A week in security (Sept 27 – Oct 3)

Last week on Malwarebytes Labs

• Teaching cybersecurity skills to special needs children with Alana Robinson: Lock and Code S02E18
• Phone screenshots accidentally leaked online by stalkerware-type company
• FoggyWeb, analysis of a Nobelium backdoor
• Instagram Kids put on hold
• Microsoft, CISA and NSA offer security tools and advice, but will you take it?
• Vaccine passport app leaks users’ personal data
• Telegram-powered bots circumvent 2FA
• Android Trojan GriftHorse, the gift horse you definitely should look in the mouth
• Apple Pay vulnerable to wireless pickpockets
• The FCC moves to curb SIM swap attacks

Malwarebytes released the Demographics of Cybercrime Report.

Other cybersecurity news

• Cambodia’s prime minister is Zoombombing opposition meetings. (Source: Rest Of World)
• Apple ignored 3 Zero-Day iPhone attacks for months, claims researcher. (Source: Forbes)
• When you ‘Ask app not to track,’ some iPhone apps keep snooping anyway. (Source: The Washington Post)
• Microsoft was warned about the Autodiscover flaw five years ago. (Source: The Register)
• Mission accomplished: Security plugin HTTPS Everywhere to be deprecated in 2022. (Source: The Daily Swig)
• Fake Amnesty International Pegasus scanner used to infect Windows. (Source: BleepingComputer)
• Google pushes emergency update for Chrome zero-days, the latest in a hectic year for vulnerabilities. (Source: CyberScoop)
• Mozilla rolls out fission to a fraction of users on the release channel. (Source: Mozilla blog)
• Paying hackers’ ransom demands is getting harder. (Source: DataCenter Knowledge)
• Hackers bypass Coinbase 2FA to steal customer funds. (Source: The Record)

Stay safe, everyone!

The post A week in security (Sept 27 – Oct 3) appeared first on Malwarebytes Labs.