The Week in Cyber Security News, Nov 18-24
01. It's been revealed that hackers remained undetected in the network of Australia's Parliament House for eight days, after a spear-phishing attack earlier this year.
02. It's been revealed that a stack-based buffer overflow bug can be exploited in the WhatsApp messenger, enabling attackers to achieve remote code execution by sending target users a specially crafted MP4 video file.
03. Google has resolved an XSS vulnerability in Gmail described by the tech giant's own team as "awesome."
04. A malicious spam campaign is informing victims it contains a "critical Windows update", but instead leads to the installation of Cyborg ransomware.
05. Research has shown that there are now four times the number of fake retail sites as there are legitimate retail sites - a number that has more than doubled since 2018.
06. A wave of cyber attacks targeted government systems in Louisiana, including those of the Department of Children and Family Services. According to a statement from the state's governor, "some, but not all state servers" were affected and numerous systems were quickly taken offline in an effort to prevent the spread of infection.
07. Google has announced it is willing to pay bug bounty cash rewards of up to $1.5 million if security researchers find and report bugs in the Android operating system that can also compromise its new Titan M security chip.
08. Payment solutions giant Edenred, which operates an intermediation platform spanning across 46 countries and connecting of 50 million employees and 2 million partner merchants via 830,000 corporate clients, has revealed that a malware incident affected an undisclosed number of its computing systems.
09. The US Army is undertaking a security assessment of China-owned social media platform TikTok after the top Democrat in the US Senate, Chuck Schumer, raised national security concerns over the app's handling of user data.
10. A bipartisan group of 15 US senators has urged the Commerce Department to suspend issuing licenses to US firms that conduct business with China's Huawei.
11. An extensive hacking operation has been uncovered in the country of Kazakhstan. Targets included individuals and organizations, such as government agencies, military personnel, foreign diplomats, researchers, journalists, private companies, the educational sector, religious figures, government dissidents, and foreign diplomats alike.
12. Hackers turn to 'old-school' mail-forwarding scams to commit modern-day ID theft and financial crimes, as it gets harder to bypass business email compromise defenses.
13. The Trickbot banking trojan keeps evolving, after it was discovered that an updated password grabber module could be used to steal OpenSSH private keys and OpenVPN passwords and configuration files.
14. A convicted Nigerian scammer serving a 24-year jail term in Kirikiri Maximum Correctional Center in Lagos has been allegedly running a scam worth one million dollars from within the prison.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.
