The Week in Cyber Security News, Oct. 5 - 11
01. Members of the infamous piracy group, Team Xecuter, have been arrested and charged with 11 felony counts, allegedly involving the selling methods of hacking and homebrewing consoles.
02. An advanced persistent threat espionage campaign that uses a rare form of malware has been observed attacking diplomats and members of NGOs.
03. Cybersecurity researchers have spotted a rare kind of potentially dangerous malware that targets a machine's booting process to drop persistent malware.
04. Researchers have disclosed two flaws in Microsoft’s Azure web hosting application service, App Services, which if exploited could enable an attacker to take over administrative servers.
05. The Asian food delivery service, Chowbus, has confirmed it experienced a data breach after users reported getting access to a massive database with email addresses, phone numbers and mailing addresses of customers.
06. Hackers have seized on President Donald Trump’s illness from COVID-19 to fool email recipients into clicking on malware, which downloaded the BazaLoader backdoor, a kind of trojan commonly linked to the developers of the TrickBot hacking tool.
07. There is "clear evidence of collusion" between Huawei and the "Chinese Communist Party apparatus", a UK parliamentary inquiry has concluded.
08. Carnival Corporation, the world's largest cruise line operator, has confirmed that the personal information of customers, employees, and ship crews was stolen during an August ransomware attack.
09. Personal information of patients at Toronto-based St. Michael’s Hospital has been stolen in a data breach, allegedly by a former third-party employee accused of taking them while on duty, and then used to extort payment from the company.
10. Software AG has seemingly been hit by ransomware, with the German IT giant telling the Euro nation's stock market it had been "affected by a malware attack."
11. An unusually high number of malicious domains, designed to imitate Amazon, have been discovered ahead of the annual online shopping event, Amazon Prime Day.
12. A recently released tool is letting anyone exploit an unusual Mac vulnerability to bypass Apple's trusted T2 security chip and gain deep system access.
13. A researcher has taken advantage of the Fitbit gallery, which allows developers to submit apps that enhance the functionality of the core app, and uploaded spyware on official Fitbit store.
14. A team of academics from the University of Michigan has developed self-powered and self-erasing chips that they hope could be used as an anti-counterfeit or tamper-detection system.
Thanks for visiting SecAlerts and reading our weekly cyber security news roundup. We offer a free weekly CVE alert service, or an hourly service from $US20/mth, both of which include software updates and news relating to your software stack. Join more than 1,300 other users and sign up.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.