The Week in Cyber Security News, July 13 - 19
01.At least 39 different organizations hold personal data of the average UK citizen and is believed to be the reason why a 67% increase in major data breaches have occurred since 2014. Almost a quarter of Brits are unaware of how many organizations hold their personal data.
02.Google Cloud has launched technology that encrypts data while it's being processed and keeps data encrypted in memory, as well as outside the central processing unit (CPU).
03.A data breach targeted against MGM Resorts in February this year, in which it was thought that 10.6 million customers were affected, is much bigger than believed and, reportedly, around 142 million customers could have been affected.
04.SAP has patched a critical vulnerability - CVE-2020-6287, CVSS rating of 10 - that impacts the LM Configuration Wizard component in NetWeaver Application Server (AS) Java platform, and potentially affects more than 40,000 SAP customers
05.After Citrix posted that it is aware of a "threat intelligence report circulated concerning claims made on the dark web by a threat actor alleging compromise of the Citrix network, exfiltration of data, and attempts to escalate privileges to launch a ransomware attack", the company claims it has found no evidence the threat actor compromised its network.
06.A new banking malware is being pushed on Android devices, and it's using source code from the older, now defunct, Xerxes, and an even older variant called LokiBot.
07.British officials have expressed confidence that Russian operatives tried to interfere in the UK's most recent general election by using social media to promote documents that were stolen and leaked from the government.
08.Twitter accounts of the rich and famous, including Elon Musk, Bill Gates, Jeff Bezos, and Joe Biden, have been simultaneously hijacked and used to push cryptocurrency scams, with one wallet address receiving more than $118,000.
09.Russian hackers at the state's FSB spy agency have been caught breaking into Western institutions working on potential vaccines for COVID-19 in hope of stealing research.
10.A new phishing campaign uses a trio of enterprise cloud services, Microsoft Azure, Microsoft Dynamics, and IBM Cloud, as part of an attempt to steal your login credentials.
11.A pair of recent phishing campaigns aim to lift credentials and other personal information under the guise of Amazon package-delivery notices.
12.Internet-connected gadgets will have to come pre-set with a unique password, or require the owner to set one before use, as part of plans for a UK cyber-security law.
13.Europe's highest court has ruled that a transatlantic data transfer deal is invalid because of concerns about US surveillance in a decision that could disrupt thousands of companies that rely on the agreement.
14.US Secretary of State Mike Pompeo, National Security Advisor Robert O'Brien, and Trump's Chief of Staff Mark Meadows have suggested that a TikTok ban is on its way.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.
