The Week in Cyber Security News, Dec. 7 - 13
01. Flight Centre has confirmed that a significant data breach that occurred in 2017 was the result of sensitive information, including credit card numbers and passport details, being left in a database given to hackathon participants.
02. A new report on the cybersecurity of the education sector has found that nearly half of the schools in the United States did not implement new training or tools to protect staff and students during the pandemic.
03. Some widely sold D-Link VPN router models have been found vulnerable to three new high-risk security vulnerabilities, leaving millions of home and business networks open to cyberattacks, even if they are secured with a strong password.
04. Microsoft issued its final batch of security updates for Windows PCs in 2020, ending the year with a relatively light patch load of 58 security vulnerabilities, nine of which were rated "critical".
05. Microsoft has been accused of downplaying the impact of a set of remotely exploitable vulnerabilities in its Teams communications app, which a researcher said could open up organisations' internal networks and leak information without user interaction.
06. Global losses from cybercrime now total over US$1 trillion, which equates to more than one percent of global GDP, according to a new report.
07. Brave Software is introducing a news reader that’s designed to protect user privacy by preventing parties — both internal and third party — from tracking the sites, articles, and story topics people view.
08. US cybersecurity firm FireEye has said that foreign government hackers with "world-class capabilities" broke into its network and stole offensive tools it uses to probe the defenses of its thousands of customers, including federal, state and local governments and major global corporations.
09. After armed police raided the home of a COVID-19 whistleblower, it was revealed a password was publicly posted on Florida Department of Health’s website ... and the same username and password was shared with all employees (and the entire internet).
10. Researchers have revealed new details about a ransomware strain, called MountLocker, that hackers are peddling as a ransomware service for hire, and which has been updated several times in an effort to bypass detection.
11. Subway patrons in the UK have received suspicious emails, which infosec researchers fear is linked to the theft of customer details and a Trickbot malware campaign.
12. A persistent malware campaign called Adrozek has been using an evolved browser modifier to deliver fraudulent ads to search-engine pages.
13. Hackers are resetting passwords for admin accounts on WordPress sites using a zero-day vulnerability in a popular WordPress plugin installed on more than 500,000 sites.
14. Intel-owned AI processor developer Habana Labs, which makes AI processors that accelerate artificial intelligence workloads in the datacenter, has suffered a cyberattack where data was stolen and leaked by threat actors.
Thanks for visiting SecAlerts and reading our weekly cyber security news roundup. We offer a free weekly CVE alert service, or an hourly service from $US17/mth, both of which include software updates and news relating to your software stack. Join more than 1,500 other users and sign up.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.