The Week in Cyber Security News, June 29 - July 5
01. The Indian government has has banned 59 Chinese mobile applications on the grounds of national security, after it was claimed that the apps have been used to collect data on Indian users, which has been sent back to servers in China.
02. The University of California San Francisco (UCSF), which is working on a cure for Covid-19, has admitted it paid hackers a $1.14m ransom to free its encrypted data.
03. The REvil ransomware gang has added an auction feature to its underground website that allows anonymous bidding on information stolen in its targeted ransomware campaigns.
04. Maze ransomware operators have updated their list of victims to include Xerox Corporation, after screenshots show that computers on at least one Xerox domain have been encrypted.
05.Microsoft confirms a pair of vulnerabilities, with no known workarounds or mitigations, which leave both Windows 10 Server and Windows 10 client versions vulnerable.
06. Researchers have uncovered a rare, brand-new strain of Mac ransomware known as EvilQuest, which, among other things, poses as an installer for the network monitoring tool Little Snitch, pretends to be music-making suite Ableton Live and tuning software Mixed in Key, and has even been noted masquerading as a Google software update.
07.It's been revealed that the lengthy amount of time criminal hackers sit undetected on the networks of businesses gives them powerful leverage when it comes to extort their victims, as it allows ransomware gangs to size up their victims and funnel out data before ransom negotiations even begin.
08.Security experts report that they have identified eight cities in the USA where online payment portals have been compromised to host Magecart-style credit card skimming code.
09.European and British law enforcement agencies recently arrested hundreds of alleged drug dealers and other criminals after infiltrating into a global network of an encrypted chatting app that was used to plot drug deals, money laundering, extortions, and even murders.
10.Researchers have discovered a gaping hole in popular remote access system Apache Guacamole that puts thousands of companies with remote employees at risk.
11.It's been revealed that Linkedin has been copying clipboard content from iOS devices with every single keystroke ... until iOS 14 exposed it.
12.A new ransomware known as Try2Cry is trying to worm its way onto other Windows computers by infecting USB flash drives and using Windows shortcuts (LNK files) posing as the targets' files to lure them into infecting themselves.
13.Europol has announced that the encrypted phone network, Encrochat, was widely used by criminals to plan "serious crimes across Europe", and that more than 800 people have been arrested.
14.F5 BIG-IP networking devices have been targeted by hackers, who are attempting to steal administrator passwords from the hacked devices.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.
