The Week in Cyber Security News, Apr 13 - 19
01. A TikTok vulnerability has been shown to enable hackers to show users fake videos. Researchers replicated the results by installing the tPacketCapture app on Android and then running the TikTok app.
02. The 'Grandoreiro' malware - a remote overlay malware attack that leverages a fake Chrome browser plugin - is commonly known for exclusively targeting banking customers in Brazil, but has been targeting the accounts of banking customers in Spain.
03. Microsoft released software security updates for all supported versions of its Windows operating systems, including three vulnerabilities that are being actively exploited in the wild by hackers.
04. Google has ousted 49 Chrome browser extensions from its Web Store, after it was discovered they masqueraded as cryptocurrency wallets but contained malicious code to siphon off sensitive information and empty the digital currencies.
05. Ransomware operatives attacked Portuguese energy giant Energias de Portugal (EDP) and are threatening to leak the company’s data online if it refuses to pay a $10.9 million ransom.
06. The average price of a phishing kit sold on cybercrime markets went up by 149% between 2018 and 2019, increasing from $122 to $304.
07. In the latest example of the Pentagon trying to mitigate foreign propaganda, US officials admonished the governments of Russia, China and Iran for leveraging the international COVID-19 outbreak to summon anti-American sentiment.
08. Consumer credit reporting company Equifax has shelled out $19.5m to settle a class-action lawsuit brought by the State of Indiana, after a major data breach at the organization exposed the personal information of over half of all Americans.
09. US government officials have warned about the threat of North Korean hackers, calling particular attention to banking and other finance.
10. A ransomware tactic dubbed "double extortion" is being used more and more by attackers, who further inflict pain on their victims by threatening to leak compromised data or use it in future spam attacks, if ransom demands aren’t met.
11. The FBI has stated that nation-state hackers have been running cyber-espionage operations against medical research organizations in the US that are studying the novel coronavirus.
12. A hacker has leaked the details of 20 million users - part of a larger batch of 39 million records - of Aptoide, a third-party app store for Android applications.
13. Police in India have foiled a cyber-criminal's attempt to sell the world's biggest statue - the 597ft (182m) high "Statue of Unity" - online for $4 billion.
14. The German state of North Rhine-Westphalia is believed to have lost tens of millions of euros after it failed to build a secure website for distributing coronavirus emergency aid funding, which allowed cybercriminals to create copies of the website.
15. A hacker has leaked the usernames and passwords of nearly 23 million players of the online children's game, Webkinz World.
16. Hackers are selling 267 million records of Facebook users on a hacker forum for £500 (US$600).
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.
