The Week in Cyber Security News, Feb 10 - Feb 16
01. Microsoft has fixed a critical vulnerability in Internet Explorer, which the company said in January was being exploited in the wild and which appears to be a carry-over from September last year.
02. The Japanese defence ministry has said that sensitive data on defence equipment may have been breached as a result of cyberattacks on Mitsubishi Electric Corp, a major supplier of the country's defence and infrastructure systems.
03. When it comes to cybersecurity, only 17% of organizations are performing as "leaders" i.e. high performers in at least three of four categories: stopping cyber attacks, finding breaches faster, fixing breaches faster, and reducing breach impact.
04. A report looking into the US 2020 census has flagged concerns over cybersecurity and questioned whether the personal data collected during the study can be kept private.
05. Google Play Protect, a malware protection system that comes pre-installed on official Android devices, has blocked more than 1.9 billion malicious app installs - up from 1.6 billion in 2017 and 2018 - that originated from unofficial (non-Google) sources in 2019, such as third-party app stores.
06. Intelligence services in Lithuania have provided key details on how individuals are targeted by Chinese spies on LinkedIn, to recruit sources in government departments and key industry sectors.
07. The FBI has revealed that BEC (Business Email Compromise) scams, amounting to nearly US$75,000 per complaint, accounted for half of the cyber-crime losses in 2019.
08. The U.S. Cyber Command (USCYBERCOM) has uploaded new malware samples to VirusTotal, all of which the Command has attributed to the North Korea-linked threat group Lazarus.
09. Security researchers have discovered a reliable method of cleaning smartphones infected with xHelper, a type of Android malware that, until recently, has been impossible to remove.10. The makers of the blockchain voting platform Voatz have had to address assertions from MIT researchers that their app is insecure and can be easily hacked into, after the researchers said that hackers could change votes through the app.
11. Sophisticated backdoor malware techniques used by state-backed attackers to cripple Ukrainian power stations in 2015 are now being deployed more widely by the black hat community.
12. Nearly 4,000 IP addresses tied to customers of banks in North America and elsewhere have been targeted in a mobile phishing scam to steal login credentials.
13. Twitter have said that an official Twitter account of the Olympics and the International Olympic Committee's (IOC) media Twitter account had been hacked through a third-party platform and temporarily locked.
14. Microsoft has removed a standalone security update from its Windows Update servers and enterprise update channels after acknowledging reports of "an issue affecting a sub-set of devices."
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.
