{"id":11591,"date":"2018-02-26T10:10:07","date_gmt":"2018-02-26T18:10:07","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2018\/02\/26\/news-5362\/"},"modified":"2018-02-26T10:10:07","modified_gmt":"2018-02-26T18:10:07","slug":"news-5362","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2018\/02\/26\/news-5362\/","title":{"rendered":"A week in security (February 19 \u2013 February 25)"},"content":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Mon, 26 Feb 2018 17:36:02 +0000<\/strong><\/p>\n<p>Last week on Malwarebytes Labs, we gave readers a primer on <a href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2018\/02\/encryption-101-malware-analysts-primer\/\" target=\"_blank\" rel=\"noopener\">encryption<\/a>, took a stab at <a href=\"https:\/\/blog.malwarebytes.com\/security-world\/2018\/02\/deepfakes-fakeapp-tool-briefly-includes-cryptominer\/\" target=\"_blank\" rel=\"noopener\">that Deepfakes tool<\/a>\u00a0Internet users seem\u00a0to be interested in, and started <a href=\"https:\/\/blog.malwarebytes.com\/101\/2018\/02\/how-to-build-an-incident-response-program-gdpr-guidelines\/\" target=\"_blank\" rel=\"noopener\">a new series that talks about GDPR<\/a>.<\/p>\n<p>We also looked at a <a href=\"https:\/\/blog.malwarebytes.com\/glossary\/drive-by-download\/\" target=\"_blank\" rel=\"noopener\">drive-by download<\/a> <a href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2018\/02\/chinese-criminal-experiments-with-exploits-in-drive-by-download-campaign\/\" target=\"_blank\" rel=\"noopener\">campaign<\/a> that starts in booby-trapped Chinese websites that drop malware via different exploits. This malware is a DDoS bot called Avzhan, which we then <a href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2018\/02\/avzhan-ddos-bot-dropped-by-chinese-drive-by-attack\/\" target=\"_blank\" rel=\"noopener\">studied in detail<\/a>.<\/p>\n<h3>Other news<\/h3>\n<ul>\n<li>Hackers targeted Russian and Indian banks by attempting to <a href=\"https:\/\/www.securityweek.com\/millions-stolen-russian-indian-banks-swift-attacks\" target=\"_blank\" rel=\"noopener\">abuse the SWIFT global banking network<\/a>. (Source: Security Week)<\/li>\n<li>Are you an independent writer who sells books via Amazon&#8217;s Createspace? You may want to <a href=\"https:\/\/krebsonsecurity.com\/2018\/02\/money-laundering-via-author-impersonation-on-amazon\/\" target=\"_blank\" rel=\"noopener\">check if someone is impersonating you<\/a> for fraud. (Source: KrebsOnSecurity)<\/li>\n<li>Akamai spotted an\u00a0<a href=\"http:\/\/www.computerweekly.com\/news\/252435312\/Botnets-shift-focus-to-credential-abuse\" target=\"_blank\" rel=\"noopener\">uptick in credential abuse<\/a> in the last quarter of 2017. (Source: Computer Weekly)<\/li>\n<li>Let&#8217;s read about that new Google Chrome <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/02\/16\/why-chromes-ad-filter-isnt-an-adblocker\/\" target=\"_blank\" rel=\"noopener\">&#8220;adblocker&#8221; that is actually not an adblocker<\/a> at all. (Source: Sophos&#8217; Naked Security Blog)<\/li>\n<li>Should <a href=\"https:\/\/www.darkreading.com\/endpoint\/facebook-aims-to-make-security-more-social-\/d\/d-id\/1331063\" target=\"_blank\" rel=\"noopener\">&#8220;security&#8221; and &#8220;social&#8221;<\/a> be in the same sentence together? For education&#8217;s sake, YES! (Source: Dark Reading)<\/li>\n<li>With the arrival of GDPR, spray-and-pray tactics against businesses are out the windows. <a href=\"http:\/\/www.information-age.com\/gdpr-extortion-cyber-criminals-123470872\/\" target=\"_blank\" rel=\"noopener\">Threat actors are now refining their methods.<\/a> (Source: Information Age)<\/li>\n<li>Security researchers have found that cryptocurrency miners could soon <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cryptojacking-scripts-could-soon-invade-your-word-documents\/\" target=\"_blank\" rel=\"noopener\">end up in specially crafted MS Word documents<\/a>\u00a0(so be wary if you receive one). (Source: Bleeping Computer)<\/li>\n<li><a href=\"https:\/\/www.scmagazineuk.com\/private-chats-and-user-accounts-could-be-exposed-by-tinder-security-bug\/article\/745944\/\" target=\"_blank\" rel=\"noopener\">Whoops.<\/a> There&#8217;s a security bug in Tinder. (Source: SC Magazine UK)<\/li>\n<li>&#8220;Stalkerware&#8221; companies <a href=\"https:\/\/motherboard.vice.com\/en_us\/article\/7x77ex\/hacker-strikes-stalkerware-companies-stealing-alleged-texts-and-gps-locations-of-customers\" target=\"_blank\" rel=\"noopener\">are getting hacked<\/a> left and right. And consumer spyware <a href=\"https:\/\/motherboard.vice.com\/en_us\/article\/ywqqkw\/military-fbi-and-ice-are-customers-of-controversial-stalkerware\" target=\"_blank\" rel=\"noopener\">isn&#8217;t only popular among private citizens<\/a>. (Source: Motherboard)<\/li>\n<\/ul>\n<p>Stay safe, everyone!<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/security-world\/2018\/02\/a-week-in-security-february-19-february-25\/\">A week in security (February 19 \u2013 February 25)<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/security-world\/2018\/02\/a-week-in-security-february-19-february-25\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Mon, 26 Feb 2018 17:36:02 +0000<\/strong><\/p>\n<table cellpadding='10'>\n<tr>\n<td valign='top' align='center'><a href='https:\/\/blog.malwarebytes.com\/security-world\/2018\/02\/a-week-in-security-february-19-february-25\/' title='A week in security (February 19 \u2013 February 25)'><img src='https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/01\/shutterstock_610335074.jpg' border='0'  width='300px'  \/><\/a><\/td>\n<\/tr>\n<tr>\n<td valign='top' align='left'>A roundup of notable news stories from February 19\u201325, including drive-by download attacks on Chinese websites, Deepfakes programs being paired with cryptominers, and a review of GDPR guidelines.<\/p>\n<p>Categories: <\/p>\n<ul class=\"post-categories\">\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/security-world\/\" rel=\"category tag\">Security world<\/a><\/li>\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/security-world\/week-in-security\/\" rel=\"category tag\">Week in security<\/a><\/li>\n<\/ul>\n<p>Tags: <a href=\"https:\/\/blog.malwarebytes.com\/tag\/avzhan\/\" rel=\"tag\">avzhan<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/ddos\/\" rel=\"tag\">ddos<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/deepfakes\/\" rel=\"tag\">deepfakes<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/fraud\/\" rel=\"tag\">fraud<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/gdpr\/\" rel=\"tag\">gdpr<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/impersonation\/\" rel=\"tag\">impersonation<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/krebsonsecurity\/\" rel=\"tag\">KrebsOnSecurity<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/recap\/\" rel=\"tag\">recap<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/secuity\/\" rel=\"tag\">secuity<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/weekly-blog-roundup\/\" rel=\"tag\">weekly blog roundup<\/a><\/p>\n<table width='100%'>\n<tr>\n<td align=right>\n<p><b>(<a href='https:\/\/blog.malwarebytes.com\/security-world\/2018\/02\/a-week-in-security-february-19-february-25\/' title='A week in security (February 19 \u2013 February 25)'>Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/security-world\/2018\/02\/a-week-in-security-february-19-february-25\/\">A week in security (February 19 \u2013 February 25)<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[17616,10514,17473,9751,12116,17620,17621,10503,17622,10497,10498,10506],"class_list":["post-11591","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-avzhan","tag-ddos","tag-deepfakes","tag-fraud","tag-gdpr","tag-impersonation","tag-krebsonsecurity","tag-recap","tag-secuity","tag-security-world","tag-week-in-security","tag-weekly-blog-roundup"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11591","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=11591"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11591\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=11591"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=11591"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=11591"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}