Security News

The Week in Cyber Security News, Oct. 19 - 25

01. It's been revealed that Microsoft was the top impersonated brand in phishing attempts during the third quarter, with 19% of all brand phishing attempts across the world trying to spoof the software giant, up from just 7% in the prior quarter.

02. A vulnerability has been discovered in Google's GPS navigation software app Waze that lets hackers identify and track users.

03. A Windows-based remote access Trojan designed to infiltrate computers and steal users' data has resurfaced after a two-year span with retooled capabilities to target Android and macOS devices.

04. London’s Hackney Council has suffered a "serious cyber attack" which has prevented it from, among other things, making payments including housing benefit, discretionary housing payments, and certain supplier payments.

05. Adblocking extensions with more than 300,000 active users have been surreptitiously uploading user browsing data and tampering with users’ social media accounts, thanks to malware its new owner introduced a few weeks ago

06. Research has shown that American police forces routinely "circumvent most security features" in smartphones to extract mountains of personal information.

07. Russia and Iran obtained an undisclosed volume of voter registration data, and Iran has sent threatening emails to Democratic voters in the US, emulating the right-wing group Proud Boys.

08. NVIDIA has released a security update for the Windows NVIDIA GeForce Experience (GFE) app to address vulnerabilities that could enable attackers to execute arbitrary code, escalate privileges, gain access to sensitive info, or trigger a denial of service (DoS) state on systems running unpatched software.

09. IT giant Sopra Steria, which employs 46,000 people in 25 countries, has been hit with a cyber attack widely believed to be the work of the threat actors behind Ryuk ransomware.

10. Pharmaceutical company Dr Reddy's, which is developing a Covid-19 vaccine, says it has been hit by a cyber-attack that has affected its sites around the world, including those in the UK, Brazil, India, Russia and the US.

11. Malware authors have managed to pass malicious apps through the Apple app notarization process for the second time this year and the second time in the past six weeks.

12. The Emotet malware has switched to a new template that pretends to be a Microsoft Office message stating that Microsoft Word needs to be updated to add a new feature.

13. Researchers have found that Apple’s Safari browser, as well as the Opera Mini and Yandex browsers, are vulnerable to JavaScript-based address bar spoofing.

14. Research commissioned by Microsoft has revealed that 90% of respondents admit they're worried every time they share their information online, 70% say the US Government it isn't doing enough to protect their personal data, and 70% ssayd they'd like to see the next administration enact privacy legislation.

++

Thanks for visiting SecAlerts and reading our weekly cyber security news roundup. We offer a free weekly CVE alert service, or an hourly service from $US20/mth, both of which include software updates and news relating to your software stack. Join more than 1,300 other users and sign up.

. . .

If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.

Get weekly security news and vulnerability alerts

Join over 1,000 others receiving a free weekly report with a round-up of vulnerabilities and security news customised to your software stack. See an example email

Example email for SecAlerts

Earlier: