keyboard with sticky notes for days of the week

A week in security (May 24 -30)

Last week on Malwarebytes Labs we discussed VPN Android apps, how even the FBI has to deal with insider threats, Chrome’s Incognito mode, new rules for critical infrastructure spurred by the Colonial Pipeline attack, how to delete your Twitter account, what encryption is, how healthcare service faces test of willpower with ransomware authors, how certified PDFs can be falsified and weaponized, how the threat actors behind SolarWinds are at it again, a threat spotlight about Conti ransomware, and what is RMM software?

In our podcast Lock and Code we shone a light on dark patterns with Carey Parker.

Other cybersecurity news:

  • Eight arrests in Royal Mail text scam investigation. (Source: BBC News)
  • Canada Post hit by data breach after supplier ransomware attack. (Source: BleepingComputer)
  • Chinese cyber espionage hackers continue to target Pulse Secure VPN devices. (Source: The Hacker News)
  • Studying the manipulation of security headers in browser extensions. ( Research pdf)
  • Members of public send messages to cyber gang that attacked HSE. (Source: The Irish Times)
  • WhatsApp sues Indian government over new regulations. (Source: TechCrunch)
  • Report shows lack of visibility and control is leaving enterprises vulnerable. (Source: Absolute)
  • VMware vCenter Server updates address remote code execution vulnerability in the vSphere Client. (Source: VMWare)

Stay safe, everyone!