Detail of a calendar page with dates

A week in security (November 20 – November 26)

Last week, we warned you about a new method by which the Mac malware OSX.Proton is being spread, we informed you where all those free Bitcoins you were texted about were being held up, how the EU intends to battle fake news, and how the Terdot Trojan likes social media. We also revealed our 2018 security predictions.

Other news

  • Due to zero entropy implementation of Address Space Layout Randomization (ASLR), the Windows 10 defense is ‘worthless’ and this bug dates back to Windows 8. (source: ZDNet)
  • A new tech support scam technique streamlines the entire scam experience, leaving the potential victims only one click or tap away from speaking with a scammer. (Source: Microsoft blog)
  • You have less than 90 days to claim your share of $586 million refund if you were scammed via (not by) Western Union. (Source: Tripwire)
  • Firefox 59 to make it a lot harder to use data URIs in phishing attacks, as it will stop rendering them in certain scenarios. (Source: Virusbulletin blog)
  • An increasing number of vendors have warned customers over the past weeks that their industrial networking products are vulnerable to the recently disclosed Wi-Fi attack method known as KRACK. (Source: SecurityWeek)
  • Regulators to press Uber after it admits covering up a data breach containing some personal information of 57 million Uber users around the world. (Sources: Reuters and Uber press release)
  • Security researchers have discovered a potentially dangerous vulnerability in the firmware of various Hewlett Packard (HP) enterprise printer models that could be abused by attackers to run arbitrary code on affected printer models remotely. (Source: The Hacker News)
  • Facebook will soon be creating a portal to enable people to learn which of the Internet Research Agency (Russian activity)Facebook pages or Instagram accounts they may have liked or followed. (Source: Facebook Newsroom)
  • Imgur came clean about a security breach that took place in 2014. During the incident, Imgur says an unknown attacker managed to steal details on 1.7 million users. (Source: Bleeping Computer and Imgur blog)
  • KrebsOnSecurity has sought to call attention to online services which expose sensitive consumer data. The user only needs to know a handful of static details about a person that are broadly for sale in the cybercrime underground. (Source: KrebsonSecurity)

Stay safe everyone!