The Week in Cyber Security News, August 10 - 16
01.A security researcher has published details and proof-of-concept exploit code for a vBulletin zero-day vulnerability, which bypasses a patch from a previous vBulletin zero-day - CVE-2019-16759 - disclosed in September 2019.
02.Researchers have shown how they were able to use a simple technique to hack traffic signals used by cyclists in the Netherlands, a country where over a quarter of all trips are taken by bicycle.
03.Phishing emails are now circulating which tempt people with fake coronavirus vaccines.
04.The volume of distributed denial of service (DDoS) attacks in the second quarter of 2020 increased three-fold from the same period last year.
05.A string of severe security vulnerabilities in Android's 'Find My Mobile' app could have allowed remote attackers to track victims' real-time location, monitor phone calls, and messages, and even delete data stored on the phone.
06.A study from the USA calling for a complete ban on facial recognition technology in schools has found that using the technology is likely to amplify existing racial biases, which could result in disproportionate surveillance of some students.
07.The National Security Agency and the FBI are jointly exposing malware that they say Russian military hackers use in cyber-espionage operations.
08.Research shows that the inability of organizations to patch security vulnerabilities in a timely manner, combined with guessable passwords and the spread of automated hacking tools, is making it easy for cyber criminals to break into corporate networks.
09.While many extortion scams use petty scare tactics to fool recipients into paying up, you can’t be worried if you don’t understand the scammer’s e-mail.
10.Brown-Forman, one of the largest U.S. companies in the spirits and wine business, has suffered a cyber attack. The intruders allegedly copied 1TB of confidential data; they plan on selling to the highest bidder the most important info and leak the rest.
11.A campaign aimed at Mac users is spreading the XCSSET suite of malware, which has the capability to hijack the Safari web browser and inject various JavaScript payloads that can steal passwords, financial data and personal information, deploy ransomware and more.
12.Diners at the luxury Ritz hotel in London have been targeted by "extremely convincing" scammers who posed as hotel staff to steal payment card details.
13.Citrix users have run into problems with an update for the Windows Defender antivirus program from Microsoft, which erronously flags two files as Trojan horse malware, and stops the desktop virtualisation software from working.
14.Binary Defense researchers have identified a bug in the Emotet malware and have been using it to prevent the malware from making new victims.
15.Canadian government sites used to provide access to crucial services for immigration, taxes, pension, and benefits have been breached in a coordinated attack to steal COVID-19 relief payments.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.
