A week in security (April 02 – April 08)

A week in security (August 20 – August 26)

Last week on Labs, we took a look at insider threats, doubled back on the privacy of search browser extensions, profiled green card scams, revisited Defcon badgelife, and talked about what happens to a user’s accounts when they die.

Other cybersecurity news

  • There was an archiving error in Twitch HQ. Unfortunately, that left some private user messages (even those with sensitive info in them) exposed to the public for a time. (Source: Sophos’ Naked Security Blog)
  • Researchers from Catholic University found that apps offering ad blocking and privacy can be bypassed. (Source: Sophos’ Naked Security Blog)
  • Researchers associated with Project Insecurity found a flaw in disability services in Canadian telcos. (Source: Kaspersky’s Threatpost)
  • Facebook continued to clean house, removing more pages of campaigns that originated from Iran and Russia to curb “coordinated inauthentic behavior.” (Source: Facebook Newsroom)
  • A computer science professor at Vanderbilt University published a 55-page study on how Google continues to collect data on users, even when the device is idle. (Source: The Washington Post)
  • Philips revealed that their cardiovascular imaging devices have a flaw that could provide a low-level hacker “improper privilege management.” (Source: ZDNet)
  • Videomaker service provider Animoto was breached. (Source: TechCrunch)
  • Ryuk, a new ransomware, trained their crosshairs at large organizations capable of paying high-valued ransom in Bitcoin. (Source: ZDNet)
  • North Korea’s The Lazarus Group pushed out its first Mac malware and successfully infiltrated IT systems of a cryptocurrency exchange platform based in Asia. (Source: Bleeping Computer)
  • Superdrug, the popular health and beauty retailer based in the UK, was breached. (Source: InfoSecurity Magazine)
  • Cobalt Dickens, a campaign that originated in Iran, targeted universities in 14 countries to steal credentials. (Source: SecureWorks)
  • Hackers make millions by selling unpublished press releases. (Source: The Verge)

Stay safe, everyone!