A week in security (September 24 – 30)

Last week on Labs was a busy one. We discussed how SMS phishing attacks target the job market, issued a warning for TV Licensing phishes, commented on how Apple confused Safari users with recent changes to how OSX handles browser extensions, and elaborated on holes found in Mojave’s privacy protection—deep breath! We also showed how a buggy implementation of CVE-2018-8373 vulnerability is used to deliver Quasar RAT, discussed what is needed to fight back in the age of unwanted calls, gave some tips on how to protect your data from Magecart and other e-commerce attacks, and alerted our readers that millions of accounts were affected in the latest Facebook vulnerability.

Other cybersecurity news:

• Tech firms back US privacy law to negate states. (Source: The Washington Post)
• Microsoft rolls out confidential computing for Azure. (Source: Bleeping Computer)
• Google recently made a change to simplify the way Chrome handles sign-in. (Source: The Keyword)
• VirusTotal announces VirusTotal Enterprise. (Source: medium.com)
• 14 years imprisonment for man who helped hackers evade detection by antivirus software. (Source: Hot for Security)
• Port of San Diego’s information technology systems disrupted by ransomware. (Source: Port of San Diego)
• LoJax: the first UEFI rootkit found in the wild, courtesy of the Sednit group. (Source: WeLiveSecurity}
• Telegram leaks public/private IP addresses of end users in desktop. (Source: inputzero)
• iPhone XS passcode bypass hack exposes contacts and photos. (Source: ThreatPost)
• Secret Service warns of surge in ATM ‘wiretapping’ attacks. (Source: Krebs on Security)
• Mutagen Astronomy: Linux kernel ‘give me root, now’ security hole sighted. (Source: TheRegister)

Stay safe, everyone!

The post A week in security (September 24 – 30) appeared first on Malwarebytes Labs.