A week in security (April 02 – April 08)

A week in security (January 18 – January 24)

Last week on Malwarebytes Labs, we looked at changes to WhatsApp’s privacy policy, we provided information about Malwarebytes being targeted by the same threat actor that was implicated in the SolarWinds breach, we told the story of ZeroLogon, looked at the pros and cons of Zoom watermarking, studied the vulnerabilities in dnsmasq called DNSpooq, asked if TikTok’s new settings are enough to keep kids safe, and looked at how Google Chrome wants to make your passwords stronger.

Other cybersecurity news

  • The European Medicines Agency (EMA) revealed that some of the unlawfully accessed documents relating to COVID-19 medicines and vaccines have been leaked on the internet. (Source: EMA website)
  • Some laptops provided by the UK’s Department for Education (DfE) came with malicious files identified as the Gamarue worm. (Source: InfoSecurity Magazine)
  • Cisco emitted patches for four sets of critical-severity security holes in its products, along with other fixes. (Source: The Register)
  • The Brave team has been working with Protocol Labs on adding InterPlanetary File System (IPFS) support to its desktop browser. (Source: Brave website)
  • Sharing an eBook with your Kindle could have let hackers hijack your account. (Source: The Hacker News)
  • Attackers behind a phishing campaign exposed the credentials they had stolen to the public Internet, across dozens of drop-zone servers. (Source: CheckPoint)
  • QNAP urged customers to secure their NAS devices against a malware campaign that infects and exploits them to mine bitcoins. (Source: BleepingComputer)
  • Singapore widened its security labelling to include all consumer IoT devices. (Source: ZDNet)
  • Thousands of Business Email Compromise (BEC) lures used Google Forms in a recon campaign. (Source: SCMagazine)

Stay safe, everyone!