The Week in Cyber Security News, May 18 - 24
01. Australia's My Health Record system has been the subject of an attempted hack, with the Australian Digital Health Agency revealing a "potential compromise to external IT infrastructure supporting the wider My Health Record system".
02. ProLock ransomware is using QakBot (banking trojan) infections to access networks, gain persistence and avoid detection.
03. More than 192 million records have been leaked when a server belonging to Brazilian cosmetic giant Natura was exposed to the public for two weeks.
04. A new program in Dallas, Texas, will train 25 veterans and military spouses "from underserved communities" for careers in cybersecurity.
05. Academics have disclosed a security vulnerability in Bluetooth that could potentially allow an attacker to spoof a remotely paired device, exposing over a billion of modern devices to hackers.
06. Taiwanese authorities have suggested that Chinese hackers were behind a ransomware attack against Taiwan’s state oil company, an aggressive assault on one of the island nation's strategic assets.
07. Low cost airline easyJet has been hacked and the email address and travel details of approximately nine million customers were accessed, as well as the credit card details of 2,208 customers.
08. Congress has been urged to introduce a measure that would require the FBI to get a warrant before its agents can review Americans’ internet browsing and search histories – just days after an amendment to do that fell by one vote in the Senate.
09. After allegedly selling information about US President Donald Trump on the dark web, REvil hackers are now demanding $7.5 million ransom from targeted food distributors.
10. Chrome 83 has been launched, with security features including upgraded support for DNS-over-HTTPS (DoH), which makes it much harder for third parties to see which web domains someone is visiting.
11. A hacker has leaked 40 million Wishbone user records which contain a treasure trove of information that could be used to perform phishing campaigns, account takeovers, and credential stuffing attacks.
12. A descendant of the infamous Zeus banking trojan, dubbed Silent Night, has emerged with a price tag that can run as much as $4,000 per month to use.
13. Israeli security company NSO Group impersonated Facebook as part of a ploy to get users to install its phone-hacking software.
14. A team of hackers, security researchers, and reverse engineers have released a new jailbreak package for iOS devices, which can root and unlock all iOS devices, even those running the most recent iOS release.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.
