Security News

The Week in Cyber Security News, Dec 2 - 8

01. Twitter CEO Jack Dorsey has ditched Google for privacy-focused DuckDuckGo.

02. The Trump administration considered banning Huawei from the US financial system earlier this year as part of a host of policy options to thwart the blacklisted telecoms equipment giant.

03. The Python security team has removed two trojanized Python libraries from PyPI (Python Package Index) that were caught stealing SSH and GPG keys from the projects of infected developers.

04. A new breed of mobile malware that is designed to steal the victim's personal information by spying on calls, texts, and other communications is sneaking into Android devices by disguising itself as a fake messaging app.

05. Google says that 80% of Android applications available for download through the official Play Store are encrypting their respective network traffic using HTTPS.

06. US authorities have filed charges against two Russian nationals alleged to be running a global cyber crime organisation named Evil Corp, which allegedly used malware to steal at least $US100 million in more than 40 countries.

07. A new, destructive strain of malware that shares some similarities with the infamous Shamoon wiper malware has surfaced as part of a recent attack campaign that targeted companies in the energy sector in the Middle East.

08. Eighty percent of Android apps are encrypting their respective network traffic using HTTPS.

09. A security flaw that impacts Linux, Android, macOS, and other Unix-based operating systems has been uncovered. The flaw - CVE-2019-14899 - allows an attacker to sniff, hijack, and tamper with VPN-tunneled connections.

10. Facebook is suing a Hong Kong company that it said baited people into clicking on celebrities' photos and bogus advertising links, so it could install malware and run ads for counterfeit goods, diet pills and male enhancement supplements.

11. A scan of Microsoft user accounts conducted between January and March of this year has revealed that 44 million users are reusing usernames and passwords that were leaked online following security breaches at other online services.

12. A phishing campaign has been discovered that bundles the scam's landing page in the HTML attachment rather than redirecting users to another site that asks them to log in.

13. Government officials and police officers are selling their login credentials to Moscow's network of CCTV and facial recognition cameras.

14. Reddit has said that a leak of official US-UK trade documents that took place on its platform was the work of Russian operatives part of a long-running political influence campaign.

15. At least 20 web hosting providers have notified customers that they plan to shut down, giving their clients two days' notice to download data from their accounts before servers are shut down and wiped clean.

16. Reddit has linked account activity involving the leak of sensitive UK-US trade talks on its platform during the ongoing UK election campaign to a suspected Russian political influence operation.

. . .

If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.

Get weekly security news and vulnerability alerts

Join over 1,000 others receiving a free weekly report with a round-up of vulnerabilities and security news customised to your software stack. See an example email

Example email for SecAlerts

Earlier: