A week in security (Sept 6 – Sept 12)

Last week on Malwarebytes Labs

  • Apple delays plans to search devices for child abuse imagery.
  • ProtonMail hands user’s IP address and device info to police, showing the limits of private email.
  • Patch now! Netgear fixes serious smart switch vulnerabilities.
  • Tor vs VPN—What is the difference?
  • Windows MSHTML zero-day actively exploited, mitigations required.
  • Sextortion on the rise, warns FBI.
  • 500,000 Fortinet VPN credentials exposed: Turn off, patch, reset passwords.
  • Gamers beware: The risks of Real Money Trading (RMT) explained.
  • Facebook puts on Ray-Bans, struts into the privacy minefield of smart glasses.
  • That’s the way the cookie banner crumbles?

Other cybersecurity news

  • The capricious relationship between technology and democracy, an analysys of public policy discussions in the UK and US. (Source: Wiley Online Library)
  • How can we use technology to weed out online disinformation? (Source: TheStar)
  • Germany wants smartphones to get seven years of updates. (Source: Fossbytes)
  • Ragnar Locker gang warns victims not to call the FBI. (Source: ThreatPost)
  • Apple pays hackers six figures to find bugs in its software and then it sits on their findings. (Source: Washington Post)
  • The OpenSSL Software Foundation released a completely refreshed version of its software. (Source: DarkReading)
  • Google published the Android Security Bulletin for September 2021 with patches for a total of 40 vulnerabilities, including seven that are rated critical. (Source: SecurityWeek)
  • CISA Warns of actively exploited Zoho ManageEngine ADSelfService vulnerability. (Source: The Hacker News)
  • Microsoft has fixed a vulnerability in Azure Container Instances called Azurescape. (Source: Bleeping Computer)
  • LAPD documents reveal use of social media monitoring tools. (Source: Brennan Center)

Stay safe, everyone!