A week in security (April 02 – April 08)

A week in security (December 28 – January 3)

First off we would like to wish all our readers a happy and secure 2021!

Last week on Malwarebytes Labs we presented an overview of developments in the SearchDimension hijackers, we looked at the most enticing cyberattacks of 2020, and we also looked back at the strangest cybersecurity events of 2020.

Other cybersecurity news:

  • Google patched a bug in its feedback tool that could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents. (Source: The Hacker News)
  • Section 230: The social media law that is clogging up stimulus talks. (Source: CNet)
  • Apple has lost its copyright battle against iOS virtualization startup Corellium. (Source: TechSpot)
  • Microsoft confirmed that the suspected Russian hackers behind the SolarWinds security breach also viewed some of the company’s source code. (Source: CNN)
  • Over 100,000 Zyxel firewalls, VPN gateways, and access point controllers contain a hardcoded admin-level backdoor account that can grant attackers root access to connected devices. (Source: ZDNet)
  • A data breach broker is selling allegedly stolen user records for 26 companies on a hacker forum. (Source: BleepingComputer)
  • Hackers have livestreamed police raids on innocent households after hijacking their victims’ smart home devices and making a hoax call to the authorities. (Source: BBC News)
  • The US Department of Homeland Security (DHS) has published a guide to the risks that businesses run if they use tech created in China. (Source: The Register)

Stay safe, everyone!