A week in security (January 4 – January 10)

Last week on Malwarebytes Labs, we released survey results about VPN usage and found that 36 percent of our respondents use it. We also talked about Adobe Flash Player reaching its end of life—meaning, Adobe won’t be supporting the updating and patching of its Flash Player software; covered the ransomware attack against Funke Media Group, one of Germany’s largest publishers; and reported on a new Bitcoin sextortion scam making rounds since the eve of 2021. Lastly, we profiled the latest campaign of APT37, a North Korean threat actor, wherein they used a self-decoding VBA Office file to inject RokRat, a cloud-based RAT, onto Notepad.

Other cybersecurity news:

• A couple of Chinese APT groups moved to doing ransomware attacks. (Source: BleepingComputer)
• Juspay, a company that processes payments for companies like Amazon, MakeMyTrip, Swiggy, and others, revealed it was a victim of a data breach in Q3 of 2020. (Source: Business Insider – India)
• More than haf a million leaked employee credentials of leading video games companies were found for sale on the Dark Web. (Source: SiliconANGLE)
• Babuk Locker was hailed as the first new enterprise ransomware of 2021. (Source: BleepingComputer)
• COVID-19 vaccine phishing scams are growing. (Source: InfoSecurity Magazine)
• News of several Instagram scams are making the rounds: One is about a fake copyright violation, and the other is a fake overpayment of a service, which police call an overpayment scam.
• Think twice about using IoT chastity belts as hackers can—and have—locked up their wearers with ransomware. (Source: TechRadar Pro)
• The United Nations revealed that it might have been breached. (Source: ITProPortal)

Stay safe, everyone!

The post A week in security (January 4 – January 10) appeared first on Malwarebytes Labs.