The Week in Cyber Security News, Jan 6 - 12
01. Around half the websites using WebAssembly, a low-level bytecode language that was created after a joint collaboration between all major browser vendors, use it for malicious purposes.
02. The Federal Depository Library Program website has been defaced by hackers who posted images of a bloodied President Donald Trump being punched in the face, and pro-Iran messages.
03. Scammers have taken an old browser scam and invigorated it using a clever and new tactic that takes advantage of a web browser's full-screen mode to show a fake Windows 10 desktop stating your computer is locked.
04. The Federal Trade Commission has agreed to a settlement with a Utah-based tech company that was hacked and had the personal information of more than a million clients stolen following a series of more than 20 undetected network intrusions.
05. Facebook is banning deepfake videos, which stem from a technique of human-image synthesis based on artificial intelligence (AI) to create fake content.
06. The Trump administration is proposing new rules to guide future federal regulation of artificial intelligence used in medicine, transportation and other industries.
07. Project Zero, Google's team of elite security researchers, has announced that, unless a prior agreement exists, all vulnerabilities will be publicly disclosed after 90 days.
08. To patch or not to patch? Security leaders sometimes have to make the tough choice of forgoing a patch because it might void the manufacturer warranty on the product if applied.
09. A member of Project Zero has laid out how, armed with only a target’s Apple ID, he could remotely compromise an iPhone within minutes to steal passwords, text messages and emails, and activate the camera and microphone.
10. The UK's Competition and Markets Authority has announced that Facebook and eBay have pledged to fight the trade in fake/misleading reviews, with Facebook giving 188 groups and 24 user accounts the boot, while eBay has banned 140 users.
11. Roughly 1,700 applications infected with the Joker Android malware (also known as Bread) have been detected and removed from the Google Play Store since the company started tracking it in early 2017.
12. A vulnerability in Broadcom's cable modem firmware has left as many as 200 million home broadband gateways in Europe, and potentially more worldwide, at risk of remote hijackings.
13. Smart doorbell company Ring has said it fired four employees over the past four years for inappropriately accessing customer video footage.
14. Phones provided to low-income families as part of a federal program are allegedly coming with malware already installed. Not only that, the infected software reportedly can't be removed from the devices without some consequences.
15. Organisations with Citrix Application Delivery Controller (Netscaler) installations are under renewed pressure to mitigate against a critical vulnerability after exploits for it were published, with patches still not available.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.
