A week in security (May 13 – 19)

Last week, Malwarebytes Labs reviewed active and unique exploit kits targeting consumers and businesses alike, reported about a flaw in WhatsApp used to target a human rights lawyer, and wrote about an important Microsoft patch that aimed to prevent a “WannaCry level” attack. We also profiled the Dharma ransomware—aka CrySIS—and imparted four lessons from the DDoS attack against the US Department of Energy that disrupted major operations.

Other cybersecurity news

• Cybersecurity agencies from Canada and Saudi Arabia issued advisories about hacking groups actively exploiting Microsoft SharePoint server vulnerabilities to gain access to private business and government networks. A different patch for the flaw, which was officially designated as CVE-2019-0604, was already available as of February this year. (Source: ZDNet)
• Nefarious actors behind adware try hard to be legit—or at least look the part. A recent discovery of a pseudo-VPN called Pirate Chick VPN in an adware bundle was one of the ways they attempted to do this. However, the software is actually a Trojan that pushes malware, particularly the AZORult information stealer. (Source: Bleeping Computer)
• SIM-swapping, the fraudulent act of convincing a mobile carrier to swap a target’s phone number over to a SIM card owned by the criminal, doubled in South Africa. This scam is used to divert incoming SMS-based tokens used in 2FA-enabled accounts. (Source: BusinessTech)
• Ransomware attacks on US cities are on the uptick. So far, there have been 22 known attacks this year. (Source: ABC Action News)
• Typosquatting is back on the radar, and it’s mimicking online major new websites to push out fake news or disinformation reports, according to a report from The Citizen Lab. Some of the sites copied were Politico, Bloomberg, and The Atlantic. The group behind this campaign is Endless Mayfly, an Iranian “disinformation supply chain.” (Source: The Citizen Lab)
• No surprise here: Researchers from Charles III University of Madrid (Universidad Carlos III de Madrid) and Stony Brook University in the US found that Android smartphones are riddled with bloatware, which creates hidden privacy and security risks to users. (Source: Sophos’s Naked Security Blog)
• Organizations who are using the cloud to store PII were considering moving back to on-premise means to store data due to cloud security concerns, according to a survey. (Source: Netwrix)
• The Office of the Australian Information Commissioner (OAIC) recently released a report about their findings on breaches in healthcare, which is still an ongoing problem. They found that such breaches were caused mainly by human error. (Source: CRN)
• Websites of retailers are continuously facing billions of hacking attempts every year, according to an Akamai Technology report. Consumers should take this as a wake-up call to stop reusing credentials across all their online accounts. (Source: BizTech Magazine)
• After the discovery of Meltdown and Spectre, security flaws found in Intel and AMD chips, several researchers have again uncovered another flaw that could allow attackers to eavesdrop on every piece of user data that a processor touches. Intel collectively calls attacks against this flaw as Microarchitectural Data Sampling (MDS). (Source: Wired)

Stay safe, everyone!

The post A week in security (May 13 - 19) appeared first on Malwarebytes Labs.