{"id":7844,"date":"2017-06-05T13:11:12","date_gmt":"2017-06-05T21:11:12","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/06\/05\/news-1626\/"},"modified":"2017-06-05T13:11:12","modified_gmt":"2017-06-05T21:11:12","slug":"news-1626","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2017\/06\/05\/news-1626\/","title":{"rendered":"A week in security (May 29 \u2013 Jun 04)"},"content":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Mon, 05 Jun 2017 13:59:32 +0000<\/strong><\/p>\n<p>Last week, we looked at a <a href=\"https:\/\/blog.malwarebytes.com\/glossary\/ransomware\/\" target=\"_blank\" rel=\"noopener noreferrer\">ransomware<\/a> strain that appears to be a fake version of\u00a0<a href=\"https:\/\/blog.malwarebytes.com\/?s=dma+locker\" target=\"_blank\" rel=\"noopener noreferrer\">DMA Locker<\/a>. We also focused on <a href=\"https:\/\/blog.malwarebytes.com\/glossary\/adware\/\" target=\"_blank\" rel=\"noopener noreferrer\">adware<\/a> that use scheduled tasks in <a href=\"https:\/\/blog.malwarebytes.com\/puppum\/2017\/05\/adware-the-series-part-4\/\" target=\"_blank\" rel=\"noopener noreferrer\">part 4<\/a> of a series. Lastly, we talked about <a href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/social-engineering-threat-analysis\/2017\/06\/spotting-fake-reviews-have-healthy-online-skepticism\/\" target=\"_blank\" rel=\"noopener noreferrer\">fake reviews<\/a> and how to spot them.<\/p>\n<p>Below are notable news stories and security-related happenings:<\/p>\n<ul>\n<li><a href=\"https:\/\/www.helpnetsecurity.com\/2017\/05\/30\/healthcare-industry-software-security\/\" target=\"_blank\" rel=\"noopener noreferrer\">Healthcare Industry Continues To Struggle With Software Security.<\/a> &#8220;According to the results of a recent survey, roughly one third of device makers and HDOs are aware of potential adverse effects to patients due to an insecure medical device, but despite the risk only 17 percent of device makers and 15 percent of HDOs are taking significant steps to prevent such attacks.&#8221; <em>(Source: Help Net Security)<\/em><\/li>\n<li><a href=\"https:\/\/futurefive.co.nz\/story\/need-internet-security-your-devices\/\" target=\"_blank\" rel=\"noopener noreferrer\">The Need For Internet Security On Your Devices.<\/a> &#8220;Cyber crime seems to be making headlines every other day. Cyber crime continues to be a growing problem for kiwi\u2019s, costing us over $257 million per year.\u00a0 This means that it\u2019s important now more than ever to ensure that you are protected against the plethora of threats that seek to compromise your devices.&#8221; <em>(Source: Future Five)<\/em><\/li>\n<li><a href=\"http:\/\/www.moneycontrol.com\/news\/trends\/current-affairs-trends\/dont-wanna-cry-after-meeting-judy-how-to-secure-your-mobile-from-malware-2292133.html\" target=\"_blank\" rel=\"noopener noreferrer\">Don\u2019t Wanna Cry After Meeting Judy? How To Secure Your Mobile From Malware.<\/a> &#8220;Security firm Checkpoint on Thursday revealed that around 36.5 million Android devices were likely infected by a malware, dubbed as \u2018Judy\u2019, after downloading apps developed by South Korea-based Kiniwini and published under the name of ENISTUDIO Corp. The Korean firm developed 41 such malicious apps and was able to bypass Google&#8217;s security protocols on the Play Store, thereby making the app available for download.&#8221; <em>(Source: Money Control)<\/em><\/li>\n<li><a href=\"http:\/\/www.scmp.com\/news\/china\/policies-politics\/article\/2096094\/chinas-tough-cybersecurity-law-come-force-week\" target=\"_blank\" rel=\"noopener noreferrer\">China\u2019s Tough Cybersecurity Law To Come Into Force This Week.<\/a> &#8220;China, battling increased threats from cyber-terrorism and hacking, will adopt from Thursday a controversial law that mandates strict data surveillance and storage for firms working in the country, the state-run Xinhua news agency said. The law, passed in November by the country\u2019s largely rubber-stamp parliament, bans online service providers from collecting and selling users\u2019 personal information and gives users the right to have their information deleted, in cases of abuse.&#8221; <em>(Source: South China Morning Post)<\/em><\/li>\n<li><a href=\"https:\/\/www.helpnetsecurity.com\/2017\/05\/30\/secure-smart-cities\/\" target=\"_blank\" rel=\"noopener noreferrer\">What Will It Take To Keep Smart Cities Safe?<\/a> &#8220;&#8216;Smart cities&#8217; use smart technologies in their critical infrastructure sectors: energy, transportation, environment, communications, and government. This includes smart systems for energy management, parking management systems, public transportation information coordination, transportation sharing, traffic management, air quality monitoring, waste management, e-government, connectivity, and so on.&#8221; <em>(Source: Help Net Security)<\/em><\/li>\n<li><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/it-biz-leaders-boards-dont-take\/\" target=\"_blank\" rel=\"noopener noreferrer\">IT and Biz Leaders: Boards Don\u2019t Take Security Seriously.<\/a> &#8220;Nearly half of IT and business decision makers globally don\u2019t think their boards are capable of effectively managing cybersecurity threats, despite the vast majority (77%) believing it is now the C-level\u2019s responsibility, according to new research from Control Risks.&#8221; <em>(Source: InfoSecurity Magazine)<\/em><\/li>\n<li><a href=\"https:\/\/www.wired.com\/2017\/05\/bitcoin-come-roaring-back-risks\/\" target=\"_blank\" rel=\"noopener noreferrer\">Bitcoin Has Come Roaring Back<\/a><a href=\"https:\/\/arstechnica.com\/security\/2017\/06\/onelogin-data-breach-compromised-decrypted\/\" target=\"_blank\" rel=\"noopener noreferrer\">\u2014<\/a><a href=\"https:\/\/www.wired.com\/2017\/05\/bitcoin-come-roaring-back-risks\/\" target=\"_blank\" rel=\"noopener noreferrer\">But So Have The Risks.<\/a> &#8220;The big question is whether a crash is coming or whether cryptocurrencies have hit their stride. Should investors cash out now while the getting is good, or buy more now before the price climbs even higher? So far, when it comes to bitcoin, the only real rule is volatility.&#8221; <em>(Source: Wired)<\/em><\/li>\n<li><a href=\"https:\/\/arstechnica.com\/security\/2017\/06\/onelogin-data-breach-compromised-decrypted\/\" target=\"_blank\" rel=\"noopener noreferrer\">OneLogin Suffers Breach\u2014Customer Data Said To Be Exposed, Decrypted.<\/a> &#8220;OneLogin told fretful customers in an internal notification that they would need to work through a number of steps to secure their accounts, including generation of new API credentials and OAuth tokens. Any users served by the firm&#8217;s US data centre have been hit by the breach, OneLogin said.&#8221; <em>(Source: Ars Technica)<\/em><\/li>\n<li><a href=\"http:\/\/securityaffairs.co\/wordpress\/59606\/hacking\/linux-flaw.html\" target=\"_blank\" rel=\"noopener noreferrer\">A Recently Discovered Linux Flaw Could Be Exploited By Sudo Users To Gain Root Privileges.<\/a> &#8220;Security researchers at Qualys Security have discovered a Linux flaw that could be exploited to gain root privileges and overwrite any file on the filesystem on SELinux-enabled systems. The high severity flaw, tracked as CVE-2017-1000367, resides in the Sudo\u2019s get_process_ttyname() for Linux and is related to the way Sudo parses tty information from the process status file in the proc filesystem.&#8221; <em>(Source: Security Affairs)<\/em><\/li>\n<li><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/kmart-point-of-sale-hacked\/\" target=\"_blank\" rel=\"noopener noreferrer\">Kmart Point of Sale Hacked With &#8216;Undetectable&#8217; Malware.<\/a> &#8220;Kmart is not saying how many of its 750 stores in the US were affected by the point-of-sale (PoS) malware, but it stressed that no personal data, including names, addresses, Social Security Numbers or email addresses, was stolen. It also talked up its EMV reader implementation.&#8221; <em>(Source: InfoSecurity Magazine)<\/em><\/li>\n<li><a href=\"https:\/\/www.wired.com\/2017\/05\/inside-googles-global-campaign-shut-phishing\/\" target=\"_blank\" rel=\"noopener noreferrer\">Inside Google&#8217;s Global Campaign To Shut Down Phishing.<\/a> &#8220;At the beginning of May, a phishing scam flooded the web, disguised as a typical Google Docs request. Some of the emails even appeared to come from acquaintances. If victims clicked through and granted seemingly innocuous permissions, they exposed their entire Gmail account to whoever was behind the scam. It was an explosive scheme. And Google responded in kind.&#8221; <em>(Source: Wired)<\/em><\/li>\n<\/ul>\n<p>Safe surfing, everyone!<\/p>\n<p><em>The Malwarebytes Labs Team<\/em><\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/security-world\/week-in-security\/2017\/06\/week-security-may-29-jun-04\/\">A week in security (May 29 \u2013 Jun 04)<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/security-world\/week-in-security\/2017\/06\/week-security-may-29-jun-04\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Mon, 05 Jun 2017 13:59:32 +0000<\/strong><\/p>\n<table cellpadding='10'>\n<tr>\n<td valign='top' align='center'><a href='https:\/\/blog.malwarebytes.com\/security-world\/week-in-security\/2017\/06\/week-security-may-29-jun-04\/' title='A week in security (May 29 \u2013 Jun 04)'><img src='https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2017\/01\/photodune-702886-calendar-l.jpg' border='0'  width='300px'  \/><\/a><\/td>\n<\/tr>\n<tr>\n<td valign='top' align='left'>Ransomware, adware, fake reviews, and noteworthy security news are covered in this week&#8217;s recap.<\/p>\n<p>Categories: <\/p>\n<ul class=\"post-categories\">\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/security-world\/\" rel=\"category tag\">Security world<\/a><\/li>\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/security-world\/week-in-security\/\" rel=\"category tag\">Week in security<\/a><\/li>\n<\/ul>\n<p>Tags: <a href=\"https:\/\/blog.malwarebytes.com\/tag\/adware\/\" rel=\"tag\">adware<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/dma-locker\/\" rel=\"tag\">DMA Locker<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/fake-reviews\/\" rel=\"tag\">fake reviews<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/ransomware\/\" rel=\"tag\">ransomware<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/recap\/\" rel=\"tag\">recap<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/weekly-blog-roundup\/\" rel=\"tag\">weekly blog roundup<\/a><\/p>\n<table width='100%'>\n<tr>\n<td align=right>\n<p><b>(<a href='https:\/\/blog.malwarebytes.com\/security-world\/week-in-security\/2017\/06\/week-security-may-29-jun-04\/' title='A week in security (May 29 \u2013 Jun 04)'>Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/security-world\/week-in-security\/2017\/06\/week-security-may-29-jun-04\/\">A week in security (May 29 \u2013 Jun 04)<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[10468,12381,12528,3765,10503,10497,10498,10506],"class_list":["post-7844","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-adware","tag-dma-locker","tag-fake-reviews","tag-ransomware","tag-recap","tag-security-world","tag-week-in-security","tag-weekly-blog-roundup"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7844","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=7844"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7844\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=7844"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=7844"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=7844"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}