A week in security (Oct 18 – Oct 24)

Last week on Malwarebytes Labs

• Multiple vulnerabilities in popular WordPress plugin WP Fastest Cache.
• “Killware”: Is it just as bad as it sounds?
• REvil ransomware disappears after Tor services hijacked.
• Protect yourself from BlackMatter ransomware: Advice issued.
• q-logger skimmer keeps Magecart attacks going.
• How to delete your Snapchat account.
• High school student rickrolls entire school district, and gets praised.
• Chrome targeted by Magnitude exploit kit.
• Update now! Chrome fixes more security issues.
• A bug is about to confuse a lot of computers by turning back time 20 years.
• We dig into the Game Players Code.
• Ransomware: Why do backups fail when you need them most?

Other cybersecurity news

• Sinclair Broadcast Group says it suffered a ransomware attack and has had data stolen. (Source: NPR)
• After games boom in pandemic, gangs are using phishing and malware to cheat fans. (Source: The Guardian)
• A vulnerability in the trial version of WinRAR has significant consequences for the management of third-party software. (Source: PT Security)
• Slack contains an XSLeak vulnerability that de-anonymizes users. (Source: The Daily Swig)
• Gummy Browsers, a new fingerprint capturing and browser spoofing attack lets attackers spoof tracking profiles. (Source : Bleeping Computer)
• Elaborate CryptoEats food delivery scam steals $500,000 in minutes. (Source: Vice)
• Phishing campaign targets YouTube creators with cookie theft malware. (Source: Google Threat Analysis Group)
• Dutch forensic lab decrypts Tesla’s driving safety data and finds a wealth of information. (Source: The Record)
• Australia announces critical infrastructure reforms to protect the essential infrastructure in the event of a major cyber-attack. (Source: homeaffairs.gov.au)
• Popular NPM library hijacked to install password-stealers and miners. (Source: BleepingComputer)

Stay safe, everyone!

The post A week in security (Oct 18 – Oct 24) appeared first on Malwarebytes Labs.