The Week in Cyber Security News, Oct. 26 - Nov. 1
01. Harvest Finance has been hacked and $24 million stolen, although the attacker returned $2.5 million ... all in the space of around seven minutes.
02. Some UK customers of the peri-peri chicken chain, Nando's, have been left hundreds of pounds poorer after cyber-attackers hijacked their online accounts to place large orders.
03. Google has removed 21 Android apps, which have been downloaded nearly eight million times from the official Play Store, following the disclosure that the apps in question were serving intrusive ads.
04. Link previews, a feature found in many chat and messaging apps, can leak data, consume our limited bandwidth, drain our batteries, and, in one case, expose links in chats that are supposed to be end-to-end encrypted.
05. President Trump’s campaign website was briefly hacked as part of a Monero scam that told visitors they could pay to see "strictly classified information".
06. The world’s top office furniture maker, Steelcase, has been attacked by the Ryuk ransomware gang.
07. Microsoft has warned that threat actors are continuing to actively exploit systems unpatched against the ZeroLogon privilege escalation vulnerability (CVE-2020-1472) in the Netlogon Remote Protocol (MS-NRPC).
08. The flaw (CVE-2020-14882, CVSS 9.8) in the console component of the WebLogic Server is under active attack, researchers warn.
09. The FBI are investigating the hacking of the Wisconsin Republican party and theft of US$2.3 million in place to help re-elect President Donald Trump.
10. Eastern European criminals are targeting dozens of US hospitals with ransomware, and federal officials have urged healthcare facilities to beef up preparations rapidly in case they are next.
11. Google’s Project Zero researchers have disclosed a Windows zero-day vulnerability that allows attackers to escape Chrome sandboxes and run malware on Windows.
12. Online grocery platform, RedMart, has suffered a data breach that compromised the personal data of 1.1 million accounts, containing personal information such as mailing addresses, encrypted passwords, and partial credit card numbers.
13. Precious metal online retailer JM Bullion has disclosed a data breach after their site was hacked to include malicious scripts that stole customers' credit card information.
14. US Cyber Command has exposed eight new malware samples that were developed and deployed by Russian hackers in recent attacks.
Thanks for visiting SecAlerts and reading our weekly cyber security news roundup. We offer a free weekly CVE alert service, or an hourly service from $US20/mth, both of which include software updates and news relating to your software stack. Join more than 1,300 other users and sign up.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.