Skip to main content

A week in security (December 21- December 27)

Last week on Malwarebytes Labs we warned our readers about not so festive social media scams, how Emotet returned just in time for Christmas, we tried out some free online games your kids are playing and here's what happened, and our VideoBytes episode talked about what penetration testing tools malware gangs love to use and why they are better than what you can get on the black market.

Other cybersecurity news:

  • Cybercriminals issued a fake mobile version of Cyberpunk 2077 that's actually ransomware. (Source: TechSpot)
  • The Trump administration is pushing to make major adjustments to the Pentagon organizations charged with cybersecurity and intelligence. (Source: CNN)
  • An international takedown of a virtual private network (VPN), dubbed Operation Nova ended an organization engaged in bulletproof hosting. (Source: US DoJ)
  • Europol and the European Commission are launching a new decryption platform to help law enforcement agencies decrypt data that have been obtained as part of a criminal investigation. (Source: GovInfoSecurity)
  • Hacker publishes stolen email and mailing addresses of 270,000 Ledger cryptocurrency wallet users. (Source: Hot for Security)
  • The group behind the SolarWinds hack also tried to compromise security firm CrowdStrike. (Source: engadget)
  • China used stolen data to track CIA operatives in Africa and Europe since around 2013. (Source: Fox Business)
  • Apple, Google, Microsoft, and Mozilla unite to ban Kazakhstan's citizen-tracking certificate. (Source: TechSpot)
  • A large scale phishing scam is underway that pretends to be a security notice from Chase stating that fraudulent activity has been detected and caused the recipient's account to be blocked. (Source: BleepingComputer)
  • SolarWinds releases known attack timeline, new data suggests hackers may have done a dummy run last year. (Source: The Register)

Stay safe, everyone!

The post A week in security (December 21- December 27) appeared first on Malwarebytes Labs.



from Malwarebytes Labs full article here

Popular posts from this blog

Mobile Security Framework (MobSF) - An All-In-One Mobile Application Security Assessment Framework

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. MobSF support mobile app binaries (APK, IPA & APPX) along with zipped source code and provides REST APIs for seamless integration with your CI/CD or DevSecOps pipeline.The Dynamic Analyzer helps you to perform runtime security assessment and interactive instrumented testing. Screenshots: Static Analysis - Android Static Analysis - iOS Dynamic Analysis - Android APK Web API Viewer Requirements: Mac: Install Git Install Python 3.6 - 3.7 (3.8 is not supported) macOS Catalina users must uninstall existing python3 and install the one from Python.org . After installation, go to /Applications/Python 3.7/ and run Install Certificates.command and Update Shell Profile.command Install JDK 8+ ...
Read more

BlackArch Linux - Penetration Testing Distribution

BlackArch Linux is an Arch Linux-based penetration testing distribution for penetration testers and security researchers. It contains over 1800 security and hacking tools. Here is the complete list of tools in the BlackArch Linux: 0d1n : Web security tool to make fuzzing at HTTP inputs, made in C with libCurl. 0trace :  A hop enumeration tool. 3proxy : Tiny free proxy server. 3proxy-win32 : Tiny free proxy server. 42zip : Recursive Zip archive bomb. a2sv : Auto Scanning to SSL Vulnerability. abcd : ActionScript ByteCode Disassembler. acccheck : A password dictionary attack tool that targets windows authentication via the SMB protocol. ace : Automated Corporate Enumerator. A simple yet powerful VoIP Corporate Directory enumeration tool that mimics the behavior of an IP Phone in order to download the name and extension entries that a given phone can display on its screen interface ad-ldap-enum : A LDAP based Active Directory user and grou...
Read more

How a VPN can protect your online privacy

Have you ever experienced the feeling of relief that comes when you do something silly, but you're glad you did it where people don't know you? Or maybe you wished you were somewhere like that, but alas… That is what a Virtual Private Network ( VPN ) can do for you: it can put you in a place where you are unknown. To determine if and when you need a VPN, you must define what your goal is. If your main goal is to improve your privacy online, then a VPN is one of the possible solutions. Privacy is a right that is yours to value and defend. If you don't fall into the categories of people who say "I have nothing to hide" or "they already know everything about me" then you may care enough about your privacy to use a VPN. For the latest Malwarebytes Labs reader survey we asked "Do you use a VPN?" 2,330 responded and an impressive 36 percent said they now used a VPN. For perspective, ten years ago, only 1.5 percent of Americans used VPNs. So...
Read more