The Week in Cyber Security News, Jan 13 - 19
01. Equifax has agreed to pay US$380.5 million to resolve allegations related to the 2017 data breach in which hackers stole information belonging to some 147 million Americans.
02. Cyber-security experts are urging Windows 7 users to upgrade their operating system, after support for it ended on January 14, 2020.
03. A delegation of US officials arrived in the UK on January 13 to try to persuade Britain not to use Huawei equipment in the upgrade of its telecoms network.
04. India will soon have a means for individuals to own their data. No financial information of the customer shall be retrieved, shared, or transferred by the Account Aggregator without the explicit consent of the customer.
05. A security team has taken down today a malicious package that was caught stealing sensitive information from UNIX systems. The malicious package was uploaded on a repository on December 30, 2019, and was downloaded at least 32 times.
06. The National Security Agency has uncovered a severe vulnerability in Microsoft's Windows 10 and Windows Server 2016/2019.
07. Serious vulnerabilities have recently come to light in three WordPress plugins that have been installed on a combined 400,000 websites. InfiniteWP, WP Time Capsule, and WP Database Reset are all affected.
08. Russian military hackers have successfully infiltrated the Ukrainian gas company at the heart of the impeachment drama surrounding President Donald Trump, former Vice President Joe Biden and his family.
09. Oracle has issued security patches for 334 vulnerabilities in multiple products, with many flaws being remotely exploitable with no user credentials. Two bugs rated the most serious - a 9.9 Common Vulnerabilities Scoring System (CVSS) 3.0 index each.
10. Greece’s biggest four banks will cancel and replace as many as 15,000 debit and credit cards after details of users were infiltrated on a Greek online tourist services portal they wouldn’t identify.
11. In an effort to satisfy increased privacy demands from its users, Google plans to - within two years - restrict advertising software companies and other organizations from connecting their browser cookies to websites they do not operate.
12. Arrests have been made in relation to WeLeakInfo, a site claiming to offer 12 billion usernames and passwords from over 10,000 data breaches for sale.
13. Citrix has released permanent fixes for the actively exploited CVE-2019-19781 vulnerability impacting Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP appliances, allowing unauthenticated attackers to perform arbitrary code execution. Link to fix can be found here.
14. The Blackvue dashcam, which allows users to broadcast their camera feeds and drives, is allowing anyone to scrape and store the real-time location of drivers across the world.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.
