{"id":11373,"date":"2018-02-05T11:10:08","date_gmt":"2018-02-05T19:10:08","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/02\/05\/news-5144\/"},"modified":"2018-02-05T11:10:08","modified_gmt":"2018-02-05T19:10:08","slug":"news-5144","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2018\/02\/05\/news-5144\/","title":{"rendered":"A week in security (January 29 \u2013 February 04)"},"content":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Mon, 05 Feb 2018 18:45:17 +0000<\/strong><\/p>\n<p>Last week on Labs, we looked into <a href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/social-engineering-threat-analysis\/2018\/01\/stolen-security-logos-used-to-falsely-endorse-pups\/\" target=\"_blank\" rel=\"noopener\">PUPs stealing and using mainstream logos<\/a> of security and tech companies to further gain user trust, <a href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2018\/01\/gandcrab-ransomware-distributed-by-rig-and-grandsoft-exploit-kits\/\" target=\"_blank\" rel=\"noopener\">GandCrab<\/a> and <a href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2018\/01\/scarab-ransomware-new-variant-changes-tactics\/\" target=\"_blank\" rel=\"noopener\">Scarab<\/a> ransomware variants in the wild, and a new Mac malware called <a href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2018\/02\/new-mac-cryptominer-distributed-via-a-macupdate-hack\/\" target=\"_blank\" rel=\"noopener\">OSX.CreativeUpdater<\/a> that can be distributed via MacUpdate. We also profiled <a href=\"https:\/\/blog.malwarebytes.com\/101\/2018\/02\/stop-telephoning-me-robocalls-explained\/\" target=\"_blank\" rel=\"noopener\">robocalling<\/a>\u00a0and <a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2018\/02\/ransomwares-difficult-second-album\/\" target=\"_blank\" rel=\"noopener\">ransomware<\/a>, particularly how ransomware was named <em>the<\/em> &#8220;It&#8221; malware of early- to mid-2017, and then began to fizzle like a dying firecracker at end of the year onwards.<\/p>\n<h3>Other news<\/h3>\n<ul>\n<li>Brian Krebs reminded everyone to <a href=\"https:\/\/krebsonsecurity.com\/2018\/01\/file-your-taxes-before-scammers-do-it-for-you\/\" target=\"_blank\" rel=\"noopener\">file their taxes before threat actors<\/a>\u00a0do it for them. (Source: KrebsOnSecurity)<\/li>\n<li>Hold on to your digital wallets as attacks against them will likely increase, <a href=\"https:\/\/www.express.co.uk\/finance\/city\/910799\/bitcoin-hack-btc-news-crypto-wallet-safety-security-expert-warning-cyber-attack\" target=\"_blank\" rel=\"noopener\">security experts say<\/a>. (Source: The Express)<\/li>\n<li>Well, would you look at that?\u00a0<a href=\"https:\/\/www.theregister.co.uk\/2018\/01\/30\/ransomware_diversions\/\" target=\"_blank\" rel=\"noopener\">Scammers can get scammed<\/a>, too! (Source: The Register)<\/li>\n<li>This <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/phishing-campaign-underscores-threat-from-low-budget-low-skilled-attackers\/d\/d-id\/1330941\" target=\"_blank\" rel=\"noopener\">low-budget, low technical know-how phishing campaign<\/a> was able to spy on a community for more than a year. (Source: Dark Reading)<\/li>\n<li>With all the hoopla\u00a0around Meltdown and Spectre, malware authors are beginning to take advantage of them. In fact, several malware samples are being <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/we-may-soon-see-malware-leveraging-the-meltdown-and-spectre-vulnerabilities\/\" target=\"_blank\" rel=\"noopener\">detected by a number of security companies<\/a>. (Source: Bleeping Computer)<\/li>\n<li><a href=\"https:\/\/www.secureworldexpo.com\/industry-news\/google-play-removes-record-bad-apps\" target=\"_blank\" rel=\"noopener\">Finally<\/a>, Google is weeding out bad apps from their Play Store. (Source: SecureWorld)<\/li>\n<li>A new Adobe Flash zero-day vulnerability was recently\u00a0found in the wild, and it <a href=\"https:\/\/threatpost.com\/adobe-flash-player-zero-day-spotted-in-the-wild\/129742\/\" target=\"_blank\" rel=\"noopener\">targets users in South Korea via a malicious Microsoft Word document file<\/a>. (Source: Threatpost)<\/li>\n<li>Cryptomining named as <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/crypto-mining-attacks-emerge-as-the-new-big-threat-to-enterprises\/d\/d-id\/1330965\" target=\"_blank\" rel=\"noopener\">the new threat in the enterprise environment<\/a>. (Source: Dark Reading)<\/li>\n<li>Fact: There are good bots and bad bots. <a href=\"https:\/\/www.nytimes.com\/interactive\/2018\/01\/27\/technology\/social-media-bots.html\" target=\"_blank\" rel=\"noopener\">Here&#8217;s<\/a>\u00a0a deeper look at the bad ones that are rampant on Twitter. (Source: The New York Times)<\/li>\n<li>And the <a href=\"https:\/\/www.techrepublic.com\/article\/6-important-security-takeaways-from-applying-spectre-patches\/\" target=\"_blank\" rel=\"noopener\">Spectre and Meltdown patching<\/a> go on and on and on&#8230; (Source: TechRepublic)<\/li>\n<\/ul>\n<p>Stay safe, everyone!<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/security-world\/2018\/02\/week-security-january-29-february-04\/\">A week in security (January 29 \u2013 February 04)<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/security-world\/2018\/02\/week-security-january-29-february-04\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Mon, 05 Feb 2018 18:45:17 +0000<\/strong><\/p>\n<table cellpadding='10'>\n<tr>\n<td valign='top' align='center'><a href='https:\/\/blog.malwarebytes.com\/security-world\/2018\/02\/week-security-january-29-february-04\/' title='A week in security (January 29 \u2013 February 04)'><img src='https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/01\/shutterstock_610335074.jpg' border='0'  width='300px'  \/><\/a><\/td>\n<\/tr>\n<tr>\n<td valign='top' align='left'>A compilation of notable security news from January 28 to February 4, featuring PUPs, a new Mac malware, two new ransomware variants, robocalls, and more.<\/p>\n<p>Categories: <\/p>\n<ul class=\"post-categories\">\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/security-world\/\" rel=\"category tag\">Security world<\/a><\/li>\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/security-world\/week-in-security\/\" rel=\"category tag\">Week in security<\/a><\/li>\n<\/ul>\n<p>Tags: <a href=\"https:\/\/blog.malwarebytes.com\/tag\/a-week-in-security\/\" rel=\"tag\">a week in security<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/cryptomining\/\" rel=\"tag\">cryptomining<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/mac-malware\/\" rel=\"tag\">mac malware<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/ransomware\/\" rel=\"tag\">ransomware<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/recap\/\" rel=\"tag\">recap<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/weekly-blog-roundup\/\" rel=\"tag\">weekly blog roundup<\/a><\/p>\n<table width='100%'>\n<tr>\n<td align=right>\n<p><b>(<a href='https:\/\/blog.malwarebytes.com\/security-world\/2018\/02\/week-security-january-29-february-04\/' title='A week in security (January 29 \u2013 February 04)'>Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/security-world\/2018\/02\/week-security-january-29-february-04\/\">A week in security (January 29 \u2013 February 04)<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[12969,15080,11976,3765,10503,10497,10498,10506],"class_list":["post-11373","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-a-week-in-security","tag-cryptomining","tag-mac-malware","tag-ransomware","tag-recap","tag-security-world","tag-week-in-security","tag-weekly-blog-roundup"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11373","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=11373"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11373\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=11373"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=11373"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=11373"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}