A week in security (April 02 – April 08)

A week in security (June 3 – 9)

Last week on Malwarebytes Labs, we rounded up some leaks and breaches, reported about Magecart skimmers found on Amazon CloudFront CDN, proudly announced we were awarded as Best Cybersecurity Vendor Blog at the annual EU Security Blogger Awards, discussed how Maine inches closer to shutting down ISP pay-for-privacy schemes, asked where our options to disable hyperlink auditing had gone, and presented a video game portrayals of hacking: NITE Team 4.

Other cybersecurity news

  • At Infosecurity Europe, a security expert from Guardicore discussed a new cryptomining malware campaign called Nanshou, and why the cryptojacking threat is set to get worse. (Source: Threatpost)
  • A security breach at a third-party billing collections firm exposed the personal and financial data on as many as 7.7 million medical testing giant LabCorp customers. (Source: Cnet)
  • A researcher has created a module for the Metasploit penetration testing framework that exploits the critical BlueKeep vulnerability on vulnerable Windows XP, 7, and Server 2008 machines to achieve remote code execution. (Source: BleepingComputer)
  • Microsoft’s security researchers have issued a warning about an ongoing spam wave that is spreading emails carrying malicious RTF documents that infect users with malware without user interaction, once users open the RTF documents. (Source: ZDNet)
  • The Federal Trade Commission has issued two administrative complaints and proposed orders which prohibit businesses from using form contract terms that bar consumers from writing or posting negative reviews online. (Source: FTC.gov)
  • Security researchers have discovered a new botnet that has been attacking over 1.5 million Windows systems running a Remote Desktop Protocol (RDP) connection exposed to the Internet. (Source: ZDNet)
  • Microsoft has deleted a massive database of 10 million images which was being used to train facial recognition systems. The database is believed to have been used to train a system operated by police forces and the military. (Source: BBC news)
  • On Tuesday, the Government Accountability Office (GAO) said that the FBI’s Facial Recognition office can now search databases containing more than 641 million photos, including 21 state databases. (Source: NakedSecurity)
  • Despite sharing a common Chromium codebase, browser makers like Brave, Opera, and Vivaldi don’t have plans on crippling support for ad blocker extensions in their products—as Google is currently planning on doing within Chrome. (Source: ZDNet)
  • Traffic destined for some of Europe’s biggest mobile providers was misdirected in a roundabout path through the Chinese-government-controlled China Telecom on Thursday, in some cases for more than two hours. (Source: ArsTechnica)

Stay safe, everyone!