A week in security (May 10 – 16)
2021-05-17 18:47:49 Author: blog.malwarebytes.com(查看原文) 阅读量:220 收藏

A week in security (May 10 – 16)

Posted: by

Last week on Malwarebytes Labs, we watched and reported on the Colonial Pipeline ransomware attack as developments of its story unfolded. This attack triggered the White House to refine a planned Executive Order on cybersecurity. We also profiled DarkSide, the ransomware responsible for the Colonial Pipeline attack, and the criminal gang behind it.

Speaking of ransomware, we spoke with Jake Bernstein, a cybersecurity and privacy attorney and our guest in the latest Lock and Code podcast episode, to talk about the legal ramifications ransomware-turned-data-breach victims may face when they have been successfully attacked.

We also highlighted “wormable” Windows vulnerabilities on last week’s Patch Tuesday updates; touched on FragAttack, a term used to describe newly found Wi-Fi vulnerabilities that basically affects all Wi-Fi devices; addressed the question “Why MITRE ATT&CK matters”; warned about Avaddon, a new ransomware campaign; raged about WhatsApp call and message features breaking unless you share data with Facebook; applauded game developers who included cybersecurity as part of the whole gaming experience, and went “ooh!” at a novel way someone can exfiltrate data out of air-gapped networks using iPhones and AirTags.

Our expert threat hunters also noted the increase in iPhone spam attacks and observed Magecart Group 12 continuing to go strong and using a PHP-based skimmer as a new tool.

Lastly, we talked about Wi-Fi and honeypots.

Other cybersecurity news

  • The group behind the Colonial Pipeline attack claimed to be behind the Toshiba attack and data breach. (Source: Kyodo)
  • DarkSide also netted Benntag, a chemical distribution company, and got paid for it—to the tune of $4.4M USD. (Source: BleepingComputer)
  • Imposter Amazon robocalls are reaching 150 million consumers per month, according to YouMail. (Source: PR Newswire)
  • Threat actors take advantage of routine site maintenance to get people to download malformed copies of MSI Afterburn from fake website. (Source: MSI News)
  • According to a report from Immersive Labs, 81 percent of software developers have knowingly released applications that are vulnerable. (Source: Immersive Labs)
  • Panda, a new information stealer, could nab account credentials of NordVPN, Telegram, Discord, and Steam users. It also goes after cryptocurrency wallets. (Source: The Coin Radar)
  • A report on TeaBot, an new Android malware targeting European banks, was released. (Source: Cleafy)
  • Users are at risk as they continue to use Windows 7, which has already reached its end of life. (Source: Security Brief)

Stay safe!



RELATED ARTICLES

May 3, 2021 - A roundup of the previous week's most interesting security stories alongside the very best of our own research, from April 26 to May 2.

April 5, 2021 - A roundup of the previous week's security news, from March 29 to April 4.

March 22, 2021 - A roundup of the previous week's news, from March 15 to March 21.

January 18, 2021 - A roundup of the past week's breaking security news, from January 11 to January 17th.

October 19, 2020 - A roundup of interesting security news from our blog and around the web for the week of October 12 - October 18.


ABOUT THE AUTHOR


文章来源: https://blog.malwarebytes.com/a-week-in-security/2021/05/a-week-in-security-may-10-16/
如有侵权请联系:admin#unsafe.sh