A week in security (April 02 – April 08)

A week in security (July 29 – August 4)

Last week on Malwarebytes Labs we discussed the security and privacy changes in Android Q, how to get your Equifax money and stay safe doing it, and we looked at the strategy of getting a board of directors to invest in government cybersecurity. We also reviewed how a Capital One breach exposed over 100 million credit card applications, analyzed the exploit kit activity in the summer of 2019, and warned users about a QR code scam that can clean out your bank account.

The busy week in security continued with looks at Magecart and others intensifying web skimming, ATM attacks and fraud, and an examination of the Lord Exploit Kit.

Other cybersecurity news

  • The Georgia State Patrol was reportedly the target of a July 26 ransomware attack that has necessitated the precautionary shutdown of its servers and network. (Source: SC Magazine)
  • Houston County Schools in Alabama delayed the school year’s opening scheduled for August 1st due to a malware attack. (Source: Security Affairs)
  • Over 95% of the 1,600 vulnerabilities discovered by Google’s Project Zero were fixed within 90 days. (Source: Techspot)
  • Researchers who discovered several severe vulnerabilities now uncovered two more flaws that could allow attackers to hack WPA3 protected WiFi passwords. (Source: The Hacker News)
  • Germany’s data protection commissioner investigates revelations that Google contract-workers were listening to recordings made via smart speakers. (Source: The Register)
  • Experts tend to recommend anti-malware protection for all mobile device users and platforms , but 47% of Android Anti-Malware apps are flawed. (Source: DarkReading)
  • Many companies don’t know the depth of their IoT-related risk exposure. (Source: Help Net Security)
  • Apple’s Siri follows Amazon Alexa and Google Home in facing backlash for its data retention policies. (Source: Threatpost)
  • There has been a 92% increase in the total number of vulnerabilities reported in the last year, while the average payout per vulnerability increased this year by 83%. (Source: InfoSecurity magazine)
  • Multiple German companies were off to a rough start last week when a phishing campaign pushing a data-wiping malware dubbed GermanWiper targeted them and asked for a ransom. (Source: BleepingComputer)

Stay safe, everyone!