The Week in Cyber Security News, Dec 16-22
01. Enterprise staff using the popular Barco ClickShare wireless presentation tools have been warned to update the devices as soon as possible, after security researchers found multiple serious vulnerabilities in them.
02. Payment card data doesn't survive untouched for long on the web, with one experiment showing the data from one Visa card was used for a micro-transaction within two hours.
03. Singapore's ruling government issued correction notices against an opposition political group over three posts it deems to contain false statements. The opposition party complied with the orders but indicated it has plans to challenge the directive.
04. Apple officially opened its historically private bug-bounty program to the public. Its top payout comes in at $1 million and other payouts range from $25,000 to $500,000 across a range of products, including Macs, iPhone and iPad, and Apple TV.
05. Canada’s biggest provider of specialty laboratory testing services has paid hackers an undisclosed amount for the return of personal data they stole belonging to as many as 15 million customers.
06. A cyber-criminal has been sentenced to a two year suspended jail term, 300 hours of unpaid work and an electronic curfew for six months, after threatening to delete hundreds of millions of Apple accounts.
07. A Lithuanian hacker will spend the next five years behind bars for masterminding a $120m (£92.05m) scam that involved emailing fake IT equipment invoices to Facebook and Google.
08. Web Cache Deception (WCD) attacks are still a major issue and continue to impact many popular websites. Research has shown that 25 of the Alexa Top 5,000 websites are still impacted by WCD attacks.
09. A German university has issued new passwords for the email accounts of all 38,000 of its students and staff ... by hand, leading to the unusual sight of people queuing 'around the block' on the university campus.
10. A troll has been indicted for aggravated assault for allegedly sending a seizure-inducing GIF via Twitter to an epileptic journalist. The GIF triggered an epileptic seizure that caused a complete loss of bodily functions and mental faculty, impairing the author, mentally and bodily, for several months.
11. A network of more than 100 Android applications is allowing fraudsters to make money by pushing pervasive advertisements to users' devices. The device owners aren't the real victims, even though they're being exploited, and the constant stream of ads are leveraging victims' phones as conduits for scammers to rip off companies' marketing dollars.
12. More than 267 million records have been exposed in a database containing the names, phone numbers and Facebook user IDs of millions of platform users.
13. US convenience store Wawa has said it recently discovered malware that skimmed customers' payment card data at just about all of its 850 stores. The infection began rolling out to the store's payment-processing system on March 4 and wasn't discovered until December 10. Once discovered, it took two more days for the malware to be fully contained.
14. Security researchers say they found evidence that a Chinese government-linked hacking group has been bypassing two-factor authentication (2FA) in a recent wave of attacks, the targets of which were government entities and managed service providers (MSPs).
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.
