The Week in Cyber Security News, Feb. 15 - 21
01. The SolarWinds hack, which compromised a raft of US government agencies, is "the largest and most sophisticated attack the world has ever seen," Microsoft president Brad Smith said.
02. Court documents reveal that the FBI has tools which allow it to access private Signal messages on iPhones, even when locked, and intercept encrypted messages from iPhones in partial AFU (After Frist Unlock) mode.
03. European consumer groups have accused video-sharing app TikTok of failing to protect minor users from inappropriate content and hidden advertising.
04. Multiple unpatched vulnerabilities have been discovered in SHAREit, a popular app with over one billion downloads, that could be abused to leak a user's sensitive data, execute arbitrary code, and possibly lead to remote code execution.
05. North Korea may have hacked into Pfizer servers looking for COVID data.
06. A security researcher claims to have found an instance of malware targeting Apple computers - Mac Mini, Macbook Pro and the Macbook Air models - running the M1 chipset.
07. A flaw in the popular video software Agora could have allowed hackers to spy on private calls through dating and telehealth applications.
08. Research suggests that 2.6% - around 500 - of 2019's 18,000 tracked vulnerabilities were actively exploited in the wild.
09. Kia Motors America has suffered a ransomware attack by the DoppelPaymer gang, demanding $20 million for a decryptor and not to leak stolen data.
10. A security consultant has found security holes in a widely-used CCTV service, NurseryCam, which is designed to let parents remotely watch their children playing at nursery.
11. Researchers have observed a nearly 6,000% jump in attacks using “malformed URL prefixes” to evade protections and deliver phishing emails that look legit.
12. Royal Mail in the UK has warned people in Northern Ireland not to fall for parcel scams, using messages bearing the company logo that ask for for small payments to ensure letters or parcels are delivered.
13. Civil and digital rights groups launched a petition seeking the support of one million Europeans to help pressure the European Union to ban biometric mass surveillance, such as facial recognition, ahead of laws on artificial intelligence due this year.
14. Most Brazilian companies have not increased their investments in information and cyber security since the Covid-19 pandemic emerged despite an increase in threats.
++
Thanks for visiting SecAlerts and reading our weekly cyber security news roundup. We offer a free weekly CVE alert service, or an upgraded 'Business' service, both of which include software updates and news relating to your software stack. Join more than 1,600 other users and sign up to either our Personal or Business plans.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.
