Week in security (April 09 – April 15)

Last week, we took a look at a malware-campaign called FakeUpdates, methods to use secure instant messaging, the inner workings of a decryption tool, and some Facebook spam campaigns.
We also published our first quarterly Malwarebytes Labs CTNT report of 2018.
Other news
A security researcher discovered a flaw in P.F.Changs Rewards website. (Source: AkshaySharmaUS@medium.com)
Security Consultant Xavier Mertens described a suspicious use of certutil.exe. (Source: InfoSec Handlers Diary Blog)
A significant number of Cisco devices belonging to organizations in Russia and Iran were hacked by a group calling itself JHT. (Source: The Hacker News)
Facebook CEO Mark Zuckerberg spoke at a joint hearing of the US Senate judiciary and commerce committees in Washington, DC. (Source: siliconrepublic)
A vulnerability in Microsoft Outlook allowed hackers to steal a user’s Windows password. (Source: ThreatPost)
A malware gang is going for identity theft and phony tax refunds by targeting CPAs. (Source: Krebs on Security)
Researchers sinkholed the infamous EITest infection chain. (Source: SecurityWeek)
A Microsoft network engineer was charged with money laundering linked to Reveton computer ransomware. (Source: SunSentinel)
Intel has addressed a vulnerability in the configuration of several CPU series that allow an attacker to alter the behavior of the chip’s SPI Flash memory. (Source: Bleeping Computer)
An old and flawed Javascript crypto-library could allow Bitcoin theft. (Source: The Register)
Stay safe, everyone!
The post Week in security (April 09 – April 15) appeared first on Malwarebytes Labs.
Click here for best antivirus and antispyware software

Powered by WPeMatico