A week in security (April 02 – April 08)

A week in security (April 8 – 14)

Last week on Labs, we said hello to Baldr, a new stealer on the market, we wondered who is managing the security of medical management apps, discussed the different perceptions of personal information, and we looked at fake Instagram assistance apps found on Google Play that are stealing passwords.

Other cybersecurity news

  • German pharmaceuticals giant Bayer says it has been hit by malware, possibly from China, but that none of its intellectual property has been accessed. (Source: The Register)
  • Canadian police last week raided the residence of a Toronto software developer behind “Orcus RAT,” a product that has been used in countless malware attacks. (Source: KrebsOnSecurity)
  • In response to concerns raised by the European Commission, Facebook has agreed to update its terms and conditions in the EU to make it clear to users how their personal data is used. (Source: BetaNews)
  • Three vulnerabilities have been discovered in the Verizon Fios Quantum Gateway, a very popular router which, when exploited together, could give an attacker complete control of a victim’s network. (Source: ThreatPost)
  • New variants of the sextortion scams are now attaching password-protected zip files that contain alleged proof that the sender has a video recording of the recipient. (Source: Bleeping Computer)
  • Chamois, the botnet you probably never heard about before, is losing ground again after having controlled some 20 million devices at its peak. (Source: Duo Security)
  • A global Amazon team listens to what we tell Alexa and reviews audio clips in an effort to help the voice-activated assistant respond to commands. (Source: Bloomberg)
  • An attacker gained access to the servers hosting Matrix.org. The intruder potentially had access to unencrypted message data, password hashes, and access tokens. (Source: Matrix.org)
  • US-Cert issued a warning that Multiple Virtual Private Network (VPN) applications store the authentication and/or session cookies insecurely in memory and/or log files. (Source: Cert.org)
  • Fake news peddlers have devised a cunning new way to prevent their posts from getting removed from social media. Instead of linking to fake news, bad actors are now linking to posts promoting older news articles that may no longer be accurate, but won’t be reported as fake since they were once legitimate news. (Source: ThreatPost)

Stay safe, everyone!