A week in security (Nov 1 – Nov 7)

Last week on Malwarebytes Labs

• Celebrity jewelry house Graff falls victim to ransomware
• Lessons from a real-life ransomware attack
• Is Apple’s Safari browser the last, best hope for web privacy?
• What is Twitch?
• Google patches zero-day vulnerability, and others, in Android
• Zuckerberg’s Metaverse, and the possible privacy and security concerns
• This Steam phish baits you with a free Discord Nitro
• BlackMatter ransomware group announces shutdown. But for how long?
• Trojan Source: Hiding malicious code in plain sight
• Update now! Mozilla fixes security vulnerabilities in Firefox 94
• Credit card skimmer evades Virtual Machines
• CISA sets two week window for patching serious vulnerabilities
• Wanted! US offer $10m bounty for ransomware kingpins

Other cybersecurity news

• New “Frankenstein” phishing kits are becoming increasingly popular. (Source: RiskIQ)
• Call center scammers use Justine Bieber and The Weeknd concert tickets as bait. (Source: ZDNet)
• Expect delivery firms to be impersonated by cybercriminals in holiday phishing scams. (Source: Tessian)
• According to a report, New Zealand residents are unaware of common cyber scams and don’t take basic precautions. (Source: IT Brief)
• CERT-France has identified the ransomware group behind attacks on French companies. (Source: The Record)
• SalesForce bug allows Outlook and Microsoft calendar events to be exposed. (Source: Varonis)
• Credential phishers impersonate Proofpoint to go after Microsoft and Google credentials. (Source: Armorblox)
• Data of Labour Party supporters in the UK were stolen during a ransomware attack. (Source: Sky News)
• Scammers bank on popularity of crypto wallets to steal cryptocurrency. (Source: Check Point)
• We experienced the first example of “insider threat by machine” when Facebook went dark for 6 hours. (Source: CSO Online)

Stay safe, everyone!

The post A week in security (Nov 1 – Nov 7) appeared first on Malwarebytes Labs.