A week in security (April 02 – April 08)

A week in security (April 09 – April 15)

Last week, we took a look at a malware-campaign called FakeUpdates, methods to use secure instant messaging, the inner workings of a decryption tool, and some Facebook spam campaigns.

We also published our first quarterly Malwarebytes Labs CTNT report of 2018.

Other news

  • A security researcher discovered a flaw in P.F.Changs Rewards website. (Source: AkshaySharmaUS@medium.com)
  • Security Consultant Xavier Mertens described a suspicious use of certutil.exe. (Source: InfoSec Handlers Diary Blog)
  • A significant number of Cisco devices belonging to organizations in Russia and Iran were hacked by a group calling itself JHT. (Source: The Hacker News)
  • Facebook CEO Mark Zuckerberg spoke at a joint hearing of the US Senate judiciary and commerce committees in Washington, DC. (Source: siliconrepublic)
  • A vulnerability in Microsoft Outlook allowed hackers to steal a user’s Windows password. (Source: ThreatPost)
  • A malware gang is going for identity theft and phony tax refunds by targeting CPAs. (Source: Krebs on Security)
  • Researchers sinkholed the infamous EITest infection chain. (Source: SecurityWeek)
  • A Microsoft network engineer was charged with money laundering linked to Reveton computer ransomware. (Source: SunSentinel)
  • Intel has addressed a vulnerability in the configuration of several CPU series that allow an attacker to alter the behavior of the chip’s SPI Flash memory. (Source: Bleeping Computer)
  • An old and flawed Javascript crypto-library could allow Bitcoin theft. (Source: The Register)

Stay safe, everyone!