Last week on Labs, we touched on a huge macOS High Sierra vulnerability, a PayPal phish, and Terror EK's new tactic. We also took a crack at drive-by cryptomining, and rounded up interesting talks while attending a security conference in Ireland called IRISSCON.
- Our friends at Zimperium investigated a fake WhatsApp on Google Play, and found that this app displays an advertisement of a malicious game called Cold Jewel Lines (already removed from the Play Store) that further infects users with a second malware "capable of click fraud, data extraction, and SMS surveillance." (Source: SC Magazine)
- A question to parents: Should you buy your child smart toys for Christmas? Security experts say that whatever your decision is, make sure you read up on the potential risks first. (Source: Help Net Security)
- Facebook users, rejoice! The social media network now has a tool that tells you which posts you have liked that are mere propaganda from Russia. (Source: Facebook Newsroom)
- Imgur confirmed that they have been breached for the second time, affecting 1.7 million users. Email addresses and passwords were compromised. (Source: Help Net Security)
- Finally, the "revenge porn" bill is introduced in the Senate. (Source: TechCrunch)
- Vice's Motherboard released a guide to avoiding (passive and active) state surveillance, which can be a handy reference to those who want to achieve more privacy online. (Source: The Motherboard)
- What do hotcakes and ransomware have in common? They're both selling. (Source: Security Brief)
- Fake Victoria's Secret apps are found being advertised on the Dark Web, prompting security experts to posit that criminals may be targeting VS shoppers this Christmas season. (Source: The Telegraph)
- Afraid of insider threats? According to NTT security, most of them happen by accident. (Source: Help Net Security)
- Cryptocurrency is more popular than ever at this point. This, of course, sprung up the creation of cryptocurrency apps. Be warned, though: a majority of these popular apps do not protect user information. (Source: Kroddos)
Stay safe everyone!