A week in security (April 02 – April 08)

A week in security (May 6 – 12)

Last week on Labs, we discussed what to do when you discover a data breach, how 5G could impact cybersecurity strategy, the top six takeaways for user privacy, vulnerabilities in financial mobile apps that put consumers and businesses at risk, and in our series about vital infrastructure, we highlighted threats that target financial institutions, fintech, and cryptocurrencies.

Other cybersecurity news

  • Mozilla announced their new add-on policies, which will go into effect June 10, 2019. The emphasis is that add-ons inform users about their intentions, and are not allowed to contain obfuscated code. (Source: Mozilla)
  • The FBI, working in conjunction with authorities in multiple nations, has arrested several individuals in connection with Deep Dot Web, a website that allegedly profiteered by taking commissions on referral links to dark web markets. (Source: Gizmodo)
  • An international malvertiser was extradited from the Netherlands to face hacking charges in New Jersey. The defendant conspired to expose millions of web users to malicious advertisements designed to hack and infect victims’ computers with malware. (Source: US Department of Justice)
  • In an attempt to allow users to block online tracking, Google has announced two new features—Improved SameSite Cookies and Fingerprinting Protection—that will be previewed by Google in the Chrome web browser later this year. (Source: The Hacker News)
  • A slew of high-severity flaws have been disclosed in the PrinterLogic printer management service, which could enable a remote attacker to execute code on workstations running the PrinterLogic agent. (Source: ThreatPost)
  • On Monday, May 6, accounting firm Wolters Kluwer started seeing technical anomalies in a number of their platforms and applications. After investigating, they discovered the installation of malware. As a precaution, they decided to take a broader range of platforms and applications offline. (Source: Wolters Kluwer)
  • After getting pounded with ransomware and malware for deploying distributed denial-of-service (DDoS) attacks, unpatched Confluence servers are now compromised to mine for cryptocurrency. (Source: Bleeping Computer)
  • The FBI is investigating a ransomware attack on Baltimore City’s network that shut down some of the city services. (Source: CBS Baltimore)
  • The Dharma ransomware tries to divert victim’s attention by using an old ESET tool. While the user is dealing with the installation of the ESET Remover, Dharma runs in the background. (Source: TechNadu)
  • The FBI and Department Homeland Security have jointly issued a new Malware Analysis Report warning of the dangers of ELECTRICFISH, a tunneling tool used for traffic funneling and data exfiltration by a North Korea government hacking group. (Source: SCMagazine)

Stay safe, everyone!