The Week in Cyber Security News, Mar 9 - 15
01. A federal judge in New York has declared a mistrial in the case of a former CIA software engineer who was accused of stealing a massive trove of the agency's classified hacking and tools and leaking it to WikiLeaks whistleblower website.
02. The organization that ensures coordination of European electricity markets said that its IT network had been compromised in a "cyber intrusion."
03. The USA's federal agency that oversees funding for states to secure their election equipment is hiring a cybersecurity expert versed in voting technology as it prepares for the 2020 election.
04. Research has discovered a new campaign against the Mongolian public sector, which takes advantage of the current Coronavirus scare, in order to deliver a previously unknown malware implant to the target.
05. Microsoft has announced that it successfully disrupted the botnet network of the Necurs malware, which has infected more than 9 million computers globally, and also hijacked the majority of its infrastructure.
06. Civil liberties, privacy, and digital rights organizations are lining up against the passing of the EARN IT Act, which is widely seen as a thinly veiled attempt to limit the use of end-to-end encrypted services.
07. Despite a previous warning by a researcher who exposed a vulnerability in the 911 system due to distributed denial of service attacks, the next generation of 911 systems that now accommodate text, images and video still have the same or more severe issues.
08. The number of vulnerabilities reported in open source projects surged almost 50% in 2019, which researchers attribute to an increased awareness of open source security.
09. Whisper, the secret-sharing app that called itself the "safest place on the Internet", left years of users' most intimate confessions - nearly 900 million user records - exposed on the Web tied to their age, location and other details.
10. Computer systems at the University Hospital Brno, which hosts one of the 18 laboratories the Czech Republic used to test for COVID-19, have been shut down due to a cyberattack.
11. Researchers at the Michigan State University College of Engineering have discovered a new way for hackers to inexpensively target personal devices and put Apple's Siri and Google Assistant to work against smartphone owners.
12. Two vulnerabilities – including a high-severity flaw which potentially could open up more than 100,000 websites to takeover – have been patched in a popular WordPress plugin called Popup Builder.
13. A browser vendor has leaked user data after it accidentally left an Elasticsearch server exposed on the internet without a password.
14. Security vendor Avast has urgently disabled a component in its antivirus product that researchers said could have put over 400 million users at risk of arbitrary code execution remotely.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.
