The Week in Cyber Security News, July 6 - 12
01.A hacker and former Yahoo employee, who was charged for hacking the accounts of 6000 young women using the special access granted to him as an employee at Yahoo, has been sentenced to 5 years probation at home.
02.A social media star known for his ostentatious displays of wealth is set to be charged in the US with conspiracy to launder hundreds of millions of dollars from BEC and other fraud schemes.
03.Microsoft has announced a new free-to-use initiative aimed at uncovering forensic evidence of sabotage on Linux systems, including rootkits and intrusive malware that may otherwise go undetected.
04.It's been revealed that the Apple Mac ransomware, ThiefQuest, has a whole other set of spyware capabilities that allow it to exfiltrate files from an infected computer, search the system for passwords and cryptocurrency wallet data, and run a robust keylogger to grab passwords, credit card numbers, or other financial information as a user types it in.
05.Citrix has revealed 11 new vulnerabilities in the same cloud-based and remote access products that were affected by a critical flaw six months ago and took a month to be patched. This time, however, patches are available immediately.
06.More than 240 website subdomains belonging to organizations said to include Chevron, Warner Brothers, Honeywell, Toshiba, Xerox, Volvo and more, have been hijacked to redirect netizens to malware, X-rated material, online gambling, and other unexpected content.
07.German authorities have seized a computer server that hosted a huge cache of files from scores of US federal, state and local law enforcement agencies obtained in a Houston data breach last month.
08.Researchers have discovered more than 15 billion credentials from in excess of 100,000 data breaches on the dark web, including access to everything from streaming services to banking accounts and financial services.
09.It's been shown that the Conti Ransomware, an upcoming threat targeting corporate networks with new features that allow it to perform quicker and more targeted attacks, shares the same malware code as Ryuk.
10.An unpatched and previously unknown zero-day, which could be exploited for RCE, has been discovered in the Zoom Client for Windows.
11.A security review of 127 popular home routers, including devices from Netgear, Linksys, and D-Link contain serious security vulnerabilities that even updates don’t fix.
12.Smartwatch software used to help elderly patients could easily be hacked and abused and researchers have said they are concerned that "an overdose could easily result".
13.Security researchers have said they found severe vulnerabilities and what appears to be intentional backdoors in the firmware of 29 FTTH OLT devices from C-Data, which is based in China.
14.The notorious TrickBot malware has mistakenly left a test module that is warning victims that they are infected and should contact their administrator.
15.The Democratic National Committee has reiterated a warning to Democratic campaigns, state parties and committees about the security risks of using the video-sharing app TikTok.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.