The Week in Cyber Security News, Nov. 2 - 8
01. A security lapse at the privacy-focused social networking app True exposed one of its servers, leading to private user data exposure.
02. Cyber-criminals have launched a new sextortion scam aimed at people who use the video-conferencing app Zoom while in a 'state of undress'.
03. A week after the US government issued an advisory about a "global intelligence gathering mission" operated by North Korean state-sponsored hackers, new findings have emerged about the threat group's spyware capabilities.
04. Google has patched two zero-day vulnerabilities in its Chrome browser, the third time in two weeks that the company has fixed a Chrome security flaw that’s under active exploit.
05. The Maze cybercrime group has announced it is curtailing its operations, stating on its main webpage: "The Project is closed ... All the links to out project, using of our brand, our work methods should be considered to be a scam."
06. Oracle has released an emergency patch after a security vulnerability, which "may be exploited over a network without the need for a username and password", was revealed in its WebLogic middleware.
07. Millions of California voters have backed - by a 56%-44% margin - an amendment to the state's consumer privacy laws (the California Privacy Rights Act), which, among other things, prevents businesses from sharing customers' personal information, and limit businesses' use of "sensitive personal information," including precise geolocation, race, ethnicity, and health information.
08. The US government has seized $1 billion worth of bitcoin linked to the Silk Road criminal marketplace, where criminals are able to buy and sell narcotics and other illegal goods and services, using cryptocurrency to stay anonymous.
09. A new ransomware called Pay2Key has been targeting organizations and encrypting their networks within an hour in targeted attacks still under investigation.
10. A newly discovered malware - "Gitpaste-12" - uses GitHub and Pastebin to house component code, and harbours 12 different initial attack vectors.
11. A Spain-based software firm has been caught exposing sensitive, private, and financial data of millions of customers around the globe, including those using the Booking.com, Expedia, Agoda, and Hotels.com websites.
12. Europe’s telecoms industry has slammed proposed tweaks to planned EU rules governing Facebook’s WhatsApp and Microsoft unit Skype that would tighten the rules faced by telecoms providers to use electronic communications metadata.
13. The FBI has sent out a security alert warning that threat actors are abusing misconfigured SonarQube applications to access and steal source code repositories from US government agencies and private businesses.
14. An advanced HM Revenue and Customs (HMRC) tax rebate scam, which employs multiple HMRC phishing domains and tactics, is targeting UK residents via text messages.
Thanks for visiting SecAlerts and reading our weekly cyber security news roundup. We offer a free weekly CVE alert service, or an hourly service from $US20/mth, both of which include software updates and news relating to your software stack. Join more than 1,300 other users and sign up.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.