The Week in Cyber Security News, Mar 2 - 8
01. Almost a year after getting infected with ransomware, the City of Cartersville in the US State of Georgia has admitted to paying ransomware operators $380,000 to unlock its systems.
02. A ransomware attack that crippled a police department in Florida has resulted in at least six suspected drug dealers walking free.
03. More than 200 million records containing a wide range of property-related information of US residents were left exposed on a database that was accessible on the web without requiring any password or authentication.
04. Virgin Media, a provider of telephone, television, and internet services in the UK, has disclosed a data breach that exposed the personal details of approximately 900,000 customers.
05. The UK's Information Commissioner's Office has fined Cathay Pacific Airways £500,000 for failing to protect customers' personal data, stating that "appropriate security" was not in place between October 2014 and May 2018.
06. Netgear is warning users of a critical remote code execution bug that could allow an unauthenticated attacker to take control of its Wireless AC Router Nighthawk (R7800) hardware running firmware versions prior to 184.108.40.206. The warnings include two high-severity bugs impacting Nighthawk routers, 21 medium-severity flaws and one rated low.
07. As coronavirus infections surge globally, hackers and nation-state actors are weaponizing information about the COVID-19 virus to spread malware and disinformation, according to security researchers and the State Department.
08. The US-CERT has issued an advisory warning users of a dangerous 17-year-old remote code execution vulnerability affecting the PPP daemon software that comes installed on almost all Linux based operating systems, as well as powers the firmware of many other networking devices.
09. Many US government agency IT facilities are still operating as access points to federal systems without proper oversight and cybersecurity.
10. Unwanted and malicious emails using political-themed lures have spiked as the presidential primary season cranks into high gear – with Donald Trump and Bernie Sanders representing the lion’s share of subject line themes.
11. The US Department of Justice on Monday unsealed a 2014 indictment alleging that a current cybersecurity executive was involved a conspiracy to sell usernames and passwords belonging to American customers of the social media company Formspring in 2012.
12. All Intel processors released in the past 5 years contain an unpatchable vulnerability that could allow hackers to compromise almost every hardware-enabled security technology that are otherwise designed to shield sensitive data of users even when a system gets compromised.
13. Researchers have been able to grab more than 670 subdomains that had previously been used by Microsoft but subsequently forgotten about.
14. It's been revealed that Google could have fixed 2FA code-stealing flaw in Authenticator when it was first reported to Google in October 2014, but it was never addressed.
15. New legislation has been introduced in the USA that amends the Espionage Act of 1917 to protect, among others, security researchers who discover classified government backdoors in encryption algorithms and communications apps used by the public.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.