A week in security (April 02 – April 08)

A week in security (January 14 – 20)

Last week on the Malwarebytes Labs blog, we took a look at how the government shutdown is influencing cybersecurity jobs, Advanced Persistent Threats group APT10, the comeback of Fallout EK, the hosting of malicious sites on legitimate servers, and the Collection 1 data breach.

Other cybersecurity news

  • New Zealand-based cryptocurrency exchange Cryptopia has gone offline after suffering a security breach, which resulted in significant losses. Cryptonia has notified and involved relevant government agencies, including the New Zealand police and the High-Tech Crimes Unit. (Source: Coindesk)
  • A former employee of a British company pleaded guilty to one count of gaining unauthorised access to a network with intent to commit further offences, and one count of committing unauthorised acts with the intent to impair the operation of a computer within a network. The employee was ordered to pay £20,000 compensation. (Source: Leamington Observer)
  • A California judge has ruled that American cops can’t force people to unlock a mobile phone with their face or finger. The ruling further protects people’s private lives from government searches, and is being hailed as a potentially landmark decision. (Source: Forbes)
  • The Oregon State Department of Administrative Services’ (DAS) Office of the State Chief Information Officer overpaid for services by between $400 million and $1.6 billion during the 2015 to 2017 timeframe, according to an audit by the Oregon Secretary of State Audit Division that looked at $8 billion of spending. (Source: CioDive)
  • The recent Windows security patch CVE-2019-0543 has introduced a breaking change for a PowerShell remoting scenario. It is a narrowly-scoped scenario that should have low impact for most users, as the breaking change only affects local loopback remoting. (Source: PowerShell Team Blog)
  • The Iceman cometh, his smartwatch told the cops: Hitman jailed after gizmo links him to Brit gangland slayings. Avid runner and hitman Mark Fellows was this week found guilty of murder after being grassed up by his Garmin watch. (Source: The Register)
  • Security flaws were discovered in ThreadX, a real-time operating system (RTOS) developed by Express Logic. The vendor claims on their website that ThreadX has over 6.2 billion deployments, being one of the most popular software-powering Wi-Fi chips. (Source: BleepingComputer)
  • Decrypted Telegram bot chatter was found to actually be a new Windows malware, dubbed GoodSender, which uses the messenger platform to listen and wait for commands. The attacker can use Telegram to communicate with the malware and send HTTPS-protected instructions. (Source: SC Media)
  • A Fortnite security flaw could have exposed players’ accounts. Security researchers found vulnerabilities on Epic’s site that could have let hackers access accounts. They were able to listen to Fortnite squad members speaking with each other and could have bought V-Bucks virtual currency using players’ stored credit card details. (Source: Engadget)
  • Pranks and challenges have always been popular on YouTube, but now the Google-owned company has set stricter guidelines for such content. A new YouTube support page provides details for a ban on pranks and challenges that cause immediate or lasting physical or emotional harm. (Source: ArsTechnica)

Stay safe, everyone!