A week in security (Oct 18 – Oct 24)

A week in security (Oct 18 – Oct 24)

Last week on Malwarebytes Labs

  • Multiple vulnerabilities in popular WordPress plugin WP Fastest Cache.
  • Killware”: Is it just as bad as it sounds?
  • REvil ransomware disappears after Tor services hijacked.
  • Protect yourself from BlackMatter ransomware: Advice issued.
  • q-logger skimmer keeps Magecart attacks going.
  • How to delete your Snapchat account.
  • High school student rickrolls entire school district, and gets praised.
  • Chrome targeted by Magnitude exploit kit.
  • Update now! Chrome fixes more security issues.
  • A bug is about to confuse a lot of computers by turning back time 20 years.
  • We dig into the Game Players Code.
  • Ransomware: Why do backups fail when you need them most?

Other cybersecurity news

  • Sinclair Broadcast Group says it suffered a ransomware attack and has had data stolen. (Source: NPR)
  • After games boom in pandemic, gangs are using phishing and malware to cheat fans. (Source: The Guardian)
  • A vulnerability in the trial version of WinRAR has significant consequences for the management of third-party software. (Source: PT Security)
  • Slack contains an XSLeak vulnerability that de-anonymizes users. (Source: The Daily Swig)
  • Gummy Browsers, a new fingerprint capturing and browser spoofing attack lets attackers spoof tracking profiles. (Source : Bleeping Computer)
  • Elaborate CryptoEats food delivery scam steals $500,000 in minutes. (Source: Vice)
  • Phishing campaign targets YouTube creators with cookie theft malware. (Source: Google Threat Analysis Group)
  • Dutch forensic lab decrypts Tesla’s driving safety data and finds a wealth of information. (Source: The Record)
  • Australia announces critical infrastructure reforms to protect the essential infrastructure in the event of a major cyber-attack. (Source: homeaffairs.gov.au)
  • Popular NPM library hijacked to install password-stealers and miners. (Source: BleepingComputer)

Stay safe, everyone!