The Week in Cyber Security News, Dec 23-29
01. Twitter has urged Android users to update their app to avoid a security bug that allows a malicious user to access private account data and could also allow an attacker to take control of accounts to send tweets and direct messages.
02. Researchers have discovered five SQLite vulnerabilities that can allow attackers to remotely run malicious code inside Google Chrome.
03. Netgear, D-Link, and Huawei routers are actively being probed for weak Telnet passwords and taken over by a new peer-to-peer (P2P) botnet dubbed Mozi, which reuses some of the Gafgyt malware code.
04. IoT vendor Wyze, which produces inexpensive smart home products and wireless cameras, has announced that one of its servers exposed the details one of its servers exposed the details of roughly 2.4 million customers.
05. A security researcher has found several vulnerabilities in a number of Ruckus Wireless routers. The flaws can be exploited without needing a router’s password and can be used to take complete control of affected routers from over the internet.
06. The U.S. Coast Guard has published a marine safety alert to inform of a Ryuk Ransomware attack that took down the entire corporate IT network of a Maritime Transportation Security Act regulated facility.
07. One out of five computer users were subject to at least one malware-class web attack in 2019 ... here are some of the biggest malware threats of 2019.
08. A variety of Christmas-time spam campaigns have used climate activist Greta Thunberg as bait, with lines such as "Please help save the planet, Greta", and details in a Word document that’s either linked to in the email, or attached to it.
09. A man from north London who threatened to wipe 319 million accounts unless Apple gave him iTunes gift cards worth $100,000 (£76,000) has been given a two year suspended jail sentence and ordered to do 300 hours of unpaid work.
10. The Center for Health Care Services in San Antonio, Texas, shut down computing systems for all its clinics in response to a larger-scale cyber-attack.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.
