Malwarebytes LabsMALWAREBYTES:E65F857AAAC912ABF5A439E335A3376BA week in security (July 1 – 7)
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.862 High
EPSS
Percentile
98.3%
Last week on Malwarebytes Labs, we explained what to do when you find stalkerware, how cooperating apps and automatic permissions are setting you up for failure, and why you should steer clear of Bitcoin Cash generators.
Other cybersecurity news:
- A former Chief Information Officer (CIO) of Equifax has been issued a prison sentence for insider trading on the firm’s disastrous data breach before the incident became public knowledge. (Source: ZDNet)
- A new Ryuk ransomware campaign is spreading globally, according to a warning issued by the UK’s National Cyber Security Centre (NCSC). (Source: DarkReading)
- Orvibo smart home devices leaked billions of user records including logs that contained everything from** **usernames, email addresses, and passwords, to precise locations. (Source: VPNMentor)
- Chinese authorities have decided to spy on foreigners crossing the border by installing spyware on Android phones. (Source: iPhoneHacks)
- Germany’s cybersecurity agency is working on a set of minimum rules that modern web browsers must comply with in order to be considered secure. (Source: ZDNet)
- An ongoing attack in the OpenPGP community makes users’ certificates unusable and can essentially break the OpenPGP implementation of anyone who tries to import one of the certificates. (Source: Duo Security)
- Dubbed Godlua, researchers have discovered the first known malware strain that uses the DNS over HTTPS protocol. (Source: TechSpot)
- IronPython, darkly: how researchers uncovered an attack on government entities in Europe. (Source: PT Security)
- Attunity, a company that is currently working with at least half of all Fortune 100 companies, including Netflix, leaked both its clients’ and its own data. (Source: BleepingComputer)
- The US Cyber Command has issued an alert that hackers have been actively going after CVE-2017-11774. The flaw is a sandbox escape bug in Outlook. (Source: The Register)
Stay safe, everyone!
The post A week in security (July 1 – 7) appeared first on Malwarebytes Labs.
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.862 High
EPSS
Percentile
98.3%