A week in security (April 02 – April 08)

A week in security (March 18 – 24)

Last week on Malwarebytes Labs, we touched on the susceptibility of hospitals against phishing attacks, password reuse, the risk of interactive TV shows to side-channel attacks, and Facebook’s new and out-of-character plan to promote privacy in the platform.

Other cybersecurity news

  • A study highlighted that 20 percent of Americans do not trust anyone with the protection of their data, suffer security fatigue, and want tighter controls over how others handle and protect their personal data. (Source: Help Net Security)
  • Epic Games found themselves in hot water after multiple accusations of its Epic Games Launcher purportedly scanning and collecting information of Steam users without their consent—a significant privacy red flag. They promised to fix this. (Source: Bleeping Computer)
  • Miscreants used the tragic Boeing 737 Max crash to push spam containing a malicious .JAR file. This file installs a RAT called Houdini H-Worm and the Adwind information stealer. (Source: Bleeping Computer)
  • Meet Kiddle, the child-friendly search engine that is powered by Google Safe Search but revealed that it’s not affiliated with Google. (Source: Sophos’ Naked Security Blog)
  • A Google Photos vulnerability could have allowed hackers to track when, where, and with whom photos were taken. Good news: It’s now patched. (Source: Imperva Blog)
  • Formjacking, the stealing of information entered in forms, is on the rise. And companies should focus on it. (Source: IT World Canada)
  • Business email compromise (BEC)—or at least its core methodology—began moving from email to SMS. (Source: Agari Blog)
  • A malicious spam campaign pretending to originate from the Center for Disease Control and Prevention (CDC) contained news about a new flu pandemic. It also contained a GandCrab attachment. (Source: My Online Security)
  • Millions of users downloaded a compromised iPhone app that called to nearly two dozen malicious servers to serve malvertising to devices. (Source: SC Magazine)
  • Learn4Life, a recovery program for at-risk teens, is teaching students about network security—something they wouldn’t likely learn from traditional high school. (Source PR Newswire)

Stay safe, everyone!