Last week on Malwarebytes Labs:
- Podcast: Katie Moussouris hacked Clubhouse. Her emails went unanswered for weeks.
- How to troubleshoot hardware problems that look like malware problems.
- Analysts “strongly believe” the Russian state colludes with ransomware gangs.
- macOS 11’s hidden security improvements.
- How to spot a DocuSign phish and what to do about it.
- Cars and hospital equipment running Blackberry QNX may be affected by BadAlloc vulnerability.
- Beware of COVID Pass scams.
- T-Mobile customers, change your PINs.
- Cisco Small Business routers vulnerable to remote attacks, won’t get a patch.
- Largest DDoS attack ever reported gets hoovered up by Cloudflare.
Other cybersecurity news:
- SynAck ransomware decryptor lets victims recover files for free. (Source: BleepingComputer)
- A job ad blunder by the UK’s Ministry of Defence has accidentally revealed the existence of a secret SAS mobile hacker squad. (Source: The Register)
- Chinese espionage tool exploits vulnerabilities in 58 widely used websites, (Source: The Record)
- Wanted: Disgruntled employees to deploy ransomware. Get paid to be the insider threat. (Source: Krebs on Security)
- IDC survey finds more than one third of organizations worldwide have experienced a ransomware attack or breach. (Source: IDC)
- Hackers steal $97 million from Japan’s Liquid crypto exchange. (Source: Engadget)
- OpenSSL announces a high severity update on August 24th. (Source: openSSL)
- Unpatched Fortinet FortiWeb vulnerability allows remote OS command injection. (Source: Help Net Security)
- China pushes through data protection law that applies cross-border. (Source: ZDNet)
- NYC teachers‘ social security numbers exposed. (Source: InfoSecurity Magazine)
- America’s secret terrorist watchlist exposed on the web without a password. (Source: Bob Diachenko)
Stay safe, everyone!