The Week in Cyber Security News, Dec. 21 - 27
01. Microsoft has revealed that a second hacking group, different from the suspected Russian team now associated with the major SolarWinds data breach, also targeted the company's products earlier this year.
02. Researchers at the International Monetary Fund have hinted at the possibility of using a user’s browsing history, including search and purchasing data, for more accurately determining the person or business’ credit rating.
03. Lawmakers in the UK are looking to take on powerful bot organizations openly scalping gaming consoles by proposing potential legislation that would both ban the resale of goods acquired using bots and ban the resale of tech products above the manufacturers' price.
04. Security firm Cellebrite has claimed that it can decrypt messages from Signal's highly secure chat and voice-call app, boasting that it could disrupt communications from "gang members, drug dealers and even protesters".
05. The European Court of Human Rights has fallen victim to a cyber-attack after publishing a ruling regarding the fate of an incarcerated Turkish political leader.
06. The US Cybersecurity Infrastructure and Security Agency has warned of critical vulnerabilities in a low-level TCP/IP software library developed by Treck that, if weaponized, could allow remote attackers to run arbitrary commands and mount denial-of-service attacks.
07. The FBI, working with law enforcement agencies across Europe, have seized three web domains and the server infrastructure used by a VPN service to allegedly help cybercriminals compromise networks around the world, and evade detect by police.
08. The FBI must be more transparent about its ability to break into people’s mobile devices, the American Civil Liberties Union says, and the group is suing for information about what the feds have in their toolkit.
09. Researchers have unveiled two critical security vulnerabilities - both with a CVSS score of 10 out of 10 - in Dell Wyse Thin clients that could have potentially allowed attackers to remotely execute malicious code and access arbitrary files on affected devices.
10. A high-severity Windows zero-day (CVE-2020-0986) that could lead to complete desktop takeover remains dangerous after a "fix" from Microsoft failed to adequately patch it.
11. Network tools specialist SolarWinds has updated its flagship Orion software, 11 days after revealing a major breach.
12. Hackers have stolen the data of a large cosmetic surgery chain and are threatening to publish patients' before and after photos, among other details.
13. Japanese game developer Koei Tecmo has disclosed a data breach and taken their European and American websites offline after stolen data was posted to a hacker forum.
14. Russian cryptocurrency exchange Livecoin has posted a message on its official website claiming it was hacked and lost control of some of its servers, warning customers to stop using its services.
Thanks for visiting SecAlerts and reading our weekly cyber security news roundup. We offer a free weekly CVE alert service, or an hourly service from $US17/mth, both of which include software updates and news relating to your software stack. Join more than 1,500 other users and sign up.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.