/07\/news-10255\/"},"modified":"2019-10-07T08:10:07","modified_gmt":"2019-10-07T16:10:07","slug":"news-10255","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/10\/07\/news-10255\/","title":{"rendered":"A week in security (September 30 \u2013 October 6)"},"content":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Mon, 07 Oct 2019 15:43:53 +0000<\/strong><\/p>\n<p> Last week on Malwarebytes Labs, Malwarebytes renewed its <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/stalkerware\/2019\/10\/cybersecurity-domestic-violence-awareness-month-fight-stalkerware\/\" target=\"_blank\">pledge to fight stalkerware<\/a> for National Cybersecurity Awareness (NCSA) and <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/en.wikipedia.org\/wiki\/National_Coalition_Against_Domestic_Violence#Domestic_Violence_Awareness_Month\" target=\"_blank\">Domestic Violence Awareness Month<\/a>. We also looked into what <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/explained\/2019\/10\/explained-security-orchestration\/\" target=\"_blank\">security orchestration<\/a> is and reported about partnering with security firm, HYAS, to <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2019\/10\/magecart-group-4-a-link-with-cobalt-group\/\" target=\"_blank\">determine the relationship<\/a> between Magecart Group 4 and <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/attack.mitre.org\/groups\/G0080\/\" target=\"_blank\">Cobalt<\/a>, the infamous APT group behind sophisticated financially-motivated attacks on financial institutions in Europe and Asia.<\/p>\n<h3>Other cybersecurity news<\/h3>\n<ul>\n<li>In an ingenious attempt to affect Internet users and bank on their interest on certain online topics, threat actors have found a way to let Google push out campaigns for them\u2014for free\u2014<a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/www.scmagazineuk.com\/malicious-sites-pushed-via-google-alerts\/article\/1660918\" target=\"_blank\">via Google Alert<\/a>. (Source: SC Magazine UK)<\/li>\n<li>News of SMS-based attacks are becoming more frequent compared to previous years. Security Research Labs (SRLabs) recently released <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/www.forbes.com\/sites\/zakdoffman\/2019\/09\/28\/how-many-millions-of-phones-risk-sim-based-attacks-new-report-provides-answers\/#2e464aaa32ea\" target=\"_blank\">a report<\/a> containing findings on the true scale of the simjacking vulnerability and its potential damage against targets once exploited. (Source: Forbes)<\/li>\n<li>According to <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/www.wsj.com\/articles\/scammers-find-easy-prey-on-internet-marketplaces-11569784198\" target=\"_blank\">a new study on consumer behavior<\/a>, scammers find more success in luring victims in, engaging them, and stealing their money via ads in Internet marketplaces compared to robocalls. (Source: The Wall Street Journal)<\/li>\n<li>Insikt Group, a collection of veteran threat researchers, pushed out a report on two <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/www.recordedfuture.com\/disinformation-service-campaigns\/\" target=\"_blank\">threat actors who offer disinformation-as-a-service (DaaS)<\/a> on Russian underground forums to understand how positive and negative disinformation is created and distributed on the Internet. (Source: Recorded Future)<\/li>\n<li>The Media Trust discovered <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/mediatrust.com\/blog\/ghostcat-3pc-malware-targets-well-known-publishers-and-slips-through-their-blockers\" target=\"_blank\">a new malware they dubbed GhostCat-3PC<\/a> that targets known online publishers in the US and Europe. It is capable of slipping past conventional blockers to hijack mobile web sessions. (Source: The Media Trust)<\/li>\n<li>Several hospitals in Victoria, Australia, were <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/www.abc.net.au\/news\/2019-10-01\/victorian-health-services-targeted-by-ransomware-attack\/11562988\" target=\"_blank\">hit by a still unknown ransomware strain<\/a>. (Source: The ABC Australia)<\/li>\n<li>Microsoft announced that it <a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/09\/30\/outlook-on-the-web-bans-a-further-38-file-types\/\">will add 38 more file types<\/a> to its lengthening block list in Outlook. Some of these are files associated with Python, PowerShell, Java, and digital certificates. (Source: Sophos\u2019s Naked Security Blog)<\/li>\n<li>The Adwind RAT, a piece of malware used against institutions in the retail and hospitality sectors, was found <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/www.netskope.com\/blog\/new-adwind-campaign-targets-us-petroleum-industry-2\" target=\"_blank\">being actively used in campaigns<\/a> against US organizations in the oil industry. They also noticed a slight changed in its behavior: Adwind has now more obfuscation capabilities. (Source: Netskope)<\/li>\n<li>OpenDocument Text (ODT), a less mainstream document file type that can be opened by Microsoft Office and popular free open-source software, was found in <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/under-detected-odt-files-deliver-common-remote-access-trojans\/\" target=\"_blank\">recent attack campaigns to distribute malware<\/a>. The targets of these campaigns were English- and Arabic-speaking users. (Source: Bleeping Computer)<\/li>\n<li>The British government\u2019s National Cyber Security Centre (NCSC) <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/www.ncsc.gov.uk\/news\/alert-vpn-vulnerabilities\" target=\"_blank\">issued an alert<\/a> about advanced persistent threat actors actively exploiting vulnerabilities in VPN products that are used worldwide. (Source: The National Cyber Security Centre)<\/li>\n<\/ul>\n<p>Stay safe!<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/a-week-in-security\/2019\/10\/a-week-in-security-september-30-october-6\/\">A week in security (September 30 \u2013 October 6)<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/a-week-in-security\/2019\/10\/a-week-in-security-september-30-october-6\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Mon, 07 Oct 2019 15:43:53 +0000<\/strong><\/p>\n<table cellpadding='10'>\n<tr>\n<td valign='top' align='center'><a href='https:\/\/blog.malwarebytes.com\/a-week-in-security\/2019\/10\/a-week-in-security-september-30-october-6\/' title='A week in security (September 30 \u2013 October 6)'><img src='https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/01\/shutterstock_610335074.jpg' border='0'  width='300px'  \/><\/a><\/td>\n<\/tr>\n<tr>\n<td valign='top' align='left'>A roundup of the latest cybersecurity news for the week of September 30 \u2013 October 6, including National Cybersecurity Awareness Month, Magecart, and more.<\/p>\n<p>Categories: <\/p>\n<ul class=\"post-categories\">\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/a-week-in-security\/\" rel=\"category tag\">A week in security<\/a><\/li>\n<\/ul>\n<p>Tags: <a href=\"https:\/\/blog.malwarebytes.com\/tag\/adwind-rat\/\" rel=\"tag\">Adwind RAT<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/apt\/\" rel=\"tag\">APT<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/cobalt\/\" rel=\"tag\">Cobalt<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/consumer-behavior-study\/\" rel=\"tag\">consumer behavior study<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/daas\/\" rel=\"tag\">DaaS<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/disinformation-as-a-service\/\" rel=\"tag\">disinformation-as-a-service<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/domestic-violence-awareness-month\/\" rel=\"tag\">domestic violence awareness month<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/ghostcat-3pc\/\" rel=\"tag\">GhostCat-3PC<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/google-alert\/\" rel=\"tag\">Google Alert<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/hyas\/\" rel=\"tag\">HYAS<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/insikt-group\/\" rel=\"tag\">Insikt Group<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/magecart-group-4\/\" rel=\"tag\">Magecart Group 4<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/microsoft-office\/\" rel=\"tag\">Microsoft Office<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/microsoft-word\/\" rel=\"tag\">microsoft word<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/national-cyber-security-centre\/\" rel=\"tag\">National Cyber Security Centre<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/national-cybersecurity-awareness-month\/\" rel=\"tag\">national cybersecurity awareness month<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/ncsam\/\" rel=\"tag\">NCSAM<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/ncsc\/\" rel=\"tag\">NCSC<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/odt\/\" rel=\"tag\">ODT<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/opendocument-text\/\" rel=\"tag\">OpenDocument Text<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/ransomware\/\" rel=\"tag\">ransomware<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/robocall\/\" rel=\"tag\">robocall<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/scams-in-ads\/\" rel=\"tag\">scams in ads<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/security-orchestration\/\" rel=\"tag\">security orchestration<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/security-research-labs\/\" rel=\"tag\">Security Research Labs<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/simjacking\/\" rel=\"tag\">simjacking<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/sms-based-attacks\/\" rel=\"tag\">SMS-based attacks<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/srlabs\/\" rel=\"tag\">SRLabs<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/stalkerware\/\" rel=\"tag\">stalkerware<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/the-media-trust\/\" rel=\"tag\">The Media Trust<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/vpn-vulnerabilities\/\" rel=\"tag\">VPN vulnerabilities<\/a><\/p>\n<table width='100%'>\n<tr>\n<td align=right>\n<p><b>(<a href='https:\/\/blog.malwarebytes.com\/a-week-in-security\/2019\/10\/a-week-in-security-september-30-october-6\/' title='A week in security (September 30 \u2013 October 6)'>Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/a-week-in-security\/2019\/10\/a-week-in-security-september-30-october-6\/\">A week in security (September 30 \u2013 October 6)<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[12969,22257,11029,15679,23128,23058,23129,23100,23130,23131,22683,23132,23133,10909,12280,23134,15355,15497,23135,23136,23137,3765,22652,23138,23116,23139,23140,23141,23142,19409,23143,23144],"class_list":["post-16515","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-a-week-in-security","tag-adwind-rat","tag-apt","tag-cobalt","tag-consumer-behavior-study","tag-daas","tag-disinformation-as-a-service","tag-domestic-violence-awareness-month","tag-ghostcat-3pc","tag-google-alert","tag-hyas","tag-insikt-group","tag-magecart-group-4","tag-microsoft-office","tag-microsoft-word","tag-national-cyber-security-centre","tag-national-cybersecurity-awareness-month","tag-ncsam","tag-ncsc","tag-odt","tag-opendocument-text","tag-ransomware","tag-robocall","tag-scams-in-ads","tag-security-orchestration","tag-security-research-labs","tag-simjacking","tag-sms-based-attacks","tag-srlabs","tag-stalkerware","tag-the-media-trust","tag-vpn-vulnerabilities"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/16515","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=16515"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/16515\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=16515"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=16515"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=16515"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}