A week in security (April 02 – April 08)

A week in security (June 22 – 28)

Last week on Malwarebytes Labs, we provided a zero-day guide for 2020 featuring recent attacks and advanced preventive techniques, and we learned how to cough in the face of scammers, offering security tips for the 2020 tax season. We also looked at a web skimmer hiding within EXIF metadata that was exfiltrating credit cards via image files.

In the most recent episode of our podcast Lock and Code, we talked to Matt Davey and Kyle Swank of 1Password about strengthening and forgetting passwords.

Other cybersecurity news

  • Google removed 106 extensions from its Chrome Web Store for collecting sensitive user data as part of a campaign targeting oil and gas, finance, and healthcare sectors. (Source: The Hacker News)
  • DDoSecrets has published BlueLeaks, data from over 200 police departments, law enforcement training, and support resources and fusion centers. (Source: ThreatPost)
  • A sophisticated and well-crafted attack campaign has been hitting unprepared organizations with Nefilim – aka Nephilim – ransomware. (Source: Gov Info Security)
  • An IBM survey found that newly-minted remote workers actually present a significant cybersecurity risk, without being at fault. (Source: IBM Security)
  • Billing information for some clients that was stored in a browser’s cache may have been compromised, Twitter said in an email to business clients. (Source: SC Magazine UK)
  • A European bank suffered the biggest PPS DDoS attack to date, and a new botnet is suspected to be behind the attack. (Source: Bleeping Computer)
  • Researchers discovered a new variant of Lucifer—a hybrid cryptojacking malware—involved in numerous incidents of CVE-2019-9081 exploitation in the wild. (Source: Palo Alto Networks)
  • An online engineer warned people to stay away from Tik-Tok after close investigation revealed intrusive user tracking and other issues. (Source: BoredPanda)
  • Nvidia released a set of security updates to remove vulnerabilities in the Nvidia GPU Display Driver. (Source: ZDNet)
  • Sodinokibi ransomware operators that claimed to have siphoned confidential docs on Nicki Minaj, Mariah Carey, and Lebron James from an American law firm are threatening to auction off the info. (Source: The Register)

Stay safe, everyone!