The Week in Cyber Security News, Feb. 1 - 7
01. The Chinese government may have stolen personal data from 80% of adults in the United States, according to a report aired on CBS in America.
02. Cybersecurity researchers have disclosed a new supply chain attack compromising the update mechanism of NoxPlayer, a free Android emulator for PCs and Macs that is estimated to have over 150 million users in more than 150 countries.
03. Cybersecurity professionals have celebrated news of the takedown of the EMOTET botnet, which required involvement from law enforcement agencies in eight different countries.
04. Network security provider SonicWall has disclosed that hackers are exploiting a critical zero-day vulnerability residing in its Secure Mobile Access 100 series and affects SMA 100 firmware 10.x code.
05. Researchers have disclosed two critical vulnerabilities in the same software that suspected Russian spies have exploited to infiltrate multiple US government agencies.
06. A researcher speaking at USENIX's Enigma 2021 virtual conference has said that in order to limit the impact of zero-day vulnerabilities, those developing software fixes to stop delivering shoddy patches.
07. CD Projekt Red, the developers of Cyberpunk 2077, is warning PC gamers against downloading mods and custom saves due to a vulnerability that may let threat actors deploy arbitrary code on their computers.
08. A cybersecurity researcher has found an exploitable hole in the payment system used in some Nespresso prepaid coffee machines.
09. A security bug in Contact Form 7 Style, a WordPress plugin installed on over 50,000 sites, could allow for malicious JavaScript injection on a victim website.
10. Anti-fascist Israeli hackers have broken into a website of a the Patriotic Brigade Knights, a group allied to the Ku Klux Klan, and published names, photos and other personal information about its members on social media.
11. Facebook, Instagram, TikTok, and Twitter have taken steps to crack down on users involved in trafficking hijacked user accounts across their platforms.
12. Russia has revived a draft proposal allowing law enforcement to access citizens' mobile location data without a court order.
13. Hacktivists have poisoned the DNS records of several Sri Lankans (.lk) websites and redirected users to a web page detailing various social issues impacting the local population.
14. A new targeted phishing campaign includes the novel obfuscation technique of using Morse code to hide malicious URLs in an email attachment.
++
Thanks for visiting SecAlerts and reading our weekly cyber security news roundup. We offer a free weekly CVE alert service, or an hourly service from $US17/mth, both of which include software updates and news relating to your software stack. Join more than 1,500 other users and sign up.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.
