A week in security (August 16 – August 22)

Last week on Malwarebytes Labs:

  • Podcast: Katie Moussouris hacked Clubhouse. Her emails went unanswered for weeks.
  • How to troubleshoot hardware problems that look like malware problems.
  • Analysts “strongly believe” the Russian state colludes with ransomware gangs.
  • macOS 11’s hidden security improvements.
  • How to spot a DocuSign phish and what to do about it.
  • Cars and hospital equipment running Blackberry QNX may be affected by BadAlloc vulnerability.
  • Beware of COVID Pass scams.
  • T-Mobile customers, change your PINs.
  • Cisco Small Business routers vulnerable to remote attacks, won’t get a patch.
  • Largest DDoS attack ever reported gets hoovered up by Cloudflare.

Other cybersecurity news:

  • SynAck ransomware decryptor lets victims recover files for free. (Source: BleepingComputer)
  • A job ad blunder by the UK’s Ministry of Defence has accidentally revealed the existence of a secret SAS mobile hacker squad. (Source: The Register)
  • Chinese espionage tool exploits vulnerabilities in 58 widely used websites, (Source: The Record)
  • Wanted: Disgruntled employees to deploy ransomware. Get paid to be the insider threat. (Source: Krebs on Security)
  • IDC survey finds more than one third of organizations worldwide have experienced a ransomware attack or breach. (Source: IDC)
  • Hackers steal $97 million from Japan’s Liquid crypto exchange. (Source: Engadget)
  • OpenSSL announces a high severity update on August 24th. (Source: openSSL)
  • Unpatched Fortinet FortiWeb vulnerability allows remote OS command injection. (Source: Help Net Security)
  • China pushes through data protection law that applies cross-border. (Source: ZDNet)
  • NYC teachers‘ social security numbers exposed. (Source: InfoSecurity Magazine)
  • America’s secret terrorist watchlist exposed on the web without a password. (Source: Bob Diachenko)

Stay safe, everyone!

The post A week in security (August 16 – August 22) appeared first on Malwarebytes Labs.

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source