The Week in Cyber Security News, Mar 23 - 29
01. Microsoft has issued a new security advisory warning billions of Windows users of two new critical, unpatched zero-day vulnerabilities that could let hackers remotely take complete control over targeted computers.
02. Tech giant General Electric has disclosed that personally identifiable information of current and former employees, as well as beneficiaries, was exposed in a security incident experienced by one of GE's service providers.
03. Hours after claiming the Australian Government's myGov website suffered a "significant distributed-denial-of-service attack", Services Minister Stuart Robert said there was no attack and the site was overloaded after tens of thousands of people logged on in response to the coronavirus.
04. More than 50 Android apps on the Google Play Store — most of which were designed for kids and had racked up almost 1 million downloads between them — have been caught using a new trick to secretly click on ads without the knowledge of smartphone users.
05. It's been revealed that, earlier this year, state-backed Chinese hackers embarked on one of the most sweeping espionage campaigns seen in years, targeting organizations ranging in nearly every economic sector: telecommunications, healthcare, government, defense, finance, petrochemical, manufacturing, and transportation.
06. The TrickBot gang is using a malicious Android application they developed to bypass two-factor authentication protection used by various banks, after stealing transaction authentication numbers.
07. One of the most popular Dark Web hosting services has had all databases associated with hosting Dark Web sites deleted ... at least for the foreseeable future.
08. Research shows that attackers have begun changing Domain Name System (DNS) settings in Linksys routers, pointing users to what they believe is a legitimate coronavirus website. However, once a user clicks through, a fake coronavirus-related app may be downloaded containing malware that can perform a host of nefarious activities.
09. Ten ways cyber criminals and hackers are using automation to help conduct malicious campaigns, making it easier for them to scale up their operations ...
10. The Tor Project has released Tor Browser 9.0.7, with a permanent fix for a bug that allowed JavaScript code to run on the safest security level in some situations while using the previous Tor Browser version.
11. Android apps are snooping on other software on your device – and that could tell shady advertising companies more about you than you’d like.
12. Scammers continue to piggyback on the COVID-19 scare with new tricks, this time targeting US Army service members with phone calls requesting their personal information and promising a testing kit to check if they’re infected.
13. Since at least early December 2019, a mysterious hacker group has been taking over DrayTek enterprise routers to eavesdrop on FTP and email traffic inside corporate networks.
14. Federal investigators in Russia have charged at least 25 people, including a major carding kingpin, accused of operating an international credit card theft ring.
15. The source code of the ransomware strain, Dharma, has been put up for sale on two Russian hacker forums. The FBI ranked Dharma the second most lucrative ransomware of recent years, with more than $24 million extorted from victims.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.
