The Week in Cyber Security News, Jan 20 - 26
01. It's been revealed that Apple dropped plans to let iPhone users fully encrypt backups of their devices in the company’s iCloud service, after the FBI complained that the move would harm investigations.
02. Brazilian prosecutors have charged journalist Glenn Greenwald with violating cybercrime laws, claiming he was part of a “criminal organization” that hacked public officials’ phones — an accusation apparently linked to Greenwald’s extensive reporting on Brazilian politics.
03. The operators of the sLoad malware, which was exposed in Dec 2019 by Microsoft, have put into circulation a revamped 2.0 version .
04. New versions of the FTCODE ransomware, a PowerShell-based ransomware that targets Italian-language users, can now sniff out saved credentials for Internet Explorer, Mozilla Firefox, Mozilla Thunderbird, Google Chrome and Microsoft Outlook.
05. A Georgia man who co-founded a service designed to protect companies from crippling distributed denial-of-service (DDoS) attacks has pleaded guilty to paying a DDoS-for-hire service to launch attacks against others.
06. A new Citibank phishing scam is underway that utilizes a convincing domain name, TLS certs, and even requests OTP codes that could easily cause people to believe they are submitting their personal information on a legitimate page.
07. It's been revealed that Jeff Bezos had his mobile phone 'hacked' in 2018 after receiving a WhatsApp message that had apparently been sent from the personal account of the crown prince of Saudi Arabia.
08. Mozilla's add-on review team has banned 197 Firefox add-ons that were caught executing malicious code, stealing user data, or using obfuscation to hide their source code.
09. The UK Government's Reviewer of Terrorism Laws has declared that safeguards protecting Britons from police workers demanding passwords for their devices must be watered down.
10. Microsoft has announced a data breach of one of its customer databases, housing 250 million records containing logs of conversations between Microsoft support agents and customers from all over the world over a 14-year period.
11. Researchers have run a simulated factory network for seven months, during which time different attackers used the mock network to mine cryptocurrency and infect it with two strains of a ransomware.
12. Microsoft's temporary fix for a recently disclosed Internet Explorer zero-day vulnerability is causing numerous problems in Windows, including breaking printing for some users.
13. Six vulnerabilities, which could allow an attacker to make changes at the software level of a device, have been discovered in a range of GE Healthcare devices popular in hospitals.
14. Google researchers have found multiple security flaws in Apple's Safari web browser that allowed the tracking of users' browsing behaviour.
15. The Google security team has indefinitely suspended the publishing or updating of any commercial Chrome extensions on the official Chrome Web Store following a spike in the number of paid extensions engaging in fraudulent transactions.
16. Cisco Systems has fixed a high-severity vulnerability in its Webex video conferencing platform, which could let strangers barge in on password-protected meetings – no authentication necessary. All an attacker would need is the meeting ID and a Webex mobile application for either iOS or Android.
17. Many people think that malware only targets Windows and that Macs are safe, but a new report shows how a single Apple malware called Shlayer has attacked over 10% of all Apple computers monitored by an antivirus company.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.
