A week in security (April 02 – April 08)

A week in security (February 11 – 17)

Last week on Malwarebytes Labs we discussed the return of the Sextortion Bitcoin scams, we gave you an early overview of the exploit kits in the winter of 2019, we talked about the destruction of VFEmail service, for consumers we discussed whether you should remove yourself from social media, for businesses we discussed the implementation of an anti-phishing plan, and the concept of whole team security to relieve overworked IT departments.

  • Security researchers have found that Intel’s Software Guard Extensions (SGX) don’t live up to their name. In fact they can be used to hide pieces of malware that silently masquerade as normal applications. (Source: The Register)
  • A targeted phishing campaign is underway that states your email has been blacklisted and then asks you to confirm it by entering your credentials. For some reason, this campaign is using phishing links that can contain almost 1,000 characters. (Source: BleepingComputer)
  • Malicious actors have been hacking WordPress websites by exploiting vulnerabilities in a fairly popular plugin called WP Cost Estimation & Payment Forms Builder. Developed by Loopus, the plugin allows WordPress website administrators to create cost calculators and payment forms. (Source: SecurityWeek)
  • The Emotet Trojan, a thorn in the side of financial institutions and your average individual alike, is back with new techniques and an upsurge in attacks. In recent campaigns malicious documents containing Emotet are being distributed via URLs hosted on threat actor-owned infrastructure as well as traditional spam email attachments. (Source: ZDNet)
  • In the weeks leading up to Valentine’s Day 2019, researchers notice a new form of Gandcrab appearing in romance-themed emails. Hackers love the holidays, and Valentine’s Day is no exception. (Source: DarkReading)
  • New research published by the International Computer Science Institute in California suggests that at least 17,000 Android applications are creating permanent records of your online activity for advertising purposes even when you ask for such information to be forgotten. (Source: ZDNet)
  • Microsoft booted eight malicious apps from its official desktop and mobile app store after researchers found the programs surreptitiously mined for Monero cryptocurrency. All these apps were likely developed by the same person or group. (Source: ThreatPost)
  • A new phishing attack bent on stealing Facebook credentials has been spotted – and it’s turning researchers’ heads due to how well it hides its malicious intent. The status bar, navigation bar, shadows and content were perfectly reproduced to look exactly like a legitimate login prompt. (Source: ThreatPost)
  • Jeff Bezos became the most famous and powerful person to claim to be a victim of sextortion, the term often used to describe the otherwise underreported cases of extortion using intimate or sexually explicit photographs or videos. (Source: Wired)
  • Malta’s leading bank resumes operations after cyberheist-induced shutdown. The Bank of Valetta, which went dark for a day after the fraudulent transfers of €13 million, is now looking to get the money back. (Source: WeLiveSecurity)

Stay safe, everyone!