A week in security (September 18 – September 24)

Last week, we kept you updated on our blog about the infected versions of CCleaner that were offered as downloads on the official servers.

We also warned you against a fake IRS notice that delivers a customized spying tool, some of the threats currently facing gamers, and a Netflix scam that has been doing the rounds in Europe.

Mac users learned how to tell if their Mac is infected and Advanced Tech Support victims learned how to apply for a (partial) refund.

Elsewhere:

Consumer news

• The pain caused by the Equifax breach was analyzed in depth by the NY Times.
• And just as easily Equifax was fooled again. They referred users to a parody site like phishers might have used. Luckily this time it was run by a security researcher.
• A new twist in ransomware was provided by “nRansomware”, a program that locks up your computer and only releases it after you send in 10 nude pictures.
• The rise in the number of phishing sites has been huge. Almost 1.5 million new phishing sites pop up every month

Business news

• A group of extortionists has been sending out threats to perform DDOS attacks on companies unless they pay a set amount in BitCoin. The perpetrators are claiming to be affiliated with Anonymous or Lizard Squad.
• An absent-minded security staffer accidentally leaked Adobe’s private PGP key onto the internet.
• The ProxyM IoT botnet has turned from DDOS to spam. A device infected with ProxyM sends on average about 400 emails per day. Campaigns so far have promoted adult hookup sites.
• The U.S. Securities and Exchange Commission (SEC) has revealed that attackers might have used data they stole in a security breach for illicit insider trading.
• Viacom exposed a vast array of internal access credentials and critical data that could be used to cause immense harm to the multinational corporation’s business operations.

Stay safe!

Malwarebytes Labs Team

The post A week in security (September 18 - September 24) appeared first on Malwarebytes Labs.