A week in security (March 1 – 7)

Last week on Malwarebytes Labs, our podcast featured Eva Galperin who talked to us about defending online anonymity and speech.

We wrote about how Ryuk ransomware has developed a worm-like capability, how Exchange servers are attacked by Hafnium zero-days, 21 million free VPN users’ data was exposed, how China’s RedEcho was accused of targeting India’s power grids, whether Google’s Privacy Sandbox will take the bite out of tracking cookies, and how a Chrome fix patches an in-the-wild zero-day.

Other cybersecurity news

  • Gab has been badly hacked, the stolen information includes what appears to be passwords and private communications. (Source: Wired)
  • A bug in a shared SDK can let attackers join calls undetected across multiple apps. (Source: ZDNet)
  • Business email compromise (BEC) scammers are utilizing a new type of attack targeting investors. (Source: BleepingComputer)
  • Socially engineered attacks surfaced in maritime cybersecurity. (Source: Center for International Maritime Security)
  • Researchers found three new malware strains used by the SolarWinds group. (Source: The Hacker News)
  • Horticulture is an interesting sector for hackers since it is at the forefront of modern technologies. (Source: Horti Daily)
  • A federal judge has approved a $650m settlement of a privacy lawsuit against Facebook for allegedly using photo face-tagging and other biometric data without the permission of its users. (Source: The Guardian)
  • Google shared a PoC exploit for a critical Windows 10 Graphics RCE bug. (Source: Bleeping Computer)

Stay safe, everyone!