The Week in Cyber Security News, Jan. 11 - 17
01. Ethical hacking and cybersecurity researchers have disclosed findings of a vulnerability that allowed them to access the private data of more than 100,000 United Nations Environment Program (UNEP) employees.
02. The High Court in London has ruled against intelligence agencies’ use of bulk hacking for domestic targets.
03. Cybersecurity researchers have exposed the operations of an Android malware vendor who teamed up with a second threat actor to market and sell a remote access Trojan capable of device takeover and exfiltration of photos, locations, contacts, and messages from popular apps such as Facebook, Instagram, WhatsApp, Skype, Telegram, Kik, Line, and Google Messages.
04. In the wake of a hacker scraping 99% (80TB) of posts from social media website Parler, it's been revealed the process was made easier by the site's extremely poor coding and security.
05. Google researchers have detailed a sophisticated hacking operation that exploited four zero-days in Chrome and Windows to install malware on Android and Windows devices.
06. A German-led police sting has taken down the "world's largest" darknet marketplace, whose Australian alleged operator used it to facilitate the sale of drugs, stolen credit card data and malware.
07. The US Cybersecurity and Infrastructure Security Agency has urged federal agencies to deploy ad-blocking software and standardize web browser usage across their workforces in order to fend off advertisements implanted with malware.
08. Joker's Stash, the internet's largest marketplace for buying & selling stolen card data, has announced that it was shutting down on February 15, 2021.
09. Attackers are using the normally harmless Windows Finger command to download and install a malicious backdoor on victims' devices.
10. Microsoft is taking matters into its own hands when it comes to companies that haven’t yet updated their systems to address the critical Zerologon flaw, and will soon by default block vulnerable connections on devices that could be used to exploit the flaw.
11. An increasing number of websites are asking visitors to approve "notifications," but several dodgy firms are paying site owners to install their notification scripts and then selling that communications pathway to scammers and online hucksters.
12. The UK government is investigating a technical issue that led to 150,000 arrest records being accidentally wiped from nationwide police databases.
13. A flaw has been detected in the Linux Mint screensaver, after it was discovered by two children who were playing on their dad’s computer.
14. A security researcher has commandeered the Democratic Republic of Congo’s expired top-level domain to save it from hackers who could redirect millions of unknowing internet users to rogue websites of their choosing.
Thanks for visiting SecAlerts and reading our weekly cyber security news roundup. We offer a free weekly CVE alert service, or an hourly service from $US17/mth, both of which include software updates and news relating to your software stack. Join more than 1,500 other users and sign up.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.