The Week in Cyber Security News, Feb. 8 - 14
01. A hacker has remotely gained access to the water treatment plant in the Florida city of Oldsmar and briefly altered the level of chemicals entering the water.
02. It's been revealed that ten Australian agencies, including Commonwealth and state law enforcement, accessed telecommunications metadata “without proper authority” in the 2018-19 financial year.
03. The Barcode Scanner app, with over 10 million installs, has been removed by Google from Play Store after it was reported for malicious activities once users updated it to the latest version.
04. Research has revealed that personal information from US citizens found on the Dark Web — ranging from Social Security numbers, stolen credit card numbers, hacked PayPal accounts, and more — is worth on average just $8.
05. A researcher has broken into the IT systems Apple, Microsoft, Tesla, PayPal, Netflix and more than 30 other corporations by replacing private code packages routinely activated by servers with public code packages.
06. Apple has rolled out a fix for a critical SUDO vulnerability in macOS Big Sur, Catalina, and Mojave that could allow unauthenticated local users to gain root-level privileges on the system, and which has been "hiding in plain sight" for almost 10 years.
07. A cyber-attack on a cryptocurrency exchange last September which led to the theft of hundreds of millions of dollars in digital money has been blamed on North Korean actors.
08. The US Federal Trade Commission reports that romance scams netted a record $304 million in 2020 — an increase of about 50% over the previous year.
09. A psychotherapy practice that covered up a horrific security breach which resulted in patients receiving blackmail threats has declared itself bankrupt, after the cybercrims published batches of sensitive records on the dark web.
10. The Internal Revenue Service (IRS) has warned US tax professionals of identity thieves actively targeting them in a series of phishing attacks attempting to steal Electronic Filing Identification Numbers (EFINs).
11. A well-crafted SMS phishing effort is harvesting personal data and credit-card details under the guise of offering tax refunds. SMS messages are being sent to unsuspecting UK citizens claiming to be from Her Majesty’s Revenue and Customs (HMRC), tell them that they’ve received a refund for “overpayment in year 2019/2020” and are asked to click a link to “proceed.”
12. A 12-year-old critical security vulnerability - which could let attackers carry out sophisticated attacks by enabling malicious escalation of privileges - has been identified in Windows Defender and affects more than one billion devices.
13. Microsoft is rolling out the second phase of its mitigation against the Zerologon vulnerability in its Netlogon Remote Protocol (NRP), and is warning administrators to be ready for an irreversible change that could lock out non-compliant devices from Active Directory.
14. Microsoft has asked the Australian government to stay out of its cyber attack response in the country, citing thst Government intervention would result in 'The Fog of War' and further complicate any attempt to mitigate cyber attack response.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.