The Week in Cyber Security News, May 11 - 17
01. A researcher has uncovered a vulnerability in Intel's Thunderbolt port, which is found in millions of PCs and allows an attacker with only minutes of physical access to the device to read and copy all of its data.
02. Engineers from SMU's Darwin Deason Institute for Cybersecurity have developed software that detects ransomware attacks before attackers can inflict catastrophic damage.
03. A pair of vulnerabilities in Oracle’s iPlanet Web Server have been disclosed that can lead to sensitive data exposure and image injections onto web pages if exploited. However, no patch is forthcoming for either flaw.
04. A well-organized Nigerian crime ring is exploiting the COVID-19 crisis by committing large-scale fraud against multiple state unemployment insurance programs, with potential losses in the hundreds of millions of dollars.
05. The Dutch Data Protection Authority has announced that it’s launched an investigation into how TikTok handles user privacy, citing the vulnerability of children because they're "less aware of the consequences of their actions, especially when it comes to sharing personal data on social media."
06. After the FBI classified ransomware threats to publish stolen data relating to President Trump as terrorism, the REvil cybercrime gang has pushed back by publishing the first batch of emails.
07. Researchers have discovered malware, dubbed 'Ramsay', which is able to penetrate air-gapped computers and steal different documents, including Word, PDF & Zip files, and then transmit them back to the attackers.
08. A threat actor is selling twenty-nine databases on a hacker forum that allegedly contains a combined total of 550 million stolen user records.
09. Scammers posing as General Paul Nakasone, the director of the National Security Agency and head of US Cyber Command, have emailed a New York woman "from an outpost in Syria", in what looks to be the early stages of a romance scam.
10. China-linked hackers are breaking into American organizations carrying out research into COVID-19, US officials have said, warning both scientists and public health officials to be on the lookout for cyber theft.
11. Video chat company Zoom is being sued by one of San Francisco's oldest churches, after an attacker - a 'known offender' - hacked the computers of a bible-study class and played "sick and disturbing videos", including child pornography.
12. Cyber-attacks against API endpoints have risen since COVID-19 lockdown measures were introduced, with an increase from 28 million to 139 millions events per week over one recent three week period.
13. Disney has ordered unauthorised copies of its Club Penguin game to close, after the BBC found children were being exposed to explicit messages.
14. Multiple supercomputers across Europe have been infected with cryptocurrency mining malware and have shut down to investigate the intrusions.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.