The Week in Cyber Security News, Jan 27 - Feb 2
01. A proposed law introduced in Maryland's state senate would criminalize the possession of ransomware and other criminal activities with a computer. But while it makes an attempt to protect actual researchers from prosecution, the language of the bill doesn't exactly do much to protect the general public from ransomware or make it easier for researchers to prevent attacks.
02. A Portuguese hacker is claiming responsibility for leaking confidential documents implicating the billionaire daughter of a former prominent African leader in alleged murky international business deals.
03. Cybersecurity researchers have disclosed details of two recently patched potentially dangerous vulnerabilities in Microsoft Azure services that, if exploited, could have allowed hackers to target businesses that run their web and mobile apps on Azure.
04. An INTERPOL-coordinated cyber operation against a strain of malware targeting e-commerce websites has identified hundreds of compromised websites and led to the arrest of three individuals running the malicious campaign in Indonesia.
05. An employee at a New York City medical center was tricked into giving out patient information by a threat actor purporting to be one of the facility's executives.
06. Two New York state senators have proposed bills that prevent municipalities and government agencies using taxpayer dollars to pay ransomware demands.
07. A remote code execution (RCE) exploit for Windows Remote Desktop Gateway (RD Gateway) has been demoed, after a proof-of-concept denial of service exploit was released for the same pair of flaws.
08. A Saudi hacker group - going by the name of OurMine - has mass-defaced the social media accounts of the NFL and 15 of its teams.
09. Indian enforcement agencies should be able to break end-to-end encryption to hunt down distributors of child pornography online, a parliamentary panel has urged.
10. The United Nations has said that its offices in Geneva and Vienna were targeted by an "apparently well-resourced" cyber attack in the middle of 2019 that exposed lists of user accounts, but that the damage had been contained.
11. Hackers put 30 million stolen payment card details from the Wawa breach up for sale.
12. A US government technology contractor, counts the Department of Defense, Department of Justice and Department of Homeland Security among its clients, has become the latest major target taken down by the Ryuk ransomware.
13. Phishing campaigns are using the coronavirus outbreak as bait in attacks targeting individuals from the United States and the United Kingdom, impersonating the US CDC and virologists, warning of new infection cases in their area, and providing 'safety measures.'
14. A special page in the Firefox browser allows users to see what telemetry data Mozilla is collecting from their browser.
15. A sophisticated browser locker campaign that ran on high-profile pages, like Microsoft Edge's home or popular tech sites, has been deactivated.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.
