Week in security (April 30 – May 6)
Last week on Labs, we examined the Spartacus ransomware, reported about a new tactic used by the Necurs malspam campaign, informed you about the recommended Twitter password change, and discussed engaging students to start considering careers in cybersecurity.
- NTML credentials can be stolen via malicious Portable Document Format (PDF) files without any user interaction. (Source: SecurityWeek)
- Twitter sold data access to a Cambridge Analytica-linked researcher. (Source: Bloomberg)
- FacexWorm targets cryptocurrency users by spreading through Facebook Messenger. (Source: Security Affairs)
- New DNS encryption tools accelerate privacy online. (Source: HelpNetSecurity)
- IoT security: Is cryptocurrency-mining malware your next big headache? (Source: ZDNet)
- Companies from across the tech spectrum are lining up to protest the measure that would allow them to “hack back” with offensive initiatives in the face of a cyberattack. (Source: ThreatPost)
- Drive-by Rowhammer attack uses GPU to compromise Android phone. (Source: ArsTechnica)
- The systems that control water and power plants are shockingly vulnerable to hackers. (Source: Gizmodo)
- Facebook’s dating service is a chance to meet the catfisher, advertiser, or scammer of your dreams. (Source: Washington Post)
- Roskomnadzor, Russia’s telecommunications watchdog, blocks 50 VPNs and Proxy Services providing access to Telegram. (Source: BleepingComputer)
- Cat burglar: Kitty cryptominer targets web application servers, then spreads to app users. (Source: SCMagazine)
Stay safe, everyone!