{"id":12661,"date":"2018-06-25T09:10:02","date_gmt":"2018-06-25T17:10:02","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/06\/25\/news-6429\/"},"modified":"2018-06-25T09:10:02","modified_gmt":"2018-06-25T17:10:02","slug":"news-6429","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2018\/06\/25\/news-6429\/","title":{"rendered":"A week in security (June 18 \u2013 June 24)"},"content":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Mon, 25 Jun 2018 16:29:22 +0000<\/strong><\/p>\n<p>Last week, we took a deep dive into\u00a0<a href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2018\/06\/samsam-ransomware-controlled-distribution\/\" target=\"_blank\" rel=\"noopener\">SamSam ransomware,<\/a>\u00a0looked at ways\u00a0<a href=\"https:\/\/blog.malwarebytes.com\/101\/2018\/06\/five-easy-ways-to-recognize-and-dispose-of-malicious-emails\/\" target=\"_blank\" rel=\"noopener\">how to identify and delete malicious emails,<\/a>\u00a0recognized that there are now <a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2018\/06\/psa-recruitment-portals-and-job-sites-at-risk\/\" target=\"_blank\" rel=\"noopener\">risks affecting job recruitment portals<\/a>, analyzed a\u00a0<a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2018\/06\/fake-fortnite-android-links-found-youtube\/\" target=\"_blank\" rel=\"noopener\">malicious Android app banking on the popularity of Fortnite,<\/a>\u00a0and identified <a href=\"https:\/\/blog.malwarebytes.com\/security-world\/2018\/06\/whats-causing-the-cybersecurity-skills-gap\/\" target=\"_blank\" rel=\"noopener\">causes and solutions for the skills shortage in cybersecurity<\/a>.<\/p>\n<h3>Other news<\/h3>\n<ul>\n<li style=\"list-style-type: none\">\n<ul>\n<li>Security researchers <a href=\"https:\/\/www.reuters.com\/article\/us-china-usa-cyber\/china-based-campaign-breached-satellite-defense-companies-symantec-idUSKBN1JF2X0\" target=\"_blank\" rel=\"noopener\">pointed a finger at China<\/a> for a sophisticated hacking campaign that breached satellite operators, telco companies, and defense contractors. (Source: Reuters)<\/li>\n<li>Latest Netflix phishing campaign\u00a0<a href=\"https:\/\/isc.sans.edu\/forums\/diary\/Secure+Phishing+Netflix+Phishing+Goes+TLS\/23786\/\" target=\"_blank\" rel=\"noopener\">started using valid TLS certificates<\/a>. Typical. (Source: SANS InfoSec Forum)<\/li>\n<li>Two studies reveal that <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/most-websites-and-web-apps-no-match-for-attack-barrage\/d\/d-id\/1332092\" target=\"_blank\" rel=\"noopener\">most websites and web apps are poorly secured<\/a>. (Source: Dark Reading)<\/li>\n<li>An artist-cum-programmer realized that <a href=\"https:\/\/www.wired.com\/story\/chromecast-roku-sonos-dns-rebinding-vulnerability\/\" target=\"_blank\" rel=\"noopener\">streaming devices are vulnerable to DNS rebinding<\/a>, a weakness that has been known within the security industry for years.\u00a0 (Source: Wired)<\/li>\n<li>An <a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/fakespy-android-information-stealing-malware-targets-japanese-and-korean-speaking-users\/\" target=\"_blank\" rel=\"noopener\">information stealer malware on Android<\/a> is found to particularly fond of Japanese- and Korean-speaking users. (Source: The TrendLabs Security Intelligence Blog)<\/li>\n<li><a href=\"https:\/\/www.darkreading.com\/vulnerabilities---threats\/mylobot-malware-brings-new-sophistication-to-botnets\/d\/d-id\/1332100\" target=\"_blank\" rel=\"noopener\">Mylobot<\/a>, a new malware, is so sophisticated that it made experts see botnets in a new light. (Source: Dark Reading)<\/li>\n<li><a href=\"https:\/\/www.techrepublic.com\/article\/beware-this-android-emulator-its-hijacking-your-gpu-to-mine-cryptocurrency\/\" target=\"_blank\" rel=\"noopener\">Andy Android OS Emulator was in hot water<\/a> after being found to drop a cryptocurrency miner on affected smartphones. (Source: TechRepublic)<\/li>\n<li>Researchers found <a href=\"https:\/\/blog.checkpoint.com\/2018\/06\/18\/cyber-criminals-are-on-the-offensive-during-the-world-cup-wallchart-phishing-campaign-exploits-soccer-fans\/\" target=\"_blank\" rel=\"noopener\">a phishing campaign targeting soccer fans<\/a> who were tuning in to the World Cup. (Source: Check Point)<\/li>\n<li>An Android RAT (remote administration tool) was found capable of <a href=\"https:\/\/www.welivesecurity.com\/2018\/06\/18\/new-telegram-abusing-android-rat\/\" target=\"_blank\" rel=\"noopener\">abusing the Telegram protocol<\/a>. (Source: ESET&#8217;s We Live Security Blog)<\/li>\n<li>A <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/06\/22\/wannacrypt-ransomware-scam-demands-payment-in-advance\/\" target=\"_blank\" rel=\"noopener\">new email scam<\/a> was banking on the popularity of the WannaCry ransomware to threaten and force recipients to pay up in advance. (Source: Sophos&#8217;s Naked Security Blog)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Stay safe, everyone!<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/security-world\/2018\/06\/a-week-in-security-june-18-june-24\/\">A week in security (June 18 \u2013 June 24)<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/security-world\/2018\/06\/a-week-in-security-june-18-june-24\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Mon, 25 Jun 2018 16:29:22 +0000<\/strong><\/p>\n<table cellpadding='10'>\n<tr>\n<td valign='top' align='center'><a href='https:\/\/blog.malwarebytes.com\/security-world\/2018\/06\/a-week-in-security-june-18-june-24\/' title='A week in security (June 18 \u2013 June 24)'><img src='https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/01\/shutterstock_610335074.jpg' border='0'  width='300px'  \/><\/a><\/td>\n<\/tr>\n<tr>\n<td valign='top' align='left'>A roundup of security news from June 18 \u2013 24 that includes the SamSam ransomware, DNS rebinding, a World Cup phishing campaign, and lots and lots of Android malware.<\/p>\n<p>Categories: <\/p>\n<ul class=\"post-categories\">\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/security-world\/\" rel=\"category tag\">Security world<\/a><\/li>\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/security-world\/week-in-security\/\" rel=\"category tag\">Week in security<\/a><\/li>\n<\/ul>\n<p>Tags: <a href=\"https:\/\/blog.malwarebytes.com\/tag\/android-malware\/\" rel=\"tag\">android malware<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/android-rat\/\" rel=\"tag\">android rat<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/android-spyware\/\" rel=\"tag\">Android spyware<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/andy-android-emulator\/\" rel=\"tag\">andy android emulator<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/cybersecurity-skills-gap\/\" rel=\"tag\">cybersecurity skills gap<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/dns-rebinding\/\" rel=\"tag\">DNS rebinding<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/fake-fortnite\/\" rel=\"tag\">Fake Fortnite<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/insecure-web-apps\/\" rel=\"tag\">insecure web apps<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/insecure-website\/\" rel=\"tag\">insecure website<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/malicious-spam\/\" rel=\"tag\">malicious spam<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/mylobot\/\" rel=\"tag\">mylobot<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/netflix-phish\/\" rel=\"tag\">netflix phish<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/rat\/\" rel=\"tag\">rat<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/recruitment-portal-flaws\/\" rel=\"tag\">recruitment portal flaws<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/samsam-ransomware\/\" rel=\"tag\">samsam ransomware<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/skills-shortage\/\" rel=\"tag\">skills shortage<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/wanna-ransomware\/\" rel=\"tag\">wanna ransomware<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/wannacry-scam\/\" rel=\"tag\">wannacry scam<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/world-cup-phishing\/\" rel=\"tag\">world cup phishing<\/a><\/p>\n<table width='100%'>\n<tr>\n<td align=right>\n<p><b>(<a href='https:\/\/blog.malwarebytes.com\/security-world\/2018\/06\/a-week-in-security-june-18-june-24\/' title='A week in security (June 18 \u2013 June 24)'>Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/security-world\/2018\/06\/a-week-in-security-june-18-june-24\/\">A week in security (June 18 \u2013 June 24)<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[11254,18827,18828,18829,18810,18830,18831,18832,18833,15719,18834,18353,1810,18800,18277,10497,18310,18835,18836,10498,18837],"class_list":["post-12661","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-android-malware","tag-android-rat","tag-android-spyware","tag-andy-android-emulator","tag-cybersecurity-skills-gap","tag-dns-rebinding","tag-fake-fortnite","tag-insecure-web-apps","tag-insecure-website","tag-malicious-spam","tag-mylobot","tag-netflix-phish","tag-rat","tag-recruitment-portal-flaws","tag-samsam-ransomware","tag-security-world","tag-skills-shortage","tag-wanna-ransomware","tag-wannacry-scam","tag-week-in-security","tag-world-cup-phishing"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/12661","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=12661"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/12661\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=12661"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=12661"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=12661"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}