Security News

The Week in Cyber Security News, Dec. 28 - Jan. 03

01. Researchers have discovered a phishing campaign that was being run using Facebook ads and redirecting users to Github where the actual phishing pages resided.

02. Google has patched a bug in its feedback tool incorporated across its services that could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents simply by embedding them in a malicious website.

03. Hackers have gained access to the Finnish Parliament’s IT system in an incident that allowed them to access to some emails belonging to members of Parliament

04. Motorcycle maker Kawasaki has issued a statement saying it suffered a breach earlier this year that may have compromised "information from overseas offices" and saw the attackers use advanced techniques to erase their tracks.

05. A data breach broker is selling the allegedly stolen user records for twenty-six companies on a hacker forum

06. The FBI has warned that stolen email passwords are being used to hijack smart home security systems to "swat" unsuspecting users.

07. The Emotet malware is back after a hiatus of a couple of months and is now using updated payloads the operators implemented to avoid detection.

08. A group of mysterious hackers has carried out a supply chain attack against Vietnamese private companies and government agencies by inserting malware inside an official government software toolkit.

09. Microsoft hackers tied to a massive intrusion of dozens of US government agencies and private companies sneaked further into its systems than previously thought, although the intrusion doesn't appear to have caused any additional harm.

10. A PayPal text message phishing campaign is underway that attempts to steal your account credentials and other sensitive information that can be used for identity theft.

11. More than 100,000 Zyxel firewalls, VPN gateways, and access point controllers contain a hardcoded admin-level backdoor account that can grant attackers root access to devices via either the SSH interface or the web administration panel.

++

Thanks for visiting SecAlerts and reading our weekly cyber security news roundup. We offer a free weekly CVE alert service, or an hourly service from $US17/mth, both of which include software updates and news relating to your software stack. Join more than 1,500 other users and sign up.

. . .

If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.

Get weekly security news and vulnerability alerts

Join over 1,000 others receiving a free weekly report with a round-up of vulnerabilities and security news customised to your software stack. See an example email

Example email for SecAlerts

Earlier: