Last week on Malwarebytes Labs, we featured a new Flash Player zero-day that has been found in recent targeted attacks. And we talked about a new trick to cripple browsers that came out of the hat of tech support scammers.
We also covered several methods of stealing cryptocurrencies, including one for the Mac that wasn’t as new as it seemed, one for Android that poses as hack apps, and yet another abusing the fact that Deepfakes content was banned from most major networks. We even threw in an overview of several major cryptocurrency related thefts.
For Safer Internet Day 2018, we provided you with some fast and free tools to make your Internet experience safer and more private using ad blockers and anti-trackers.
- Security researcher Scott Helme reported that thousands of US and UK government sites were running a compromised BrowserAloud plugin, making visitors mine for the Monero cryptocurrency. (Source: Sky News)
- Lenovo warned customers about two critical Broadcom (Wifi) vulnerabilities that impact 25 models of its popular ThinkPad brand. (Source: ThreatPost)
- Research shows that LiteCoin will be the next dominating cryptocurrency on the Dark Web, and not Monero as expected. (Source: Recorded Future)
- A free decryption tool was released for Cryakl ransomware by Belgian Federal Police together with Kaspersky Lab. (Source: Bleeping Computer)
- The Russian Research Institute of Experimental Physics was found to be using their nuclear supercomputer for cryptomining. (Source: Naked Security)
- Researchers have identified a new strain of point-of-sale (PoS) malware that impersonates a LogMeIn service pack to steal credit card data via a DNS server. (Source: Tripwire)
- The US Justice Department announced charges on Wednesday against three dozen individuals thought to be key members of ‘Infraud,” a long-running cybercrime forum that federal prosecutors say cost consumers more than half a billion dollars. (Source: Krebs on Security)
- Working with Fujitsu, Microsoft is further embracing biometric technology with the implementation of a palm-vein authentication system that will be supported by Windows 10 Pro. (Source: CBR online)
- Key iPhone source code gets posted online that could pave the way for hackers and security researchers to find vulnerabilities in iOS and make iPhone jailbreaks easier to achieve. (Source: Motherboard)
- VMware has advised on how to mitigate the Meltdown and Spectre chip design flaws in several of its products. (Source: The Register)
Stay safe, everyone!
*** This is a Security Bloggers Network syndicated blog from Malwarebytes Labs authored by Malwarebytes Labs. Read the original post at: https://blog.malwarebytes.com/security-world/week-in-security/2018/02/week-security-february-5-february-11/