Detail of a calendar page with dates

Week in Security (August 7 – August 13)

Last week, we explained how security certificates work and how malware authors have used them to block security software from being downloaded and executed. We also showed how the Magnitude exploit kit is spreading a Cerber ransomware variant that uses binary padding in an attempt to get skipped, because of its file size, during antivirus scans.

Latest updates for Businesses

  • Password rules have been way too complicated says the man that invented those rules and regrets it. These rules have now been updated.
  • Locky made another comeback (maybe we should call it Rocky), this time using the diablo6 extension.
  • And another ransomware that came back is the disk-encrypting Mamba.
  • Microsoft and Kaspersky seem to get closer to burying the hatchet concerning the claim by the Russian anti-virus company that the US software giant was unfairly promoting the use of Windows Defender over third-party security products.
  • Salesforce fired two of its senior security engineers after their talk at DEF CON. Or actually told them up front that they would be fired if they went ahead with the talk. Which they did as they didn’t see that text message on time.

Latest updates for Consumers

  • A document was leaked that discloses CouchPotato, which is how the CIA uses a remote tool to stealthy collect RTSP/H.264 video streams.
  • After the leak of some Game of Throne episodes by HBO hackers earlier in the week, there was a bigger data dump this weekend, including episodes of Insecure, Ballers, Barry, The Deuce, a comedy special and other programming.
  • Google brings phishing protection to iOS. A few months after releasing the anti-phishing feature for Android, Google now does the same for iOS. Google : “Going forward, when you click on a suspicious link in a Gmail message on your iPhone or iPad, we’ll show a warning. We recommend that you use caution before proceeding, because the link is likely unsafe. Only proceed if you’re confident there’s no risk.”

 In other security news:

Safe surfing, everyone!

The Malwarebytes Labs Team