The Week in Cyber Security News, April 12 - 18
01. Almost every global organization suffered at least one mobile malware attack in 2020, according to a new report from Check Point.
02. Academics have published a new research paper describing yet another variation of the Rowhammer attack, which can be used to successfully trigger the attack from JavaScript on modern DDR4 RAM cards.
03. A set of nine "basic code" vulnerabilities have been uncovered that expose an estimated 100 million devices worldwide, including an array of Internet-of-things products and IT management servers.
04. The Biden administration has imposed sweeping sanctions on Russian intelligence operatives for their alleged interference in the 2020 U.S. election, and on Russian companies for allegedly supporting Moscow’s extensive cyber-espionage operations.
05. The Australian federal court has ruled that Google "partially" misled consumers about collecting mobile phone personal location data.
06. Codecov online platform for hosted code testing reports and statistics has announced that a threat actor modified its Bash Uploader script, exposing sensitive information in customers’ continuous integration (CI) environment.
07. The Feds have warned that nation-state actors are once again after US assets, this time in a spate of cyberattacks that exploit five vulnerabilities that affect VPN solutions, collaboration-suite software and virtualization technologies.
08. The chair of the UK's Foreign Affairs Select Committee has been told by the Government Communications Headquarters that he was better off sticking to Gmail, rather than using the parliamentary system, because it was more secure.
09. Swedish authorities have halted an investigation into a data breach supposedly perpetrated by the Russian military intelligence, GRU, in 2017 and 2018, citing that, even though they named the entities involved in the attacks, they couldn’t take any punitive measures.
10. An unusual baiting technique has appeared with the WhatsApp users receiving links that claim to turn the application’s theme from its trademark green to pink, while simultaneously promising ‘new features' that have not been specified.
++
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.
