A Week in Security (Jan 17 – Jan 23)

Roundup time!

Last week was definitely a busy one, with Malvertising on MSN.com, and a faintly dramatic tech-support scam riding roughshod over the good name of Symantec. Elsewhere, we had the inevitable Donald Trump themed spam mails, and some fantastic Malwarebytes news. We rounded off the last seven days with great deep-dives into powershell restrictions and LeChiffre Ransomware which I cannot now think of without imagining a coder who was really into James Bond movies.

As for the rest of the news…

  • Routers are being attacked via dating sites.
  • Android updates can be a bit hit and miss, and Samsung are currently being sued over their supposed approach to updating their phones.
  • A phishing attack could potentially be an issue for users of LastPass.
  • Miami Police officers find their information posted online as a result of a Government database breach.
  • Voice based two-factor authentication is great, until it comes under fire from Android Malware.
  • An XSS flaw potentially affecting up to 300 million Yahoo mail users required patching.
  • Sometimes the old ones are the “best” ones, and a facebook scam involving phishing and social engineering was found to be doing the rounds recently.
  • It’s never good when your Government recommended form of voice encryption comes with what is claimed to be a built-in weakness which could “allow for mass surveillance”.

Stay safe!

The Malwarebytes Labs Team