The Week in Cyber Security News, Nov. 16 - 22
01. A vulnerability in the Bumble dating app exposed the data of almost all of the network’s users - about 100 million people - and included their Facebook information, location, height, weight, political positions, educational qualifications, and astrological signs.
02. IBM has uncovered three vulnerabilities in Cisco Webex that could allow malicious actors to become a 'ghost' and join a meeting without being detected.
03. Apple was forced to issue a statement on its data collection policies after the release last week of Big Sur led to complaints of slow systems, which morphed into a larger debate about privacy on Macs and iPhones.
04. US cold storage firm Americold has been hit by what appears to be a ransomware attack affecting business operations. The 117-year-old firm operates temperature-controlled warehouses and transportation to support the cold chains needed to supply, for example, vaccines like the one being developed by Pfizer and BioNTech for COVID-19.
05. Cryptocurrency exchange Liquid has revealed that it has been hacked, after a malicious attacker managed to seize control of its DNS records, seized control of some internal email accounts, and gained access to the firm’s document storage infrastructure.
06. An increasing number of websites which ask visitors to approve "notifications" are installing notification scripts from other companies and selling that communications pathway to scammers.
07. GO SMS Pro, a popular messaging app for Android with over 100 million installs, has been found to have an unpatched security flaw that publicly exposes media transferred between users, including private voice messages, photos, and videos.
08. Researchers have uncovered a massive hacking campaign, most likely from a well-known group funded by the Chinese government, that’s using sophisticated tools and techniques to compromise the networks of companies around the world.
09. A China-based e-commerce scam appears to be harvesting payment information not through direct hacks on companies or using pernicious malware to skim data, but by setting up hundreds of websites that appear to sell legitimate goods, but instead capture card numbers for sale on the dark web.
10. IBM Power9 processors are potentially vulnerable to abuse of their speculative execution capability, possibly allowing a local user to access privileged information.
11. Cyber criminals have attacked Manchester United Football Club's systems, but club said it was confident "critical systems" required for matches to be staged at Old Trafford are secure.
12. A Google Zero security researcher has discovered a Facebook Messenger bug that allowed attackers to initiate a call and begin listening as soon as it started ringing, prompting Facebook to award one of the largest bounties ever.
13. A Dutch journalist has gatecrashed a confidential video conference of EU defence ministers, after the Dutch defence minister accidentally posted some of the login details on Twitter.
14. The team behind the Drupal content management system, which is currently the fourth most used CMS on the internet, has released security updates to patch a critical vulnerability that is easy to exploit and can grant attackers full control over vulnerable sites.
++
Thanks for visiting SecAlerts and reading our weekly cyber security news roundup. We offer a free weekly CVE alert service, or an hourly service from $US20/mth, both of which include software updates and news relating to your software stack. Join more than 1,500 other users and sign up.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.
