Last week on Malwarebytes Labs
- Teaching cybersecurity skills to special needs children with Alana Robinson: Lock and Code S02E18
- Phone screenshots accidentally leaked online by stalkerware-type company
- FoggyWeb, analysis of a Nobelium backdoor
- Instagram Kids put on hold
- Microsoft, CISA and NSA offer security tools and advice, but will you take it?
- Vaccine passport app leaks users’ personal data
- Telegram-powered bots circumvent 2FA
- Android Trojan GriftHorse, the gift horse you definitely should look in the mouth
- Apple Pay vulnerable to wireless pickpockets
- The FCC moves to curb SIM swap attacks
Malwarebytes released the Demographics of Cybercrime Report.
Other cybersecurity news
- Cambodia’s prime minister is Zoombombing opposition meetings. (Source: Rest Of World)
- Apple ignored 3 Zero-Day iPhone attacks for months, claims researcher. (Source: Forbes)
- When you ‘Ask app not to track,’ some iPhone apps keep snooping anyway. (Source: The Washington Post)
- Microsoft was warned about the Autodiscover flaw five years ago. (Source: The Register)
- Mission accomplished: Security plugin HTTPS Everywhere to be deprecated in 2022. (Source: The Daily Swig)
- Fake Amnesty International Pegasus scanner used to infect Windows. (Source: BleepingComputer)
- Google pushes emergency update for Chrome zero-days, the latest in a hectic year for vulnerabilities. (Source: CyberScoop)
- Mozilla rolls out fission to a fraction of users on the release channel. (Source: Mozilla blog)
- Paying hackers’ ransom demands is getting harder. (Source: DataCenter Knowledge)
- Hackers bypass Coinbase 2FA to steal customer funds. (Source: The Record)
Stay safe, everyone!
The post A week in security (Sept 27 – Oct 3) appeared first on Malwarebytes Labs.