Security
Headlines
HeadlinesLatestCVEs

Source

Malwarebytes

A week in security (Sept 27 – Oct 3)

A roundup of the previous week's important security news and related happenings, for the week of September 27 - October 3. Categories: A week in security Tags: Apple Pay autodiscover fission FoggyWeb GriftHorse https everywhere Instagram kids Pegasus SIM swap special needs children telegram Vaccine passport zoombombing *( Read more... ( https://blog.malwarebytes.com/a-week-in-security/2021/10/a-week-in-security-sept-27-oct-3-2021/ ) )* The post A week in security (Sept 27 – Oct 3) appeared first on Malwarebytes Labs.

Malwarebytes
Open in Source
#A week in security#Apple Pay#autodiscover#fission#FoggyWeb#GriftHorse#https everywhere#Instagram kids#Pegasus#SIM swap#special needs children#telegram#Vaccine passport#zoombombing
The FCC moves to curb SIM swap attacks

The FCC wants carriers to adopt more secure methods of authenticating a customer before redirecting a phone number to a new device. Categories: Malwarebytes news Tags: 2fa FCC federal communications commission port-out fraud SIM swapping simjacking two-factor authentication *( Read more... ( https://blog.malwarebytes.com/malwarebytes-news/2021/10/the-fcc-moves-to-curb-sim-swap-attacks/ ) )* The post The FCC moves to curb SIM swap attacks appeared first on Malwarebytes Labs.

Apple Pay vulnerable to wireless pickpockets

Researchers have found a way to extract money from Apple Pay via without any user interaction. Categories: Exploits and vulnerabilities Tags: Apple Pay EMV Europay Express mode iPhone magic bytes mastercard Samsung visa *( Read more... ( https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/10/apple-pay-vulnerable-to-wireless-pickpockets/ ) )* The post Apple Pay vulnerable to wireless pickpockets appeared first on Malwarebytes Labs.

Android Trojan GriftHorse, the gift horse you definitely should look in the mouth

The GriftHorse Android Trojan is a widespread campaign with millions of victims in over 70 countries. Categories: Android Tags: Android fleeceware GriftHorse paid SMS services trojan *( Read more... ( https://blog.malwarebytes.com/android/2021/09/android-trojan-grifthorse-the-gift-horse-you-definitely-should-look-in-the-mouth/ ) )* The post Android Trojan GriftHorse, the gift horse you definitely should look in the mouth appeared first on Malwarebytes Labs.

Telegram-powered bots circumvent 2FA

Researchers have found bots in Telegram that provide fraud support to other criminals and even bypass certain 2FA methods. Categories: Social engineering Tags: 2fa BloodOTPbot Intel 147 one-time password OTP phishing robocall SIM swap SIM swapping SMS Buster SMSRanger telegram bot time-based one-time password totp two-factor authentication *( Read more... ( https://blog.malwarebytes.com/social-engineering/2021/09/telegram-powered-bots-circumvent-2fa/ ) )* The post Telegram-powered bots circumvent 2FA appeared first on Malwarebytes Labs.

Vaccine passport app leaks users’ personal data

Portpass, a vaccine passport app in Canada, has unknowingly compromised thousands of its users' data. Privacy advocates have reason to worry after all. Categories: Privacy Tags: Canadian Broadcasting Corporation CBC Conrad Yeung Portpass Ritesh Kotak vaccine card Zakir Hussein *( Read more... ( https://blog.malwarebytes.com/privacy-2/2021/09/vaccine-passport-app-leaks-users-personal-data/ ) )* The post Vaccine passport app leaks users’ personal data appeared first on Malwarebytes Labs.

Microsoft, CISA and NSA offer security tools and advice, but will you take it?

Microsoft, CISA, and the NSA are individually offering tools and advice that aim to improve security for organizations. But will the targeted audience have the time and resources to accept that help? Categories: Opinion Tags: cisa EM emergency mitigation service EOL exchange insider risk mitigation self-assessment tool insider threat microsoft NSA nss supply chain attack vpn *( Read more... ( https://blog.malwarebytes.com/opinion/2021/09/microsoft-cisa-and-nsa-offer-orgs-security-tools-and-advice-but-will-those-that-need-it-the-most-be-the-ones-that-use-it/ ) )* The post Microsoft, CISA and NSA offer security tools and advice, but will you take it? appeared first on Malwarebytes Labs.

Instagram Kids put on hold

The development of Instagram Kids has been paused for the time being, Adam Mosseri has announced. Categories: Privacy Tags: Adam Mosseri Facebook Messenger Instagram Instagram for kids Instagram kids messenger kids Peppa Pig The Wall Street Journal tiktok youtube YouTube Kids *( Read more... ( https://blog.malwarebytes.com/privacy-2/2021/09/instagram-kids-put-on-hold/ ) )* The post Instagram Kids put on hold appeared first on Malwarebytes Labs.

FoggyWeb, analysis of a Nobelium backdoor

FoggyWeb is a highly targeted backdoor that is in use by the Nobellium group targeting Active Directory Federation Services servers. Categories: Trojans Tags: AD FS DLL search order hijack FoggyWeb IOCs nobelium solarwinds sunburst token-signing certificate version.dll *( Read more... ( https://blog.malwarebytes.com/trojans/2021/09/foggyweb-analysis-of-a-nobelium-backdoor/ ) )* The post FoggyWeb, analysis of a Nobelium backdoor appeared first on Malwarebytes Labs.

Phone screenshots accidentally leaked online by stalkerware company

Stalkerware pcTattleTale hasn't been very careful about securing the screenshots it sneakily takes from its victims' phones. Categories: Stalkerware Tags: Bryan Fleming Jo Coscia Lukas Stefanko pcTattleTale stalkerware unsecure bucket *( Read more... ( https://blog.malwarebytes.com/stalkerware/2021/09/phone-screenshots-accidentally-leaked-online-by-stalkerware-company/ ) )* The post Phone screenshots accidentally leaked online by stalkerware company appeared first on Malwarebytes Labs.