The Week in Cyber Security News, Feb 24 - Mar 1
01. Hackers have found a bug in PayPal's Google Pay integration and are now using it to buy products online and incur unauthorized charges to PayPal accounts.
02. Australian banks are being targeted by a group threatening to launch denial-of-service attacks unless a ransom is paid.
03. Google have released a Chrome update to address three security bugs, including a zero-day vulnerability that is being actively exploited in the wild.
04. Mexico's economy ministry has detected a cyber-attack on some of its servers, but insists sensitive data was not compromised.
05. Cybersecurity researchers have uncovered a new high-severity hardware vulnerability residing in the widely-used Wi-Fi chips manufactured by Broadcom and Cypress—apparently powering over a billion devices, including smartphones, tablets, laptops, routers, and IoT gadgets.
06. An app developer has discovered that malicious apps could exploit Apple’s iOS pasteboard to work out a user’s location, even when that user has locked down app location sharing.
07. From vacuum cleaners to baby monitors, the IoT landscape continues to be plagued by concerning security issues that lead to privacy threats.
08. An Israeli marketing firm exposed 49 million unique email addresses after mishandling authentication credentials for an Elasticsearch database, that were sitting in plain text on an unprotected web server.
09. Microsoft has announced that, starting with Microsoft Edge 80.0.338.0, users will be able to have potentially unwanted applications (PUAs) automatically blocked from downloading.
10. Clearview AI, the facial recognition startup that’s gobbled up more than three billion photos by scraping social media sites and any other publicly accessible sites, has lost its entire list of clients to hackers – including details about its many law enforcement clients.
11. Apache Tomcat servers released in the last 13 years are vulnerable to a bug named Ghostcat that can allow hackers to take over unpatched systems.
12. A data breach that exposed patients' personal health information (PHI) for almost three months went undetected for six months at a Michigan healthcare group.
13. The Vatican has announced it is collaborating with Microsoft and IBM for promoting the ethical development of artificial intelligence and the regulation of facial recognition.
14. Walgreens, the second-largest pharmacy store in the US, has said that its official mobile app contained a bug that exposed the personal details of some of its users.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.
