A week in security (April 19 – 25)
Last week on Malwarebytes Labs, we interviewed Youssef Sammouda, a 21-year-old bug bounty hunter who is focused on finding vulnerabilities on Facebook.
We looked into the CodeCov supply-chain attack, the vulnerabilities in Pulse Secure VPN that are being actively exploited by attackers, and the discovery of SUPERNOVA malware found on a SolarWinds Orion server.
We also featured technology, particularly facial recognition, used by the FBI to identify one of the Capitol rioters several months after it happened; we covered news about a FIN7 sysadmin being indicted for 10 years for “billions in damage”; and the calling out of EU’s proposed ban on the use of artificial intelligence, because it doesn’t deal with its potential for high abuse. Lastly, we have provided a comprehensive guide on how to pick the best VPN for you, whether you stream, play video games, or torrent.
Other cybersecurity news
- Costco issued a warning about scams targeting all its customers. (Source: InfoSecurity Magazine)
- Sophisticated Palestine-based hackers were found targeting iOS users to get them to install malware. (Source: Wired)
- A researcher demonstrated a Facebook bug that could reveal user email addresses even when set to private (Source: Wired)
- The Huawei app store was abused to house malicious apps, including the Joker malware (Source: BankInfoSecurity)
- VPN vulnerabilities are being heavily targeted by threat actors, according to a new report (Source: Dark Reading)
- Apple’s AirDrop can expose user phone numbers and email addresses (Source: The Record by Recorded Future)
- Since the first lockdown measures were introduced, the use of stalkerware and spyware apps has almost doubled (Source: PR Newswire)
Stay safe!
The post A week in security (April 19 – 25) appeared first on Malwarebytes Labs.
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.