The Week in Cyber Security News, May 25 - 31
01. A team of Chinese academics has found a new way to abuse HTTP packets to amplify web traffic and bring down websites and content delivery networks (CDNs).
02. 70 percent of applications being used today have at least one security flaw stemming from the use of an open-source library.
03. EasyJet is facing an £18 billion (US$22.2B) class-action lawsuit filed on behalf of nine million customers affected by a cyber attack on the budget airline.
04. Cybersecurity researchers have unveiled details of a new critical vulnerability - affecting a billion or more Android devices - that could allow attackers to carry out a much more sophisticated version of Strandhogg attack.
05. The email addresses and plaintext passwords of over 26 million LiveJournal blogging accounts are being traded on underground criminal marketplaces, despite LiveJournal’s owners refusing to acknowledge that any security breach has occurred.
06. Numerous internet-connected doorbell and security camera manufacturers have been alerted to "systemic design flaws", including allowing a shared account that appears to have been removed to remain in place with continued access to the video feed, by Florida Tech computer science student.
07. Hackers are sending spoofed emails - with a strain of malware typically used to steal bank account data - that appear to be from FedEx, UPS and DHL as part of a mass emailing campaign meant to infect victims' computers.
08. A group operating an ATM company in Mexico and suspected of bribing technicians to install sophisticated Bluetooth-based skimmers in cash machines throughout Mexican tourist destinations enjoyed legal protection from within the Mexican attorney general’s office.
09. The malware loader, Valak, has morphed into an information stealer that targets Microsoft Exchange servers to rob email login credentials and certificates from enterprises.
10. The US National Security Agency has warned government partners and private companies about a Russian hacking operation that uses a special intrusion technique to target operating systems often used by industrial firms to manage computer infrastructure.
11. “Hack-for-hire” organizations are the latest group of cybercriminals to take advantage of the ongoing coronavirus pandemic, using COVID-19 as a lure in phishing emails bent on stealing victims’ Google credentials.
12. It's been revealed that a recent highly critical vulnerability (now patched) that affected Apple's 'Sign in with Apple' system could have allowed remote attackers to bypass authentication and take over targeted users' accounts on third-party services and apps.
13. Facial recognition company Clearview AI is being sued by the American Civil Liberties Union and with four community organisations based in the US state of Illinois.
14. A hacker has leaked online the database of Daniel's Hosting (DH), the largest free web hosting provider for dark web services.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.