A week in security (April 02 – April 08)

A week in security (March 11 – 17)

Last week on Malwarebytes Labs, we looked at the Lazarus group in our series about APT groups, we discussed the introduction of Payment Service Directive 2 (PSD2) in the EU, we tackled Google’s Nest fiasco, and the launch of Mozilla’s Firefox Send. In addition, we gave you an overview of the pervasive threat, Emotet, and we discussed reputation management in the age of cyberattacks against businesses.

Other security news

  • A new phishing campaign targeting mainly iOS users is asking them to login in with their Facebook account and give away their credentials. The technique the threat actors are using can easily be ported over to scam Android users. (Source: SC Magazine)
  • Iranian hackers have stolen between six and 10 terabytes of data from Citrix. The hack was focused on assets related to NASA, aerospace contracts, Saudi Arabia’s state oil company, and the FBI. (Source: The Inquirer)
  • Up to 150 million users might have downloaded and installed an Android app on their phones that contained a new strain of adware named SimBad. The malicious advertising kit was found inside 210 Android apps that had been uploaded on the official Google Play Store. (Source: ZDNet)
  • The popularity of the Apex Legends game and its absence on the Android Play store have attracted the attention of many malware writers who exploited this opportunity to spread malicious versions for Android. (Source: Security Affairs)
  • A new insidious malware dubbed GlitchPOS bent on siphoning credit-card numbers from point-of-sale (PoS) systems has recently been spotted on a crimeware forum. GlitchPOS joins other recently-developed malware  targeting the retail and hospitality space. (Source: ThreatPost)
  • A partial Facebook outage affecting users around the world and stretching beyond 14 hours is believed to be the biggest interruption ever suffered by the social network. (Source: CNN) Telegram reported it received 3 million signups during this Facebook outage. (Source: CNet)
  • A 21-year-old Australian man was arrested after earning over $200,000 from stolen Spotify and Netflix accounts. Allegedly, he sold the stolen accounts through an “account generator” website. (Source: TechSpot)
  • A code execution vulnerability in WinRAR (CVE-2018-20250) generated over a hundred distinct exploits in the first week since its disclosure, and the number of exploits keeps on swelling. (Source: BleepingComputer)
  • A new flaw in the content management software (CMS) WordPress has been discovered that could potentially lead to remote code execution attacks. Users are advised to update to the latest version, which was at 5.1.1 at the time of writing. (Source: The Hacker News)
  • The Chinese authorities are collecting DNA as a means to track their people. And it seems they got unlikely corporate and academic help from the United States. (Source: The New York Times)

Stay safe, everyone!