A week in security (November 23 – November 29)

Last week on Malwarebytes Labs, we talked with Chris Boyd about charities that track you online.

We also looked back at Zoom, and wondered whether it’s any safer months after its first vulnerability was reported. We talked about how Apple’s security is hampering the detection of potentially unwanted programs (PUPs). Lastly, we reported on Spotify resetting some user accounts after stolen or leaked credentials from a third-party were used in accessing them, and the US Senate passing the IoT Cybersecurity Bill.

Other cybersecurity news

  • GoDaddy employees were reportedly socially engineered to assume control over several cryptocurrency services. (Source: KrebsOnSecurity)
  • A report from Check Point Security revealed that vishing, or “voice phishing”, is on the uptick. And usually employees who fall for such tactics are those working from home due to the pandemic. (Source: SecurityBrief)
  • Meanwhile, according to a survey by Juniper Networks, remote work has widened organizations’ attack surface, giving cybercriminals more opportunities to launch attacks against them. (Source: Entrepreneur)
  • Smart doorbells were found to be an “easy target for hackers”. Why are we not surprised? (Source: The BBC)
  • The FBI warned people to be careful after it found newly registered domains pretending to belong to the organization. (Source: Bleeping Computer)
  • Several Minecraft mods were found in the Google Play Store that are just adware apps and do nothing for you or for the game. (Source: CyberScoop)
  • Mustang Panda, a suspected hacking group from China, continues to gather intelligence about Vatican diplomacy due to the Catholic Church’s operations in China. (Source: CyberScoop)
  • According to a report, 38 percent of online video gamers have suffered from account hacking “at least once” in the past. (Source: Atlas VPN)

Stay safe, everyone!