A week in security (April 02 – April 08)

A week in security (April 30 – May 6)

Last week on Labs, we examined the Spartacus ransomware, reported about a new tactic used by the Necurs malspam campaign, informed you about the recommended Twitter password change, and discussed engaging students to start considering careers in cybersecurity.

Other news

  • NTML credentials can be stolen via malicious Portable Document Format (PDF) files without any user interaction. (Source: SecurityWeek)
  • Twitter sold data access to a Cambridge Analytica-linked researcher. (Source: Bloomberg)
  • FacexWorm targets cryptocurrency users by spreading through Facebook Messenger. (Source: Security Affairs)
  • New DNS encryption tools accelerate privacy online. (Source: HelpNetSecurity)
  • IoT security: Is cryptocurrency-mining malware your next big headache? (Source: ZDNet)
  • Companies from across the tech spectrum are lining up to protest the measure that would allow them to “hack back” with offensive initiatives in the face of a cyberattack. (Source: ThreatPost)
  • Drive-by Rowhammer attack uses GPU to compromise Android phone. (Source: ArsTechnica)
  • The systems that control water and power plants are shockingly vulnerable to hackers. (Source: Gizmodo)
  • Facebook’s dating service is a chance to meet the catfisher, advertiser, or scammer of your dreams. (Source: Washington Post)
  • Roskomnadzor, Russia’s telecommunications watchdog, blocks 50 VPNs and Proxy Services providing access to Telegram. (Source: BleepingComputer)
  • Cat burglar: Kitty cryptominer targets web application servers, then spreads to app users. (Source: SCMagazine)

Stay safe, everyone!