The Week in Cyber Security News, August 31 - Sept 6
01.One Electrum user has lost 1400 Bitcoin ($16 million) after a fake update led them to install a fake version of their Electrum wallet.
02.Microsoft, Oracle, and Google top the list of companies with the most vulnerabilities disclosed in Q2 of 2020.
03.An American who was employed to moderate disputes on an illegal darknet marketplace has been sentenced to 11 years in prison.
04.Cisco has warned of an active zero-day vulnerability in its router software that's being exploited in the wild and could allow a remote, authenticated attacker to carry out memory exhaustion attacks on an affected device.
05.Security researchers Patrick Wardle and Peter Datini have uncovered an adware campaign hosted on a website that tricked users into downloading a bogus update to Adobe Flash Player.
06.Hackers are actively exploiting a vulnerability that allows them to execute commands and malicious scripts on websites running File Manager, a WordPress plugin with more than 700,000 active installations, just hours after the security flaw was patched.
07.New Zealand's justice minister says the nation is confronting cyber attacks on an unprecedented scale, targeting everything from the stock market to the weather service.
08.The Cybersecurity and Infrastructure Security Agency has issued a directive requiring agencies to establish vulnerability disclosure policies that foreswear legal action against researchers who act in good faith, allow participants to submit vulnerability reports anonymously and cover at least one internet-accessible system or service.
09.Facebook has published its first Vulnerability Disclosure Policy and given itself grounds to report the existence of bugs to the world if it thinks that’s the right thing to do.
10.The Cybersecurity and Infrastructure Security Agency (CISA) has announced plans to launch a contact center – akin to the 911 emergency number – for reporting cybersecurity issues affecting government web portals and apps.
11.Visa issued a warning regarding a new JavaScript e-commerce skimmer known as Baka that will remove itself from memory after exfiltrating stolen data.
12.WhatsApp has fixed six previously undisclosed vulnerabilities in its chat platform, revealing the move on a new dedicated security advisory site aimed at informing its more than 2 million users about bugs and keeping them updated on app security.
13.A hacker has stolen $7.5 million from the endowment funds of a non-profit organization in the US state of Maryland after compromising the personal computer of an employee working remotely.
14.It's been revealed that Argentina's official immigration agency suffered a ransomware attack for several hours in late August that temporarily halted border crossing into and out of the country.
++
Thanks for visiting SecAlerts and reading our weekly cyber security news roundup. We offer a free weekly CVE alert service, or an hourly service from $US20/mth, both of which include software updates and news relating to your software stack. Join more than 1,300 other users and sign up.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.
