The Week in Cyber Security News, August 24 - 30
01.The company behind one of India’s most popular travel booking sites exposed 43GB of customer and corporate data - containing an estimated 37 million records linked to around 700,000 unique users of the site - before it was deleted by the infamous 'Meow' attacker.
02.According to research, low-cost Android smartphones produced by a Chinese manufacturer are riddled with pre-installed malware that enlists oblivious users on subscription services without their knowledge or permission.
03.A popular iOS software development kit (SDK) used by over 1,200 apps - with a total of more than a billion mobile users - is said to contain malicious code with the goal of perpetrating mobile ad-click fraud and capturing sensitive information.
04.It's been revealed that Bridgefy, a messaging app that boasts having more than 1.7 million installations and has been widely used by activists to communicate in large gatherings, including Black Lives Matters protests, has flaws and weaknesses that show that just about every claim of anonymity, privacy, and reliability is outright false.
05.Researchers have shown it's possible to use a smartphone to duplicate an actual key and pick a physical lock, by using a smartphone microphone to work out the shape of a key.
06.The US government has called out North Korea over a government-led hacking campaign that has been focused on stealing cash from ATMs around the world.
07.New Zealand’s stock exchange has closed for a third day due to a distributed denial-of-service (DDoS) attack, the exact nature of which is unknown.
08.Cisco Systems has disclosed eight high-severity bugs impacting a range of its networking gear, including its switches and fiber storage solutions.
09.The US Government is suing North Korean hackers in order to obtain access to 280 virtual currency accounts containing more than $2.7 million.
10.The FBI is warning of online romance scams, with their 2019 Internet Crime Report showing that almost 20,000 complaints were reported in 2019, and the losses associated with those complaints exceeded $475 million.
11.Tesla co-founder and CEO Elon Musk has confirmed reports that the Tesla Gigafactory Nevada was a target of a cyberattack earlier in August, which was subsequently thwarted by the Federal Bureau of Investigation.
12.A hacker who reported a security hole in Starbucks' website has criticised the company's handling of the matter.
13.Google has removed an undisclosed number of Android apps from the Google Play Store that the company says were part of an ad fraud botnet that loaded ads and gained revenue from fake ad impressions.
14.Swiss security researchers have discovered a way to bypass the PIN authentication for Visa contactless transactions, allowing a bug in the communication protocols to let attackers mount a man-in-the-middle attack without entering the PIN code.
Thanks for visiting SecAlerts and reading our weekly cyber security news roundup. We offer a free weekly CVE alert service, or an hourly service from $US20/mth, both of which include software updates and news relating to your software stack. Join more than 1,300 other users and sign up.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.