The Week in Cyber Security News, Mar 16 - 22
01. The election symbol of the US Democratic Party has been changed to a rat within the Google search knowledge panel that shows when searching for the party's name.
02. Slack has fixed a bug that allowed attackers to hijack user accounts and possibly allow them to pilfer users' cookies, giving them full account access.
03. A group of scammers using a pervasive hacking technique have spent weeks lurking on the website where NutriBullet customers entered their payment data.
04. Adobe has released a batch of out-of-band software updates for six of its products to patch a total of 41 new security vulnerabilities, 29 of which are rated critical.
05. The increasingly destructive capabilities of ransomware attacks could provide nation-state hacking operations with a means of attacking infrastructure – and the ability to plausibly deny any sort of involvement in campaigns.
06. The United States Health and Human Services Department's web site was hit with a DDoS cyber attack to take it offline in the middle of the Coronavirus outbreak.
07. The Maze Team ransomware gang, infamous for shutting down hospitals and clinics with ransomware, has said it will stop attacking the healthcare sector – at least until the Coronavirus crisis is under control.
08. YouTube, Facebook and Twitter have warned that more videos and other content could be erroneously removed for policy violations, as the companies empty offices and rely on automated takedown software during the coronavirus pandemic.
09. Cybercriminals are threatening potential victims by saying they will spam their friends and family with x-rated photos of them obtained via malware, as well as threatening to infect their family with coronavirus ... unless they pay $4000.
10. The Russian hacking crew known variously as APT28, Fancy Bear and Pawn Storm has been targeting defence companies with Middle Eastern outposts, using the email accounts of targets they had already hacked to fire phishing emails at further targets.
11. A US senator has urged caution in the government's efforts to partner with big tech companies to potentially use smartphone location data as part of "modeling efforts" to track the coronavirus as it spreads in the United States.
12. PwndLocker has rebranded as the ProLock Ransomware after fixing a crypto bug that allowed a free decryptor to be created.
13. Fintech giant, Finastra, has disclosed a security breach which the company described as "potentially anomalous activity" on its systems, resulting in several of its servers being taken offline.
14. Windows 10 users have been reporting that Windows Defender scans are skipping files due to a configured exclusion or network scanning setting.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.
