The Week in Cyber Security News, Oct. 12 - 18
01. Three terabytes of recorded clips from exposed home security cameras have been uploaded online and also sold as 'lifetime access' for US$150.
02. Cybercriminals have put their own spin on passing time during COVID, with online rap battles, poker tournaments, poem contests, and In-person sport tournaments where the prize for winning is stolen data and tools to make cybercrime easier.
03. Research has shown that organizations "are never the same after being hit by ransomware" and 35% of victims report that recruiting and retaining skilled IT security professionals was their single biggest challenge when it comes to cybersecurity.
04. The financially-motivated cybercriminal group, FIN11, which is known for its malware distribution campaigns, has evolved its tactics to focus on ransomware and extortion.
05. A popular smartwatch designed exclusively for children contains an undocumented backdoor that makes it possible for someone to remotely capture camera snapshots, wiretap voice calls, and track locations in real time.
06. Zoom says it will preview its end-to-end encryption feature for all users, free and paid, as the first phase of its plan to fully roll out the security technology.
07. American bookselling giant Barnes & Noble is contacting customers via email, warning them that its network was breached by hackers, and that sensitive information about shoppers may have been accessed.
08. Iran's cybersecurity authority has acknowledged cyberattacks on two governmental departments, calling the attacks "important" and saying some other departments temporarily took down their online services as a precaution against further attacks.
09. Google has offered new details on tactics used by alleged Chinese government-linked hackers who previously targeted Democratic presidential nominee Joe Biden’s campaign, while warning that multiple state-linked hacking groups continue to show an interest in the US election.
10. It's been revealed that a critical vulnerability in a SonicWall enterprise VPN firewall can be exploited to crash the device or remotely execute code on it.
11. Bad actors are selling access to three million Dickey's Barbecue Pit customer credit cards on the dark web marketplace known as Joker’s Stash.
12. Google has revealed a previously undisclosed DDoS attack that targeted Google service in September 2017 and clocked at 2.54 Tbps, making it the largest DDoS attack recorded to date.
13. Venture capitalists have invested in a startup providing authentication technology that removes the need for passwords, instead allowing employees to log into company systems with passwordless multi-factor authentication.
14. The Emotet botnet has begun using a new malicious attachment that pretends to be a message from Windows Update telling you to upgrade Microsoft Word.
++
Thanks for visiting SecAlerts and reading our weekly cyber security news roundup. We offer a free weekly CVE alert service, or an hourly service from $US20/mth, both of which include software updates and news relating to your software stack. Join more than 1,300 other users and sign up.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.
