A week in security (April 02 – April 08)

A week in security (September 23 – 29)

Last week on Labs, we highlighted an Emotet campaign using Snowden’s new book as a lure, discussed how 15,000 webcams are vulnerable to attack, how insurance data security laws skirt political turmoil, and how the new iOS exploit checkm8 allows permanent compromise of iPhones.

Other cybersecurity news

  • Google said its quantum computer outperformed conventional models, but it will still be years before it will end encryption. (Source: Wired)
  • Google quietly removed at least 46 apps from the Play store belonging to iHandy, a major Chinese mobile developer due to “deceptive or disruptive ads.” (Source: BuzzfeedNews)
  • The data breach at food delivery company DoorDash affected 4.9 million customers, drivers, and merchants. (Source: CNet)
  • At DefCon, researchers assembled over 100 voting machines and hackers broke into every single one of them. (Source: Mother Jones)
  • New York’s attorney general has filed suit against Dunkin’ Donuts over the company’s alleged failure to notify its customers of a cyberattack. (Source: The Hill)
  • 27 countries have signed a joint agreement on what constitutes fair and foul play in cyberspace, with a nod toward condemning China and Russia. (Source: CNN)
  • The US Senate passed the DHS Cyber Hunt and Incident Response Teams Act (S.315) in response to rampant ransomware attacks. (Source: BleepingComputer)
  • Thousands of Windows computers across the world have been infected with Nodersok, malware that downloads and installs a copy of the Node.js framework to convert infected systems into proxies and perform click fraud. (Source: ZDNet)
  • Social media platforms will be forced to disclose encrypted messages from suspected terrorists, pedophiles, and other serious criminals under a new treaty between the UK and the US. (Source: The Times)
  • Microsoft has blacklisted the CCleaner utility and links to the software can no longer be posted in its support forums. (Source: BetaNews)

Stay safe!