A week in security (April 02 – April 08)

A week in security (May 11 – May 17)

Last week on Malwarebytes Labs, we explained why RevenueWire has to pay $6.7 million to settle FTC charges, how CVSS works: characterizing and scoring vulnerabilities, and we talked about how and why hackers hit a major law firm with Sodinokibi ransomware.

We also launched another episode of our podcast Lock and Code, this time speaking with Chris Boyd, lead malware intelligence analyst at Malwarebytes, about facial recognition technology—its early history, its proven failures at accuracy, and whether improving the technology would actually be “good” for society.

Other cybersecurity news

  • A new attack method was disclosed that targets devices with a Thunderbolt port, allowing an evil maid attack. (Source: SecurityWeek)
  • Almost four million users of MobiFriends, a popular Android dating app, have had their personal and log-in data stolen by hackers. (Source: IT Security Guru)
  • Cognizant estimates that the April ransomware attack that affected its internal network will cost the IT services firm between $50 and $70 million. (Source: GovInfoSecurity)
  • The database for the defunct hacker forum WeLeakData is being sold on the dark web and exposes the private conversations of hackers who used the site. (Source: BleepingComputer)
  • The U.S. government released information about three new malware strains used by state-sponsored North Korean hackers. (Source: The Hacker News)
  • Details were published about PrintDemon, a vulnerability in the Windows printing service that impacts all Windows versions going back to Windows NT 4. (Source: ZDNet)
  • US intel agencies expressed the need for a concerted campaign to patch for the top 10 most exploited vulnerabilities. (Source: CBR online)
  • Magellan Health, the Fortune 500 insurance company, has reported a ransomware attack and a data breach. (Source: ThreatPost)
  • Researchers found a new cyber-espionage framework called Ramsay, developed to collect and exfiltrate sensitive files from air-gapped networks. (Source: DarkReading)
  • The EFF called attention to the many ways in which the EARN IT Act would be a disaster for Internet users’ free speech and security. (Source: Electronic Frontier Foubndation)

Stay safe, everyone!