The Week in Cyber Security News, Dec 30 - Jan 5
01. Special Olympics of New York, a nonprofit organization focused on competitive athletes with intellectual disabilities, has had its email server hacked and used to launch a phishing campaign against previous donors.
02. Brazil’s government has imposed a US$1.6 million fine on Facebook and its local unit for their role in the Cambridge Analytica scandal.
03. Microsoft has taken control of 50 web domains used by a hacking group - believed to be operating from North Korea - called "Thallium" to steal information about, among others, government employees, think tanks, university staff members and individuals working on nuclear proliferation issues.
04. The US Army has banned the use of the TikTok app - owned by the Chinese company, ByteDance - on work mobile phones for security reasons.
05. The foreign currency specialist Travelex has been forced to take its websites offline following a cyber-attack, saying that so far no personal or customer data had been compromised.
06. A Xiaomi smart camera user has received unwanted images from strangers' homes when streaming content from his own camera to a Google Nest Hub.
07. Cisco has revealed that numerous vulnerabilities, including three critical authentication-bypass bugs, have been found in its Data Center Network Manager software.
08. The Colorado Town of Erie lost more than $1 million to a business email compromise scam that ended with the town's employees sending the funds to a bank account controlled by scammers.
09. California has adopted the strictest privacy law in the United States. The California Consumer Privacy Act mandates strict requirements for companies to notify users about how their user data will be used and monetized along with giving them straightforward tools for opting out.
10. Austria's foreign ministry has been targeted by a cyber-attack that is suspected to have been conducted by another country.
11. A ransomware strain known as DeathRansom, once considered a joke, is now capable of encrypting files using a solid encryption scheme.
12. The Clop Ransomware now has a new and integrated process killer that targets some interesting processes belonging to Windows 10 apps, text editors, programming IDEs and languages, and office applications.
13. The FBI is warning U.S. companies about a series of recent attacks by the so-called Maze ransomware in which the perpetrator, sometimes posing as a government agency, steals data and then encrypts it to further extort victims.
14. Microsoft Word metadata has been the undoing of a former IT exec, who has has admitted conning his employer out of $US6 million by setting up a fake company that billed his bosses for bogus services.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.
