The Week in Cyber Security News, Feb 3 - Feb 9
01. Research has shown that hackers can obtain data from a computer by simply changing the brightness of its screen.
02. Google Chrome and YouTube will block intrusive video ads, as of August 5, 2020.03. Close to half a million NHS computers are still running Windows 7, which reached its End of Life in January this year.
04. Twitter will start labeling, and in some cases removing, doctored or manipulated media - including deepfake videos that have been edited using artificial intelligence - that users share on the platform, beginning in March this year.
05. Microsoft has said that it detects an average of 77,000 active web shells, spreading across 46,000 infected servers, on a daily base.
06. Security researchers have identified a JavaScript vulnerability in the WhatsApp desktop platform that could allow cybercriminals to spread malware, phishing or ransomware campaigns through notification messages that appear completely normal to unsuspecting users.
07. A ransomware gang is installing vulnerable GIGABYTE drivers on computers it wants to infect, allowing hackers to disable security products so their ransomware strain can encrypt files without being detected or stopped.
08. Several Cisco-manufactured network equipments have been found vulnerable to five new security vulnerabilities that could allow hackers to take complete control over them, and subsequently, over the enterprise networks they power.
09. An ongoing campaign from an unidentified threat actor has been deploying seven different kinds of malware — including ransomware — at once against an estimated 500,000 targets to steal as much money as possible.
10. A trio of Australians has been charged with identity theft that netted US$7.41 million, after they hacked into businesses and modified their payrolls, pension payments and credit card details.
11. Facebook's official accounts on Twitter and Instagram were temporarily taken over and defaced by the hackers known as OurMine, the same group who defaced Twitter, Instagram, and Facebook accounts for the NFL, 15 NFL teams, and sports TV station ESPN.
12. A recently spotted Emotet Trojan sample features a Wi-Fi worm module that allows the malware to spread to new victims connected to nearby insecure wireless networks. This Emotet strain uses wlanAPI.dll calls to discover wireless networks around an already infected Wi-Fi-enabled computer and attempting to brute-force its way in if they are password protected.
13. Security researchers have discovered a phishing campaign that specifically targets users of Android devices, which could result in compromise if unsigned Android applications are permitted on the device.
14. A faction of the Magecart threat group, Magecart group 12, has been linked to a recent digital card skimmer attack bent on stealing payment data from a slew of websites, including ones selling anything from Olympic tickets to emergency preparation kits.
15. The FBI has uncovered around 1,000 investigations since 2018 involving China's attempted theft of US-based technology in all 56 of its field offices, and spanning just about every industry and sector.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.
