A week in security (July 11 – July 17)

Last week on Malwarebytes Labs: Elden Ring maker Bandai Namco hit by ransomware and data leaks Predatory Sparrow massively disrupts steel factories while keeping workers safe New variant of Android SpyJoker malware removed from Play Store after 3 million+ installs China’s Tonto Team increases...

Moneybird: Pending MFA logins aren't immediatly expired after a password change

Researcher found an issue with sessions not all being terminated when password is changed. The 2FA implementation was at fault in this scenario as the session was found to be active even after the password was changed and two-step verification was turned off...