The Week in Cyber Security News, Apr 20 - 26
01. IT services company, Cognizant, has fallen victim to cyber attack, stating that "a security incident involving our internal systems, and causing service disruptions for some of our clients, is the result of a Maze ransomware attack."
02. Bad actors have stolen more than $25 million worth of digital currency from Uniswap and Lendf.me.
03. A newly discovered unpatchable hardware vulnerability in Xilinx programmable logic products could allow an attacker to break bitstream encryption and clone intellectual property, change the functionality, and even implant hardware Trojans.
04. Researchers have discovered that fan vibrations can be used to transmit data from air-gapped machines.
05. Essential services like health care facilities, small businesses, and non-profit organizations in Canada will be getting free cybersecurity services from the Canadian Internet Registration Authority.
06. A cybersecurity researcher has publicly disclosed technical details and PoC for four unpatched zero-day vulnerabilities affecting an enterprise security software offered by IBM, after the company refused to acknowledge the responsibly submitted disclosure.
07. A range of smart Internet of Things (IoT) hubs commonly found in our homes and offices are harboring severe security flaws dangerous enough to trigger remote code executions, data leaks, and Man-in-the-Middle (MitM) attacks.
08. Attackers have deployed a phishing campaign against remote workers using Skype, luring them with emails of fake notifications from the service.
09. It's been revealed that a zero-day vulnerability in Apple’s Mail application for iOS has been used to target high-profile victims around the world for more than two years.
10. Security researchers have discovered that the database of the exercise app, Kinomap, was "lying around", completely unsecured and unencrypted, potentially leaving the data of 42 million users open to 'whoever'.
11. A new Zoom vulnerability lets hackers record live Zoom meetings and audio conversations, even when a host disables recording functionality for participants.
12. Scammers have been sending out emails that impersonate the US Federal Reserve and lure recipients with financial relief options through the Payment Protection Program.
13. Facebook has filed legal documents that it says shows that Israeli spyware vendor NSO Group ran command and control servers on American cloud providers, which the social network says were used to hack hundreds of WhatsApp users.
14. After first learning of a zero-day vulnerability in its XG enterprise firewall product, cyber-security firm Sophos has published an emergency security update to patch the zero-day, which was being abused in the wild by hackers.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.