Security News

The Week in Cyber Security News, August 17 - 23

01.A security flaw in the way Microsoft Windows guards users against malicious files was actively exploited in malware attacks for two years, before Microsoft issued a software update to correct the problem.

02.The top 5 results from a study exploring the possible range and risk of attacks from military robots and autonomous attack drones, to AI-assisted stalking.

03.Some Huawei phones are set to stop receiving software updates after a US reprieve, which allowed some trade with Huawei, lapsed.

04.Jenkins, a popular open-source automation server software, has published an advisory concerning a critical vulnerability in the Jetty web server that could result in memory corruption and cause confidential information to be disclosed.

05.Australia's Government has proposed the possibility of taking control of critical infrastructure entities affected by cyber threats of national importance.

06.An extremely sophisticated and unique new peer-to-peer (P2P) botnet, which is fileless and more aggressive in its brute-force attempts, has been breaching servers around the world since January this year.

07.A California based company has launched a 'face-pay' service that allows its customers to take a selfie, upload it via the company app and use it as a form of payment ID.

08.The FBI and DHS’ cybersecurity agency has exposed malware used by North Korean government hackers to target defense contractors with fake job postings from other defense contracting entities to lure them to click through and install the data-gathering implant on their systems.

09.Credit reference agency Experian has suffered what it somewhat understatedly described as a data breach after the firm transferred the details of 24 million customers to one individual in what it said was a "fraudulent data enquiry".

10.Uber’s former chief security officer, who allegedly paid off hackers to keep a massive data breach secret, has been charged with obstruction of justice and misprision of a felony, and faces up to eight years behind bars.

11.The US Financial Industry Regulatory Authority (FINRA) has issued a new regulatory notice warning its members of threat actors using registered brokers' info to create phishing websites.

12.A new ransomware - DarkSide - has been using it's highly targeted attacks to earn its makers big bucks, with at least one victim paying the US$1 million demanded.

13.TikTok has confirmed it will launch a lawsuit against the US government with regards to the Chinese app maker's ban.

14.The Australian Securities and Investments Commission (ASIC) has taken a company to court for cyber security failings that led to its systems being hacked for months on end, and on multiple occasions.

++

Thanks for visiting SecAlerts and reading our weekly cyber security news roundup. We offer a free weekly CVE alert service, or an hourly service from $US20/mth, both of which include software updates and news relating to your software stack. Join more than 1,300 other users and sign up.

. . .

If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.

Get weekly security news and vulnerability alerts

Join over 1,000 others receiving a free weekly report with a round-up of vulnerabilities and security news customised to your software stack. See an example email

Example email for SecAlerts

Earlier: