The Week in Cyber Security News, Dec 9 - 15
01. Beijing officials have ordered all government offices and public institutions to replace foreign hardware and software with Chinese alternatives within the next three years.
02. Academics have disclosed a new attack that impacts the integrity of data stored inside Intel SGX, a highly-secured area of Intel CPUs. The attack, named Plundervolt, exploits the interface through which an operating system can control an Intel processor's voltage and frequency.
03. Amazon has rolled out patches for its Blink Smart Security Cameras, after multiple high-severity vulnerabilities were discovered which, if exploited, could give attackers complete control over them.
04. Changes to India's privacy bill could cause trouble for Facebook , Google and others as proposals include government powers to request user data to help forge policies.
05. A report has stated that North Korean state-backed hackers appear to be cooperating with Eastern European cybercriminals, a finding that suggests digital gangsters and state-backed spies are finding common ground online.
06. Researchers have documented the use of a process hollowing technique to disguise the presence of cryptocurrency mining malware on infected systems.
07. The Iranian telecommunications minister has stated that the Islamic Republic recently thwarted a "highly organized cyber attack" targeting its government infrastructure. He defined the attack as "really massive" and attributed it to a nation-state actor.
08. A civil court in Rome has ruled that Facebook must immediately reactivate the account of the Italian neo-fascist party CasaPound and pay the group $US890 for each day the account has been closed.
09. A vulnerability has been discovered in RSA certificates that could compromise one in every 172 certificates currently in active use.
10. Siemens industrial equipment commonly found in fossil-fuel and large-scale renewable power plants are riddled with multiple security vulnerabilities, the most severe of which are critical bugs allowing remote code-execution.
11. The United States Securities and Exchange Commission (SEC) has charged Eran Eyal, the founder Shopin, with orchestrating a fraudulent initial coin offering (ICO) that defrauded hundreds of investors to the tune of more than $42 million.
12. In a series of hacks targeting Ring camera devices, attackers are terrifying homeowners and making them feel violated in their own homes after taunting them or speaking to their children over the device's speakers.
13. Google has announced that Android users in the US and selected countries will get access to two new features named Verified SMS and Spam Protection. Verified SMS confirms the identity of the SMS sender, while Spam Protection notifies the user when the app believes a message contains the markers of an SMS spam text.
14. A security vendor has sharply criticised American public service organisations for not acting on the growing threat of ransomware attacks. The comments were made after criminals recently not only encrypted and extortioned a municipal authority's data, but also stole it.
15. Payments processor VISA says North American merchants who operate gas stations and gas pumps are facing a rash of attacks from cybercrime groups wanting to deploy point-of-sale (POS) malware on their networks.
16. Singapore's ruling government has issued correction notices against an opposition political group over three posts it deems to contain false statements.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.
