A week in security (August 23 – August 29)

Last week on Malwarebytes Labs:

  • Patch now! Microsoft Exchange is being attacked via ProxyShell
  • Realtek-based routers, smart devices are being gobbled up by a voracious botnet
  • Criminals exploited weak checks and old tech to pull off vast COVID benefit fraud
  • Mice “taking over the world!”, one Windows machine at a time
  • The best browsers for privacy and security
  • Cold wallet, hot wallet, or empty wallet? What is the safest way to store cryptocurrency?
  • US government and private sector agree to invest time, money in cybersecurity
  • Latest iPhone exploit, FORCEDENTRY, used to launch Pegasus attack against Bahraini activists
  • How to stay secure from ransomware attacks this Labor Day weekend
  • Microsoft warns about phishing campaign using open redirects

Other cybersecurity news:

  • A vulnerability in Microsoft Azure left thousands of customer databases exposed. (Source: Reuters)
  • Researchers from vpnMentor discovered an insecure database belonging to EskyFun, a Chinese Android game developer, exposing millions of gamers to hacking. (Source: vpnMentor)
  • The UK will begin making changes to privacy laws as they depart from GDPR as part of post-Brexit proceedings. (Source: The Wall Street Journal)
  • China is reportedly hiring hackers to become spies and entrepreneurs at the same time. (Source: The New York Times)
  • Phishers used an XSS vulnerability in UPS’s official site to spread malware. (Source: BleepingComputer)
  • JP Morgan Chase bank customers were notified that their data was inadvertently exposed to other users. (Source: SecurityWeek)
  • ALTDOS is hacking companies in Southeast Asia to steal data and either ransom it back to them or sell for profit. (Source: The Record by Recorded Future)
  • Flaws in infusion pumps could let hackers increase medication dosage. (Source: WIRED)
  • Researchers for Zscaler revealed the prevalence of fake streaming sites and adware during the 2020 Tokyo Olympics. (Source: Zscaler Blog)
  • Bumble, a popular dating app, was leaking users’ exact locations until recently patched. (Source: IT News)

Stay safe, everyone!

The post A week in security (August 23 – August 29) appeared first on Malwarebytes Labs.

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source