A week in security (Sept 20 – Sept 26)

September 28, 2021

Last week on Malwarebytes Labs

  • Freedom Hosting operator gets 27 years for hosting dark web abuse sites
  • Microsoft makes a bold move towards a password-less future
  • New Mac malware masquerades as iTerm2, remote desktop and other apps
  • Internet safety tips for kids and teens: a comprehensive guide for the modern parent
  • Google, geofence warrants, and you
  • No, Colonel Gaddafi’s daughter isn’t emailing to give you untold riches
  • Patch vCenter Server “right now”, VMWare expects CVE-2021-22005 exploitation within minutes of disclosure
  • Patch now! Insecure Hikvision security cameras can be taken over remotely
  • MSHTML attack targets Russian state rocket centre and interior ministry
  • Italian mafia cybercrime sting leads to 100+ arrests
  • How to clear your cache
  • Microsoft exchange autodiscover flaw reveals users’ passwords
  • Parents and teachers believe digital surveillance of kids outweighs risks
  • SonicWall warns users to patch critical vulnerability “as soon as possible”
  • Beware! Uber scam lures victims with alert from a real Uber number
  • Teaching cybersecurity skills to special needs children with Alana Robinson: Lock and Code S02E18

Other cybersecurity news

  • UK ministry of defence apologises – again – after another major email blunder in Afghanistan (Source: The Register)
  • Database containing personal info of 106 million international visitors to Thailand exposed online (Source: Comparitech)
  • Fake WhatsApp backup message delivers malware to Spanish speakers’ devices (Source: The Daily Swig)
    Mobile phones of 5 French cabinet ministers infected by Pegasus malware (Source: France 24)
  • Ransomware dropping malware swaps phishing for sneaky new attack route (Source: ZDNet)
  • Phishing attacks more sophisticated, malicious emails time to coincide with periods of low energy and inattentiveness (Source: CPO magazine)
  • Keeping your data secure at work (Source: Minute Hack)

Stay safe, everyone!

The post A week in security (Sept 20 – Sept 26) appeared first on Malwarebytes Labs.

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source

You may have missed

hackerone

HackerOne Bug Bounty Disclosure: dom-xss-in-tiktok-com-login-via-the-redirect-url-parameter-sh-yo

September 21, 2024
e0aaa60f37173cc4eab9a44b189a98d21c3300883a9142f388de5991f6b9f457

Damn-Vulnerable-Drone – An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking

September 21, 2024
a24a2416da7556ce2f6e7a9148d54dfef84790b2716281b7d928f69329141667

File-Unpumper – Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add

September 21, 2024
CISA Logo

CISA: New CISA Plan Aligns Federal Agencies in Cyber Defense

September 21, 2024
CISA Logo

CISA: CISA and FBI Release Secure by Design Alert on Eliminating Cross-Site Scripting Vulnerabilities

September 21, 2024