A week in security (April 02 – April 08)

A week in security (October 26 – November 1)

We had a very busy week at Malwarebytes Labs.

We offered advice on Google’s patch for an actively exploited zero-day bug that affects Chrome users, our podcast talked about finding consumer value in Cybersecurity Awareness Month with Jamie Court, we provided guidance about keeping ransomware cash away from your business, pointed out how scammers are spoofing bank phone numbers to rob victims, analyzed how a fake COVID-19 survey hides ransomware in a Canadian university attack, and discussed how a new Emotet delivery method was spotted during a downward detection trend.

Believe it or not, we also found time to explain what was going on with the HP printer issue on Mac, analyzed how California’s Prop 24 splits data privacy supporters and discussed Vastaamo, a data breach with unprecedented consequences.

Other cybersecurity news

  • Federal agencies are warning of an increased and imminent cybercrime threat to US hospitals and healthcare providers, especially with regard to ransomware attacks. (Source: NBC)
  • Despite their own claims, questions have been raised as to whether the SunCrypt gang are indeed the newest members of the Maze cartel. (Source: Security Boulevard)
  • The five biggest cybersecurity threats for the healthcare industry as seen by cloud-first security firm Wandera. (Source: TechRepublic)
  • CVE-2020-14882 A bug in Oracle Weblogic is being actively exploited, and the exploitation is trivial. (Source: InfoSec Handlers Diary Blog)
  • Foreign cyber threats to the 2020 US presidential election are predominantly sophisticated disinformation campaigns. (Source: digital shadows)
  • Why satellite hacking has become the biggest global threat for countries like the US, China, Russia, and India? (Source: The Eurasia Times)
  • Facebook warned of perception hacks undermining trust in democracy. (Source: Axios)
  • Microsoft warned that threat actors are actively exploiting systems unpatched against the ZeroLogon privilege escalation vulnerability in the Netlogon Remote Protocol. (Source: BleepingComputer)
  • Email compromise attacks are on the increase as threat actors shift their focus from finance employees to group mailboxes. (Source: BetaNews)
  • Zoom has kicked off end-to-end encryption for its mobile and desktop apps. (Source: ZDNet)

Stay safe, everyone!