The Week in Cyber Security News, July 27 - August 2
01.A misconfiguration in the infrastructure of repositories has resulted in leaking the source code of dozens of high-profile organizations, including Microsoft, Adobe, Disney, GE Appliances and Mediatek.
02.A subsidiary of insurance company First American Financial Corp. has been charged by a New York regulator regarding a data breach that went on for several years and allegedly exposed hundreds of millions of documents containing sensitive information.
03.Cybersecurity researchers have uncovered a completely undetectable Linux malware which exploits undocumented techniques to stay under the radar and targets publicly accessible Docker servers hosted with popular cloud platforms, including AWS, Azure, and Alibaba Cloud.
04.GPS device and services provider Garmin have confirmed that the worldwide outage that took down the vast majority of its offerings for five days was caused by a ransomware attack.
05.Hackers with suspected links to the Chinese government have been targeting the Vatican, ahead of the Vatican negotiating the operations of the Catholic Church in China.
06.Nearly half of British university staff say they have received no cybersecurity training, and 8% of responding universities said they had reported five or more breaches to the Information Commissioner's Office over the past 12 months.
07.Zoom has patched a security hole that could have allowed attackers to break their way into password-protected private calls.
08.From 2021, the IRS (USA) will demand that all tax software vendors must offer multi-factor authentication, and expects all tax professionals preparing returns to make use of this feature.
09.Scammers have been using open redirects found on US Government websites to redirect visitors to pornography sites.
10.Scams targeting users of services such as Netflix have been using convincing phishing emails, claiming to be from Netflix Support, to bypass email filters and persuade even 'scam savvy' users to hand over their credit card details.
11.A fresh Linux backdoor called Doki is infesting Docker servers in the cloud and employing a brand-new technique: Using a blockchain wallet for generating command-and-control (C2) domain names.
12.Two teenagers and a 22yo have been charged over the July 15 Twitter hack of multiple high-profile US figures, including Barack Obama, Jeff Bezos, Elon Musk, Bill Gates and Joe Biden.
13.US travel management firm CWT has paid $4.5 million to hackers who stole reams of sensitive corporate files and said they had knocked 30,000 computers offline.
14.Customers with Telstra's default DNS settings found themselves seemingly unable to access the internet on Sunday morning, as the Australian telco was facing a denial of service attack.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.