The Week in Cyber Security News, Nov 25-Dec 1
01. The NYPD fingerprint database was taken offline to thwart ransomware, after the malware was introduced to the police network via a contractor who was installing a digital display.
02. Researchers say exploit kits operators are changing their tactics and, instead of relying on dropping malware on disk and then executing the malware, at least three of the nine currently active exploit kits are now using fileless attacks.
03. Senate Democrats are proposing a broad federal data privacy law that would allow people to see what information companies have collected on them and demand that it be deleted.
04. European police have removed 26,000 pieces of Islamic State content - videos, social media accounts, communication channels and posts - from social media.
05. A US court has come down in favor of Fifth Amendment protections against the forced disclosure of a 64-character password to a suspect's encrypted computer in a child abuse imagery case.
06. Researchers analyzed a sample of 120 billion programatic ad impressions and of the 75 supply side platforms, or ad providers, that were monitored, more than 60% of malicious ad impressions come from three of them.
07. Cybercriminals are tapping in on Black Friday and Cyber Monday shoppers with an array of scams and malware – including domain impersonation, social media giveaway scams, and a malicious Chrome extension.
08. More than 80,000 computers have been infected with a new malware known as Dexphot. While the virus is relatively innocuous (hackers leverage Dexphot to mine cryptocurrency), the methods used are highly complex and sophisticated to allow it to evade traditional security tools.
09. South Korean cryptocurrency exchange Upbit has informed customers that a cyberattack has led to the theft of $48.5 million in cryptocurrency.
10. A federal judge said up to 29 million Facebook Inc users whose personal information was stolen in a September 2018 data breach cannot sue as a group for damages, but can seek better security at the social media company after a series of privacy lapses.
11. A blogger has said he won't comply with a Singapore government order to correct a Facebook post in the first test of the city-state's new 'fake news' law. Singapore's home ministry said the post, which contained allegations of election rigging, was "false" and "scurrilous".
12. RevengeHotels malware uses, among other things, typo-squatting domains and well-written phishing emails to target hotels, hostels, hospitality and tourism companies around the world.
13. Law enforcement agencies from all over the world have taken down the infrastructure of the Imminent Monitor remote access trojan (IM-RAT), a hacking tool that has been on sale online for the past six years.
14. A data breach at Mixcloud, a UK-based audio streaming platform, has left more than 20 million user accounts exposed after the data was put on sale on the dark web.
15. A fake Steam skin giveaway site has been created that states it gives away news skins every day, but in reality it just steals your login credentials.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.