A week in security (November 27 – December 03)

A week in security (November 27 – December 03)

Last week on Labs, we touched on a huge macOS High Sierra vulnerability, a PayPal phish, and Terror EK’s new tactic. We also took a crack at drive-by cryptomining, and rounded up interesting talks while attending a security conference in Ireland called IRISSCON.

Other news

  • Our friends at Zimperium investigated a fake WhatsApp on Google Play, and found that this app displays an advertisement of a malicious game called Cold Jewel Lines (already removed from the Play Store) that further infects users with a second malware “capable of click fraud, data extraction, and SMS surveillance.” (Source: SC Magazine)
  • A question to parents: Should you buy your child smart toys for Christmas? Security experts say that whatever your decision is, make sure you read up on the potential risks first. (Source: Help Net Security)
  • Facebook users, rejoice! The social media network now has a tool that tells you which posts you have liked that are mere propaganda from Russia. (Source: Facebook Newsroom)
  • Imgur confirmed that they have been breached for the second time, affecting 1.7 million users. Email addresses and passwords were compromised. (Source: Help Net Security)
  • Finally, the “revenge porn” bill is introduced in the Senate. (Source: TechCrunch)
  • Vice’s Motherboard released a guide to avoiding (passive and active) state surveillance, which can be a handy reference to those who want to achieve more privacy online. (Source: The Motherboard)
  • What do hotcakes and ransomware have in common? They’re both selling. (Source: Security Brief)
  • Fake Victoria’s Secret apps are found being advertised on the Dark Web, prompting security experts to posit that criminals may be targeting VS shoppers this Christmas season. (Source: The Telegraph)
  • Afraid of insider threats? According to NTT security, most of them happen by accident. (Source: Help Net Security)
  • Cryptocurrency is more popular than ever at this point. This, of course, sprung up the creation of cryptocurrency apps. Be warned, though: a majority of these popular apps do not protect user information. (Source: Kroddos)

Stay safe everyone!