{"id":14853,"date":"2019-03-18T08:10:12","date_gmt":"2019-03-18T16:10:12","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/03\/18\/news-8602\/"},"modified":"2019-03-18T08:10:12","modified_gmt":"2019-03-18T16:10:12","slug":"news-8602","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2019\/03\/18\/news-8602\/","title":{"rendered":"A week in security (March 11 &#8211; 17)"},"content":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Mon, 18 Mar 2019 14:57:10 +0000<\/strong><\/p>\n<p>Last week on Malwarebytes Labs, we looked at <a href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2019\/03\/the-advanced-persistent-threat-files-lazarus-group\/\" target=\"_blank\" rel=\"noopener\">the Lazarus group<\/a> in our series about APT groups, we discussed the <a href=\"https:\/\/blog.malwarebytes.com\/security-world\/2019\/03\/explained-payment-service-directive-2-psd2\/\" target=\"_blank\" rel=\"noopener\">introduction of\u00a0Payment Service Directive 2 (PSD2)<\/a> in the EU, we tackled\u00a0<a href=\"https:\/\/blog.malwarebytes.com\/security-world\/2019\/03\/googles-nest-fiasco-harms-user-trust-and-invades-their-privacy\/\" target=\"_blank\" rel=\"noopener\">Google\u2019s Nest fiasco<\/a>, and the launch of <a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/privacy\/2019\/03\/mozilla-launches-firefox-send-for-private-file-sharing\/\" target=\"_blank\" rel=\"noopener\">Mozilla&#8217;s Firefox Send.<\/a>\u00a0In addition, we gave you an overview of\u00a0<a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2019\/03\/emotet-revisited-this-pervasive-persistent-threat-is-still-a-danger-to-businesses\/\" target=\"_blank\" rel=\"noopener\">the pervasive threat, Emotet<\/a>, and we discussed\u00a0<a href=\"https:\/\/blog.malwarebytes.com\/101\/2019\/03\/reputation-management-age-cyberattacks-businesses\/\" target=\"_blank\" rel=\"noopener\">reputation management in the age of cyberattacks against businesses<\/a>.<\/p>\n<h3>Other security news<\/h3>\n<ul>\n<li>A new <a href=\"https:\/\/www.scmagazine.com\/home\/security-news\/phishing\/facebook-phishing-campaign-hitting-ios-users\/\" target=\"_blank\" rel=\"noopener\">phishing campaign<\/a> targeting mainly iOS users is asking them to login in with their Facebook account and give away their credentials. The technique the threat actors are using can easily be ported over to scam Android users. (Source: SC Magazine)<\/li>\n<li><a href=\"https:\/\/www.theinquirer.net\/inquirer\/news\/3072335\/citrix-hack\" target=\"_blank\" rel=\"noopener\">Iranian hacker<\/a>s have stolen between six and 10 terabytes of data from Citrix. The hack was focused on assets related to NASA, aerospace contracts, Saudi Arabia&#8217;s state oil company, and the FBI. (Source: The Inquirer)<\/li>\n<li>Up to 150 million users might have downloaded and installed an Android app on their phones that contained a new strain of adware named <a href=\"https:\/\/www.zdnet.com\/article\/almost-150-million-users-impacted-by-new-simbad-android-adware\/\" target=\"_blank\" rel=\"noopener\">SimBad<\/a>. The malicious advertising kit was found inside 210 Android apps that had been uploaded on the official Google Play Store. (Source: ZDNet)<\/li>\n<li>The popularity of the<a href=\"https:\/\/securityaffairs.co\/wordpress\/82286\/malware\/fake-apex-legends.html\" target=\"_blank\" rel=\"noopener\"> Apex Legends game<\/a> and its absence on the Android Play store have attracted the attention of many malware writers who exploited this opportunity to spread malicious versions for Android. (Source: Security Affairs)<\/li>\n<li>A new insidious malware dubbed <a href=\"https:\/\/threatpost.com\/glitchpos-malware-credit-card\/142804\/\" target=\"_blank\" rel=\"noopener\">GlitchPOS<\/a> bent on siphoning credit-card numbers from point-of-sale (PoS) systems has recently been spotted on a crimeware forum.\u00a0GlitchPOS joins other recently-developed malware\u00a0 targeting the retail and hospitality space. (Source: ThreatPost)<\/li>\n<li>A partial <a href=\"https:\/\/edition.cnn.com\/2019\/03\/13\/tech\/facebook-instagram-down\/index.html\" target=\"_blank\" rel=\"noopener\">Facebook outage<\/a> affecting users around the world and stretching beyond 14 hours is believed to be the biggest interruption ever suffered by the social network. (Source: CNN)<br \/> <a href=\"https:\/\/www.cnet.com\/news\/telegram-apparently-got-3-million-signups-during-facebook-outage\/\" target=\"_blank\" rel=\"noopener\">Telegram<\/a> reported it received 3 million signups during this Facebook outage. (Source: CNet)<\/li>\n<li>A 21-year-old Australian man was arrested after earning over $200,000 from <a href=\"https:\/\/www.techspot.com\/news\/79181-australian-man-arrested-after-earning-over-200000-stolen.html\" target=\"_blank\" rel=\"noopener\">stolen Spotify and Netflix accounts<\/a>.\u00a0Allegedly, he sold the stolen accounts through an &#8220;account generator&#8221; website. (Source: TechSpot)<\/li>\n<li>A code execution vulnerability in <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/over-100-exploits-found-for-19-year-old-winrar-rce-bug\/\" target=\"_blank\" rel=\"noopener\">WinRAR (CVE-2018-20250)<\/a> generated over a hundred distinct exploits in the first week since its disclosure, and the number of exploits keeps on swelling. (Source: BleepingComputer)<\/li>\n<li>A new flaw in the content management software (CMS) <a href=\"https:\/\/thehackernews.com\/2019\/03\/hack-wordpress-websites.html\" target=\"_blank\" rel=\"noopener\">WordPress<\/a> has been discovered that could potentially lead to remote code execution attacks. Users are advised to update to the latest version, which was at 5.1.1 at the time of writing. (Source: The Hacker News)<\/li>\n<li>The <a href=\"https:\/\/www.nytimes.com\/2019\/02\/21\/business\/china-xinjiang-uighur-dna-thermo-fisher.html\" target=\"_blank\" rel=\"noopener\">Chinese authorities<\/a> are collecting DNA as a means to track their people. And it seems they got unlikely corporate and academic help from the United States. (Source: The New York Times)<\/li>\n<\/ul>\n<p>Stay safe, everyone!<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/security-world\/2019\/03\/a-week-in-security-march-11-17\/\">A week in security (March 11 &#8211; 17)<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/security-world\/2019\/03\/a-week-in-security-march-11-17\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Mon, 18 Mar 2019 14:57:10 +0000<\/strong><\/p>\n<table cellpadding='10'>\n<tr>\n<td valign='top' align='center'><a href='https:\/\/blog.malwarebytes.com\/security-world\/2019\/03\/a-week-in-security-march-11-17\/' title='A week in security (March 11 - 17)'><img src='https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/01\/shutterstock_610335074.jpg' border='0'  width='300px'  \/><\/a><\/td>\n<\/tr>\n<tr>\n<td valign='top' align='left'>A roundup of security news from March 11\u201317 covering our most recent blogs and other news, including Lazarus Group, Emotet, PSD2, reputation management, Google&#8217;s Nest, and Firefox Send.<\/p>\n<p>Categories: <\/p>\n<ul class=\"post-categories\">\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/security-world\/\" rel=\"category tag\">Security world<\/a><\/li>\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/security-world\/week-in-security\/\" rel=\"category tag\">Week in security<\/a><\/li>\n<\/ul>\n<p>Tags: <a href=\"https:\/\/blog.malwarebytes.com\/tag\/apex-legends\/\" rel=\"tag\">Apex Legends<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/chinese-dna\/\" rel=\"tag\">Chinese DNA<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/emotet\/\" rel=\"tag\">emotet<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/facebook\/\" rel=\"tag\">facebook<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/facebook-outage\/\" rel=\"tag\">Facebook outage<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/firefox-send\/\" rel=\"tag\">Firefox Send<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/google-nest\/\" rel=\"tag\">Google Nest<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/google-play\/\" rel=\"tag\">Google Play<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/lazarus-group\/\" rel=\"tag\">Lazarus Group<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/netflix\/\" rel=\"tag\">netflix<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/psd2\/\" rel=\"tag\">psd2<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/spotify\/\" rel=\"tag\">Spotify<\/a><\/p>\n<table width='100%'>\n<tr>\n<td align=right>\n<p><b>(<a href='https:\/\/blog.malwarebytes.com\/security-world\/2019\/03\/a-week-in-security-march-11-17\/' title='A week in security (March 11 - 17)'>Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/security-world\/2019\/03\/a-week-in-security-march-11-17\/\">A week in security (March 11 &#8211; 17)<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[21092,21284,15715,3589,21285,21286,21287,11268,20561,3287,21238,10497,13580,10498],"class_list":["post-14853","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-apex-legends","tag-chinese-dna","tag-emotet","tag-facebook","tag-facebook-outage","tag-firefox-send","tag-google-nest","tag-google-play","tag-lazarus-group","tag-netflix","tag-psd2","tag-security-world","tag-spotify","tag-week-in-security"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/14853","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=14853"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/14853\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=14853"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=14853"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=14853"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}