{"id":14384,"date":"2019-01-21T09:10:16","date_gmt":"2019-01-21T17:10:16","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2019\/01\/21\/news-8136\/"},"modified":"2019-01-21T09:10:16","modified_gmt":"2019-01-21T17:10:16","slug":"news-8136","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2019\/01\/21\/news-8136\/","title":{"rendered":"A week in security (January 14 &#8211; 20)"},"content":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Mon, 21 Jan 2019 16:48:38 +0000<\/strong><\/p>\n<p>Last week on the Malwarebytes Labs blog, we took a look at how the <a href=\"https:\/\/blog.malwarebytes.com\/security-world\/2019\/01\/government-shutdown-influencing-cybersecurity-jobs\/\" target=\"_blank\" rel=\"noopener\">government shutdown<\/a> is influencing cybersecurity jobs,\u00a0Advanced Persistent Threats group <a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2019\/01\/advanced-persistent-threat-files-apt10\/\" target=\"_blank\" rel=\"noopener\">APT10<\/a>, the comeback of\u00a0<a href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2019\/01\/improved-fallout-ek-comes-back-after-short-hiatus\/\" target=\"_blank\" rel=\"noopener\">Fallout EK<\/a>, the <a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/malware\/2019\/01\/hosting-malicious-sites-legitimate-servers-threat-actors-get-away\/\" target=\"_blank\" rel=\"noopener\">hosting<\/a> of malicious sites on legitimate servers, and the\u00a0<a href=\"https:\/\/blog.malwarebytes.com\/101\/2019\/01\/collection-1-data-breach-what-you-need-to-know\/\" target=\"_blank\" rel=\"noopener\">Collection 1 data breach<\/a>.<\/p>\n<h3>Other cybersecurity news<\/h3>\n<ul>\n<li>New Zealand-based cryptocurrency exchange <a href=\"https:\/\/www.coindesk.com\/new-zealand-crypto-exchange-cryptopia-goes-offline-citing-major-hack\" target=\"_blank\" rel=\"noopener\">Cryptopia<\/a> has gone offline after suffering a security breach, which resulted in significant losses. Cryptonia has\u00a0notified and involved relevant government agencies, including the New Zealand police and the High-Tech Crimes Unit. (Source: Coindesk)<\/li>\n<li>A <a href=\"https:\/\/leamingtonobserver.co.uk\/news\/computer-hacker-who-targeted-former-employer-ordered-to-pay-20000-compensation-10809\/\" target=\"_blank\" rel=\"noopener\">former employee<\/a>\u00a0of a British company pleaded guilty to one count of gaining unauthorised access to a network with intent to commit further offences, and one count of committing unauthorised acts with the intent to impair the operation of a computer within a network. The employee was ordered to pay \u00a320,000 compensation. (Source: Leamington Observer)<\/li>\n<li>A California judge has ruled that American cops can\u2019t force people to <a href=\"https:\/\/www.forbes.com\/sites\/thomasbrewster\/2019\/01\/14\/feds-cant-force-you-to-unlock-your-iphone-with-finger-or-face-judge-rules\/\" target=\"_blank\" rel=\"noopener\">unlock a mobile phone<\/a> with their face or finger. The ruling further protects people\u2019s private lives from government searches, and is being hailed as a potentially landmark decision. (Source: Forbes)<\/li>\n<li>The <a href=\"https:\/\/www.ciodive.com\/news\/poor-procurement-practice-led-Oregon-overspend-IT\/545989\/\" target=\"_blank\" rel=\"noopener\">Oregon State Department of Administrative Services&#8217; (DAS)<\/a> Office of the State Chief Information Officer overpaid for services by between $400 million and $1.6 billion during the 2015 to 2017 timeframe, according to an audit by the Oregon Secretary of State Audit Division that looked at $8 billion of spending. (Source: CioDive)<\/li>\n<li>The recent Windows security patch CVE-2019-0543 has introduced a breaking change for a <a href=\"https:\/\/blogs.msdn.microsoft.com\/powershell\/2019\/01\/10\/windows-security-change-affecting-powershell\/\" target=\"_blank\" rel=\"noopener\">PowerShell<\/a> remoting scenario. It is a narrowly-scoped scenario that should have low impact for most users, as the breaking change only affects local loopback remoting. (Source:\u00a0PowerShell Team Blog)<\/li>\n<li>The Iceman cometh, his smartwatch told the cops: Hitman jailed after gizmo links him to Brit gangland slayings.\u00a0Avid runner and hitman Mark Fellows was this week found guilty of murder after being grassed up by his <a href=\"https:\/\/www.theregister.co.uk\/2019\/01\/19\/who_watches_the_hitmen_garmin\/\" target=\"_blank\" rel=\"noopener\">Garmin watch<\/a>. (Source: The Register)<\/li>\n<li>Security flaws were discovered in <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/vulnerabilities-found-in-highly-popular-firmware-for-wifi-chips\/\" target=\"_blank\" rel=\"noopener\">ThreadX<\/a>, a real-time operating system (RTOS) developed by Express Logic. The vendor claims on their website that ThreadX has over 6.2 billion deployments, being one of the most popular software-powering Wi-Fi chips. (Source: BleepingComputer)<\/li>\n<li>Decrypted\u00a0<a href=\"https:\/\/www.scmagazine.com\/home\/security-news\/researchers-find-telegram-bot-chatter-is-actually-windows-malware-commands\/\" target=\"_blank\" rel=\"noopener\">Telegram<\/a>\u00a0bot chatter was found to actually be a new Windows malware, dubbed GoodSender, which uses the messenger platform to listen and wait for commands.\u00a0The attacker can use Telegram to communicate with the malware and send HTTPS-protected instructions. (Source: SC Media)<\/li>\n<li>A <a href=\"https:\/\/www.engadget.com\/2019\/01\/16\/fortnite-security-flaw-epic-games-unreal-tournament\/\" target=\"_blank\" rel=\"noopener\">Fortnite<\/a>\u00a0security flaw could have exposed players&#8217; accounts. Security researchers found vulnerabilities on Epic&#8217;s site that could have let hackers access accounts. They were able to listen to Fortnite squad members speaking with each other and could have bought V-Bucks virtual currency using players&#8217; stored credit card details. (Source: Engadget)<\/li>\n<li>Pranks and challenges have always been popular on<a href=\"https:\/\/arstechnica.com\/gadgets\/2019\/01\/youtube-updates-policies-to-explicitly-ban-dangerous-pranks-challenges\/\" target=\"_blank\" rel=\"noopener\"> YouTube<\/a>, but now the Google-owned company has set stricter guidelines for such content. A new <a href=\"https:\/\/support.google.com\/youtube\/thread\/1063296?hl=en\" target=\"_blank\" rel=\"noopener\">YouTube support page<\/a> provides details for a ban on pranks and challenges that cause immediate or lasting physical or emotional harm. (Source: ArsTechnica)<\/li>\n<\/ul>\n<p>Stay safe, everyone!<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/security-world\/2019\/01\/week-security-january-14-20\/\">A week in security (January 14 &#8211; 20)<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/security-world\/2019\/01\/week-security-january-14-20\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Mon, 21 Jan 2019 16:48:38 +0000<\/strong><\/p>\n<table cellpadding='10'>\n<tr>\n<td valign='top' align='center'><a href='https:\/\/blog.malwarebytes.com\/security-world\/2019\/01\/week-security-january-14-20\/' title='A week in security (January 14 - 20)'><img src='https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/01\/shutterstock_610335074.jpg' border='0'  width='300px'  \/><\/a><\/td>\n<\/tr>\n<tr>\n<td valign='top' align='left'>A roundup of last week&#8217;s security news from January 14 to 20, including APT10, Fallout EK, Colllection 1 data, Youtube challenges, hosting malicious sites and a Fortnite security flaw. <\/p>\n<p>Categories: <\/p>\n<ul class=\"post-categories\">\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/security-world\/\" rel=\"category tag\">Security world<\/a><\/li>\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/security-world\/week-in-security\/\" rel=\"category tag\">Week in security<\/a><\/li>\n<\/ul>\n<p>Tags: <a href=\"https:\/\/blog.malwarebytes.com\/tag\/apt10\/\" rel=\"tag\">APT10<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/arstechnica\/\" rel=\"tag\">ArsTechnica<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/bleepingcomputer\/\" rel=\"tag\">BleepingComputer<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/coindesk\/\" rel=\"tag\">CoinDesk<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/collection-1\/\" rel=\"tag\">collection 1<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/cryptopia\/\" rel=\"tag\">cryptopia<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/cve-2019-0543\/\" rel=\"tag\">cve-2019-0543<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/das\/\" rel=\"tag\">DAS<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/fallout-ek\/\" rel=\"tag\">Fallout EK<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/fortnite\/\" rel=\"tag\">fortnite<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/garmin\/\" rel=\"tag\">garmin<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/garmin-watch\/\" rel=\"tag\">Garmin watch<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/hosting\/\" rel=\"tag\">hosting<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/https\/\" rel=\"tag\">HTTPS<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/oregon\/\" rel=\"tag\">oregon<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/powershell\/\" rel=\"tag\">powershell<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/powershell-team-blog\/\" rel=\"tag\">PowerShell Team Blog<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/sc-media\/\" rel=\"tag\">SC Media<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/shutdown\/\" rel=\"tag\">shutdown<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/telegram\/\" rel=\"tag\">telegram<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/threadx\/\" rel=\"tag\">threadx<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/youtube\/\" rel=\"tag\">youtube<\/a><\/p>\n<table width='100%'>\n<tr>\n<td align=right>\n<p><b>(<a href='https:\/\/blog.malwarebytes.com\/security-world\/2019\/01\/week-security-january-14-20\/' title='A week in security (January 14 - 20)'>Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/security-world\/2019\/01\/week-security-january-14-20\/\">A week in security (January 14 &#8211; 20)<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[20689,20743,18211,16703,20702,20744,20745,20746,19946,18501,19200,20747,14855,11124,8443,11191,20748,12126,10497,1343,11642,20749,10498,2593],"class_list":["post-14384","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-apt10","tag-arstechnica","tag-bleepingcomputer","tag-coindesk","tag-collection-1","tag-cryptopia","tag-cve-2019-0543","tag-das","tag-fallout-ek","tag-fortnite","tag-garmin","tag-garmin-watch","tag-hosting","tag-https","tag-oregon","tag-powershell","tag-powershell-team-blog","tag-sc-media","tag-security-world","tag-shutdown","tag-telegram","tag-threadx","tag-week-in-security","tag-youtube"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/14384","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=14384"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/14384\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=14384"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=14384"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=14384"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}