Last week on Malwarebytes Labs, we explained how to protect your computer from malicious cryptomining, we gave an encryption 101 lesson using ShiOne ransomware as a case study, and we offered an explanation about SQL injection. We also released a report on the state of malicious cryptomining from its first resurgence in the fall until now.
In active malware, we discussed how the RIG malvertising campaign uses cryptocurrency themes as a decoy, how an old virus made its way onto a Chinese DDoS bot, and how a massive DDoS attack washed over GitHub.
- Does your endpoint solution stop fileless attacks? They are gaining traction, says a Ponemon Institute study. (Source: Bricata)
- Feedless is an iOS content blocker that takes the media out of social media. (Source: The Verge)
- A serious remote code execution vulnerability in both the ‘μTorrent desktop app for Windows and the newly launched ‘μTorrent Web’ was reported. (Source: The Hacker News)
- But apparently, the Torrent vulnerabilities have already been fixed. (Source: The BitTorrent Engineering Blog)
- An ad network used an advanced malware technique to conceal CPU-draining mining ads. (Source: Ars Technica)
- US Supreme Court wrestles with Microsoft data privacy fight. (Source: Reuters)
- Loapi cryptocurrency mining malware is so powerful it can melt your phone. (Source: Newsweek)
- German government Intranet under ongoing attack. (Source: TheGuardian)
- Trustico states they stored private keys for customers’ SSL certificates. (Source: Bleeping Computer)
- Flash exploit CVE-2018-4878 was spotted in the wild as part of massive malspam campaign. (Source: Morphisec)
- Equifax says hackers stole more than previously reported. (Source: CBS Philly)
- Virus downs hundreds of Tim Hortons cash registers; furious owners threaten lawsuit. (Source: CTV News)
- SgxSpectre attack can extract data from Intel SGX enclaves. (Source: Bleeping Computer)
Stay safe, everyone!
*** This is a Security Bloggers Network syndicated blog from Malwarebytes Labs authored by Malwarebytes Labs. Read the original post at: https://blog.malwarebytes.com/security-world/week-in-security/2018/03/week-in-security-february-26-march-4/