InfoSec News & Investigations

A week in security (January 27 – February 2)

Last week on Malwarebytes Labs, we looked at the strengths and weaknesses of the Zero Trust model, gave you the low-down on spear phishing, and took a delve into the world of securing the managed service provider (MSP).

Other cybersecurity news

  • UN compromised via Sharepoint hack: An extraordinary tale highlighting that absolutely nobody is safe when bad things happen and are then covered up. (Source: The Register)
  • TA505 returns: A well-known financial phishing attack is back from hiatus to cause chaos once again. (Source: Bleeping Computer)
  • SMS phishing, aka smishing: Residents of Pitt County are warned to be wary of bogus FedEx notifications sent by text. (Source: News Channel 12)
  • Social media booster runs into password mayhem: Another organisation discovers too late that plaintext passwords aren’t a great idea. (Source: TechCrunch)
  • Ashley Madison breach returns to haunt us: Five years on, it’s causing problems in all new ways, fueling a new extortion scam. (Source: VadeSecure)
  • Hacking in Hong Kong: ESET looks at how the Winnti group are targeting two Hong Kong Universities. (Source: ESET)
  • Microsoft launches new bug bounty program: If you’re into gaming, this may be just what you’re looking for. (Source: Help Net Security)
  • Big breach, big numbers: A compromise could potentially include a large tally of (more than 30 million) credit card information. (Source: Krebs on Security)
  • The real world virus scammers have arrived: Booby-trapped Word documents pushing the Emotet Trojan are being fired out to people’s mailboxes, disguised as warnings about the coronavirus. (Source: TechRepublic)
  • Tricky phishing: It may be the case that we’re not as good at detecting scams as we think we are. (Source: ZDNet)

Stay safe, everyone!

The post A week in security (January 27 – February 2) appeared first on Malwarebytes Labs.

Original Source