Last week on Labs, we took a look at insider threats, doubled back on the privacy of search browser extensions, profiled green card scams, revisited Defcon badgelife, and talked about what happens to a user’s accounts when they die.
Other cybersecurity news
- There was an archiving error in Twitch HQ. Unfortunately, that left some private user messages (even those with sensitive info in them) exposed to the public for a time. (Source: Sophos’ Naked Security Blog)
- Researchers from Catholic University found that apps offering ad blocking and privacy can be bypassed. (Source: Sophos’ Naked Security Blog)
- Researchers associated with Project Insecurity found a flaw in disability services in Canadian telcos. (Source: Kaspersky’s Threatpost)
- Facebook continued to clean house, removing more pages of campaigns that originated from Iran and Russia to curb “coordinated inauthentic behavior.” (Source: Facebook Newsroom)
- A computer science professor at Vanderbilt University published a 55-page study on how Google continues to collect data on users, even when the device is idle. (Source: The Washington Post)
- Philips revealed that their cardiovascular imaging devices have a flaw that could provide a low-level hacker “improper privilege management.” (Source: ZDNet)
- Videomaker service provider Animoto was breached. (Source: TechCrunch)
- Ryuk, a new ransomware, trained their crosshairs at large organizations capable of paying high-valued ransom in Bitcoin. (Source: ZDNet)
- North Korea’s The Lazarus Group pushed out its first Mac malware and successfully infiltrated IT systems of a cryptocurrency exchange platform based in Asia. (Source: Bleeping Computer)
- Superdrug, the popular health and beauty retailer based in the UK, was breached. (Source: InfoSecurity Magazine)
- Cobalt Dickens, a campaign that originated in Iran, targeted universities in 14 countries to steal credentials. (Source: SecureWorks)
- Hackers make millions by selling unpublished press releases. (Source: The Verge)
Stay safe, everyone!