A week in security (December 9 – 15)

Last week on Malwarebytes Labs, we cautioned readers against purchasing potentially privacy-invasive, cyber-insecure smart doorbells, warned about a new credit card skimmer vulnerability embedded within hundreds of fraudulent web sites selling supposedly name-brand shoes, and looked at the newest veteran’s assistance program launched by the nonprofit Women in CyberSecurity (WiCyS).

We also explained how mobile device sensors can be exploited by cybercriminals, provided tips on building an effective security operations center, and put our threat spotlight on Ryuk ransomware, trying to understand the who, what, where, when, and why of the nefarious malware.

Other cybersecurity news

  • Threat actors launched a cyberattack on Pensacola, FL, shutting down the city’s computer system. (Source: Threatpost)
  • Two North American gas station merchants were hit by cyberattacks seeking payment card data. (Source: Dark Reading)
  • Security researchers discovered a major vulnerability in two WordPress plugins that could allow hackers to gain admin-level access to a victim’s site. (Source: Threatpost)
  • Cybersecurity researchers published their findings about a now-patched security flaw that relied on the ability to alter Intel CPU voltages in order to steal data. (Source: HackRead)
  • The KeyWe Smart Lock, advertised as the “smartest lock ever,” is vulnerable to hacking. (Source: HackRead)
  • Days after Malwarebytes Labs warned users about the vulnerabilities of smart doorbells, owners of such devices in Mississippi, Georgia, Florida, and Texas reported receiving abuse at the hands of hackers who hurled racial slurs and demanded ransoms. (Source: ABC News)
  • Gizmodo offered a fun look at this decade’s top viral scams that circulated online. Anybody remember the freeway shark? (Source: Gizmodo)
  • Because of course this is a thing, online accounts for on-demand scooter services are being sold on the dark web. (Source: Motherboard)

Stay safe, everyone!

The post A week in security (December 9 – 15) appeared first on Malwarebytes Labs.

Original Source