A week in security (April 19 – 25)

Last week on Malwarebytes Labs, we interviewed Youssef Sammouda, a 21-year-old bug bounty hunter who is focused on finding vulnerabilities on Facebook.

We looked into the CodeCov supply-chain attack, the vulnerabilities in Pulse Secure VPN that are being actively exploited by attackers, and the discovery of SUPERNOVA malware found on a SolarWinds Orion server.

We also featured technology, particularly facial recognition, used by the FBI to identify one of the Capitol rioters several months after it happened; we covered news about a FIN7 sysadmin being indicted for 10 years for “billions in damage”; and the calling out of EU’s proposed ban on the use of artificial intelligence, because it doesn’t deal with its potential for high abuse. Lastly, we have provided a comprehensive guide on how to pick the best VPN for you, whether you stream, play video games, or torrent.

Other cybersecurity news

• Costco issued a warning about scams targeting all its customers. (Source: InfoSecurity Magazine)
• Sophisticated Palestine-based hackers were found targeting iOS users to get them to install malware. (Source: Wired)
• A researcher demonstrated a Facebook bug that could reveal user email addresses even when set to private (Source: Wired)
• The Huawei app store was abused to house malicious apps, including the Joker malware (Source: BankInfoSecurity)
• VPN vulnerabilities are being heavily targeted by threat actors, according to a new report (Source: Dark Reading)
• Apple’s AirDrop can expose user phone numbers and email addresses (Source: The Record by Recorded Future)
• Since the first lockdown measures were introduced, the use of stalkerware and spyware apps has almost doubled (Source: PR Newswire)

Stay safe!

The post A week in security (April 19 – 25) appeared first on Malwarebytes Labs.