{"id":15144,"date":"2019-04-22T08:10:03","date_gmt":"2019-04-22T16:10:03","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2019\/04\/22\/news-8893\/"},"modified":"2019-04-22T08:10:03","modified_gmt":"2019-04-22T16:10:03","slug":"news-8893","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2019\/04\/22\/news-8893\/","title":{"rendered":"A week in security (April 15 \u2013 21)"},"content":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Mon, 22 Apr 2019 15:47:21 +0000<\/strong><\/p>\n<p>Last week, Malwarebytes Labs revealed <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2019\/04\/ellen-degeneres-giveaway-scam-spreading-on-social-media\/\" target=\"_blank\">multiple giveaway online scam campaigns<\/a> banking on the popularity (and generosity) of Ellen DeGeneres, weighed in on <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2019\/04\/hackers-snab-emails-and-more-in-microsoft-outlook-hotmail-and-msn-compromise\/\" target=\"_blank\">the hack that compromised legacy Microsoft email service accounts<\/a> like Hotmail and MSN, explained <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/101\/2019\/04\/explained-like-farming\/\" target=\"_blank\">what \u201clike-farming\u201d means<\/a> and how to spot it on social media, and <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2019\/04\/funky-malware-format-found-in-ocean-lotus-sample\/\" target=\"_blank\">spotlighted on uncharacteristic executable file formats<\/a> one of our researchers presented at the SAS conference.<\/p>\n<p>We also exposed <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2019\/04\/electrum-bitcoin-wallets-under-siege\/\" target=\"_blank\">persistent phishing campaigns targeting Electrum wallet users<\/a> to defraud them of Bitcoins and <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/101\/business\/2019\/04\/when-malware-becomes-a-threat-to-physical-security\/\" target=\"_blank\">how malware can pose a physical threat<\/a> to those inside industrial plants and to the residents nearby them.<\/p>\n<h3>Other cybersecurity news<\/h3>\n<ul>\n<li>According to a cyber resilience study by IBM Security and the Ponemon Institute, more than three-quarters of <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/www.helpnetsecurity.com\/2019\/04\/12\/cybersecurity-incident-response-plan\/\" target=\"_blank\">organizations don\u2019t have a cybersecurity incident response plan<\/a>. (Source: Help Net Security)<\/li>\n<li>Homeland Security issued <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/techcrunch.com\/2019\/04\/12\/enterprise-security-flaws\/\" target=\"_blank\">a security alert on a flaw present in several enterprise virtual private network (VPN) software<\/a> from popular vendors, including Cisco and Palo Alto Networks. (Source: TechCrunch)<\/li>\n<li>Researchers from Chronicle Security discovered <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/www.infosecurity-magazine.com\/infosec\/cybersecurity-researchers-1-1\/\" target=\"_blank\">Flame 2.0<\/a>\u2014a newer version of the nation-state backed spying malware, Flame, which made headlines in 2012\u2014years after the threat actors behind Flame purportedly pulled the plug on the campaign. (Source: InfoSecurity Magazine)<\/li>\n<li>Airbnb-hoppers, beware! Scammers who are out to swindle current and potential Airbnb customers are using <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/krebsonsecurity.com\/2019\/04\/land-lordz-service-powers-airbnb-scams\/\" target=\"_blank\">an automated tool to create fake Airbnb sites<\/a> and then send out ads for these listings. (Source: KrebsOnSecurity)<\/li>\n<li>The latest IE flaw publicly disclosed by a security researcher (<a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/www.zdnet.com\/article\/internet-explorer-zero-day-lets-hackers-steal-files-from-windows-pcs\/\" target=\"_blank\">because Microsoft refused to patch it<\/a>) can make it possible for hackers to steal files from affected systems. (Source: ZDNet)<\/li>\n<li>A <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/threatpost.com\/tictoctrack-smartwatch-flaws-track-kids\/143791\/\" target=\"_blank\">popular but flawed children\u2019s smartwatch<\/a> in Australia can allow hackers and stalkers to track minors, spoof their location, or view PII on the victim\u2019s account. (Source: Threatpost)<\/li>\n<li>Potentially hijacked verified Instagram accounts peddling verification badges to influencers was the latest scam that made rounds on Instagram: a <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/www.forbes.com\/sites\/johnkoetsier\/2019\/04\/15\/scammers-with-verified-instagram-accounts-cheating-influencers-with-fake-verification-service\/\" target=\"_blank\">fake Instagram verification service<\/a>. (Source: Forbes)<\/li>\n<li>Yes, <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/www.c4isrnet.com\/cyber\/2019\/04\/16\/with-malware-and-access-hackers-can-hide-tumors-in-ct-scans\/\" target=\"_blank\">CT scans can be manipulated to show false results<\/a>. Then again, why do this when you can simply swap one scan with another\u2019s? (Source: C4ISRNET)<\/li>\n<li>The Notre Dame Cathedral fire did not only bring a quick turnaround of monetary support for the cathedral\u2019s rebuilding. It has also <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/blog.knowbe4.com\/scam-of-the-week-notre-dame-disaster-causes-firestorm-of-social-engineering-and-misinformation\" target=\"_blank\">opened a door for disinformation<\/a> surrounding the event to creep in. (Source: KnowBe4)<\/li>\n<li><a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/www.darkreading.com\/vulnerabilities---threats\/meet-scranos-new-rootkit-based-malware-gains-confidence\/d\/d-id\/1334436\" target=\"_blank\">The Scranos rootkit family<\/a> is a cross-platform password- and data-stealing malware. It started spreading in China first, which researchers believed was its testbed, before the malware was eventually deployed globally. (Source: Dark Reading)<\/li>\n<\/ul>\n<p> Stay safe, everyone! <\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/security-world\/2019\/04\/a-week-in-security-april-15-21\/\">A week in security (April 15 \u2013 21)<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/security-world\/2019\/04\/a-week-in-security-april-15-21\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Mon, 22 Apr 2019 15:47:21 +0000<\/strong><\/p>\n<table cellpadding='10'>\n<tr>\n<td valign='top' align='center'><a href='https:\/\/blog.malwarebytes.com\/security-world\/2019\/04\/a-week-in-security-april-15-21\/' title='A week in security (April 15 \u2013 21)'><img src='https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/01\/shutterstock_610335074.jpg' border='0'  width='300px'  \/><\/a><\/td>\n<\/tr>\n<tr>\n<td valign='top' align='left'>A roundup of security news from April 15\u201321, including an explanation of like-farming, Ellen DeGeneres scam, flaws in VPN services, funky malware formats found in Ocean Lotus, and more.<\/p>\n<p>Categories: <\/p>\n<ul class=\"post-categories\">\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/security-world\/\" rel=\"category tag\">Security world<\/a><\/li>\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/security-world\/week-in-security\/\" rel=\"category tag\">Week in security<\/a><\/li>\n<\/ul>\n<p>Tags: <a href=\"https:\/\/blog.malwarebytes.com\/tag\/a-week-in-security\/\" rel=\"tag\">a week in security<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/cyber-resilience\/\" rel=\"tag\">cyber resilience<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/ellen-degeneres\/\" rel=\"tag\">Ellen DeGeneres<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/fake-airbnb-sites\/\" rel=\"tag\">fake Airbnb sites<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/flame-2-0\/\" rel=\"tag\">Flame 2.0<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/ie-vulnerability\/\" rel=\"tag\">IE vulnerability<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/like-farming\/\" rel=\"tag\">like-farming<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/notre-dame-disinformation\/\" rel=\"tag\">notre dame disinformation<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/vpn-flaw\/\" rel=\"tag\">VPN flaw<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/week-in-security\/\" rel=\"tag\">week in security<\/a><\/p>\n<table width='100%'>\n<tr>\n<td align=right>\n<p><b>(<a href='https:\/\/blog.malwarebytes.com\/security-world\/2019\/04\/a-week-in-security-april-15-21\/' title='A week in security (April 15 \u2013 21)'>Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/security-world\/2019\/04\/a-week-in-security-april-15-21\/\">A week in security (April 15 \u2013 21)<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[12969,21603,6292,21604,21605,21606,21583,21607,10497,21608,10498],"class_list":["post-15144","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-a-week-in-security","tag-cyber-resilience","tag-ellen-degeneres","tag-fake-airbnb-sites","tag-flame-2-0","tag-ie-vulnerability","tag-like-farming","tag-notre-dame-disinformation","tag-security-world","tag-vpn-flaw","tag-week-in-security"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/15144","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=15144"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/15144\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=15144"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=15144"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=15144"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}