A week in security (April 16 – April 22)

Last week, we took a stroll down memory lane talking about Facebook and MySpace, noticed a change in the Magnitude exploit kit—wherein it started adopting the GandCrab ransomware, took a good look at a new form of adware that is based on Python, chatted a bit about Russian hacking with a journalist, encouraged retailers to ask the right questions to protect their business, and weighed in on a way to speed up Internet bandwidth and increase privacy via Cloudflare’s new DNS service.

Other news

  • Cryptocurrency is all the rave these days—and so are cryptominers. Security researchers recently discovered one that doesn’t rely on an open browser session. (Source: HackRead)
  • Tax fraud is no longer for the clueless, it seems. Experts noticed that scammers are also targeting tax professionals—those filing taxes on behalf of their clients. (Source: CNBC)
  • To date, adware, spyware, and malware have lurked inside the Google Play Store. But surveillanceware? That’s definitely something new. (Source: Lookout Blog)
  • At the recently concluded RSA conference, tech companies like Microsoft and Facebook joined together to sign a pledge to protect users and refrain from helping any government launch a cyberattack. (Source: ZDNet)
  • While the usage of Adobe Flash has significantly decreased, this doesn’t mean that the threats exploiting them have declined. So remain vigilant! (Source: McAfee’s Securing Tomorrow Blog)
  • Gmail’s new “Confidential Mode” is not entirely private after all. SIGH. (Source: Sophos’s Naked Security Blog)
  • Security researchers noticed an increased activity of APT groups based in Asia and the Middle East. (Source: SC Magazine)
  • Here’s a new word to keep in mind: trustjacking. And iPhone users are particularly at risk of this one. (Source: Wired)
  • Stresspaint, a new information stealer, is a type of malware that is after Chrome login data, session cookies, and appears to be particularly interested in Facebook details. (Source: Bleeping Computer)
  • A ransomware variant appeared to be repurposed to infect files, mine for cryptocurrency…and destroy affected users’ files. Good grief! (Source: ZDNet)

Stay safe, everyone!



*** This is a Security Bloggers Network syndicated blog from Malwarebytes Labs authored by Malwarebytes Labs. Read the original post at: https://blog.malwarebytes.com/security-world/2018/04/week-security-april-16-april-22/