A week in security (August 16 – August 22)

Last week on Malwarebytes Labs:

• Podcast: Katie Moussouris hacked Clubhouse. Her emails went unanswered for weeks.
• How to troubleshoot hardware problems that look like malware problems.
• Analysts “strongly believe” the Russian state colludes with ransomware gangs.
• macOS 11’s hidden security improvements.
• How to spot a DocuSign phish and what to do about it.
• Cars and hospital equipment running Blackberry QNX may be affected by BadAlloc vulnerability.
• Beware of COVID Pass scams.
• T-Mobile customers, change your PINs.
• Cisco Small Business routers vulnerable to remote attacks, won’t get a patch.
• Largest DDoS attack ever reported gets hoovered up by Cloudflare.

Other cybersecurity news:

• SynAck ransomware decryptor lets victims recover files for free. (Source: BleepingComputer)
• A job ad blunder by the UK’s Ministry of Defence has accidentally revealed the existence of a secret SAS mobile hacker squad. (Source: The Register)
• Chinese espionage tool exploits vulnerabilities in 58 widely used websites, (Source: The Record)
• Wanted: Disgruntled employees to deploy ransomware. Get paid to be the insider threat. (Source: Krebs on Security)
• IDC survey finds more than one third of organizations worldwide have experienced a ransomware attack or breach. (Source: IDC)
• Hackers steal $97 million from Japan’s Liquid crypto exchange. (Source: Engadget)
• OpenSSL announces a high severity update on August 24th. (Source: openSSL)
• Unpatched Fortinet FortiWeb vulnerability allows remote OS command injection. (Source: Help Net Security)
• China pushes through data protection law that applies cross-border. (Source: ZDNet)
• NYC teachers‘ social security numbers exposed. (Source: InfoSecurity Magazine)
• America’s secret terrorist watchlist exposed on the web without a password. (Source: Bob Diachenko)

Stay safe, everyone!

The post A week in security (August 16 – August 22) appeared first on Malwarebytes Labs.