The Week in Cyber Security News, June 8 - 14
01. Research has revealed that the number of open source software (OSS) vulnerabilities more than doubled in 2019 compared with 2018.
02. IBM has stated it is exiting the general-purpose facial recognition business and said it opposes the use of such technology for mass surveillance and racial profiling.
03. Microsoft has released its June 2020 batch of software security updates that patches a total of 129 newly discovered vulnerabilities, including CVE-2020-1296, which concerns privilege escalation in the Windows Diagnostics & Feedback settings app.
04. After reporting in April it had identified 160,000 compromised accounts, Nintendo has released an increased tally of compromised accounts, adding a further 140,000.
05. Cybersecurity incidents at NASA increased by 366% in 2019 as the organization's cybersecurity budget was slashed by $3.1m.
06. Researchers have found a way to spy on secret conversations happening in a room from a nearby remote location just by observing a light bulb hanging in the room (visible from a window) and measuring the amount of light it emits.
07. Amazon is putting a year-long "moratorium" on police use of its Rekognition facial recognition technology.
08. Twitter has banned and removed more than 32,000 accounts that were part of networks operated out of China, Russia, and Turkey, all three pushing local political agendas and narratives, and associated with state-sponsored entities.
09. Facebook paid a cybersecurity firm a six figure sum to develop a zero-day in a Tor-reliant operating system in order to unmask a man who spent years sextorting hundreds of young girls, threatening to shoot or blow up their schools if they didn’t comply.
10. An Italian company that operates a seemingly legitimate website and business, offering to provide binary protection against reverse engineering for Windows applications, has secretly advertised and provided its service to malware gangs.
11. A city in Alabama has agreed to pay a Bitcoin ransom of US$300,000 to hackers who compromised its computer systems and deployed ransomware, after hackers infiltrated a Windows 10 PC connected to their IT systems in late May.
12. An IT firm in India has been secretly operating as a global hackers-for-hire service, allegedly targeting thousands of high-profile individuals and hundreds of organizations across six continents over the last seven years.
13. Cyberattackers are seizing upon the 24-hour news cycle and using a fake Black Lives Matter malspam campaign that distributes the TrickBot malware.
14. Threat actors have reportedly created a site that imitates the legitimate secure note sharing service privnote.com to steal bitcoins.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.