Security News

The Week in Cyber Security News, Sept. 14 - 20

01.A database containing the personal information of millions, including world leaders and their families, high ranking military officers, the Royal Family, celebrities and diplomats, has been leaked by a Chinese company with ties to China's military and intelligence agencies.

02.A misconfigured Elasticsearch server is responsible for exposing data amounting to more than 370 million records.

03.Between July and August of 2020, the average number of weekly cyberattacks per educational facility in the US rose by 30% to 608 from 368 the prior two months.

04.Around 2,000 e-commerce stores running the popular Magento software were attacked over the weekend, in the largest recorded campaign of its kind.

05.A new report has uncovered that 97% of leading cybersecurity companies have data leaks or other security incidents exposed on the Dark Web.

06.Researchers have developed and published a proof-of-concept exploit for a recently patched Windows vulnerability that can allow access to an organization’s Active Directory domain controllers, which act as an all-powerful gatekeeper for all machines connected to a network.

07.Billions of smartphones, tablets, laptops, and IoT devices are using Bluetooth software stacks that are vulnerable to a new security flaw.

08.Wireless networks within the US Department of the Interior have been successfully breached by $200 test units hidden in backpacks and operated by smartphones.

09.German authorities have said that an apparently misdirected ransomware attack caused the failure of IT systems at a major hospital in Duesseldorf, and a woman who needed urgent admission died after she had to be taken to another city for treatment.

10.Just weeks away from the U.S. presidential election, Twitter says it is taking extra steps, such as strong password requirements, to secure high-profile accounts like those of political campaigns and major news outlets, whose compromise could impact voter perceptions.

11.The operators of the Maze ransomware have added a fresh trick to their bag of badness: distributing ransomware payloads via virtual machines.

12.Former Australian Prime Minister Tony Abbott had his phone number and passport details obtained by a hacker after posting a picture of his boarding pass on Instagram.

13.A US federal judge has said that Tesla failed to show how the actions of a former employee, who hacked into the company's computers and leaked confidential information, caused a US$167 million decline in the electric car maker's market value.

14.Google's App Engine domains can be abused to deliver phishing and malware while remaining undetected by leading enterprise security products.

++

Thanks for visiting SecAlerts and reading our weekly cyber security news roundup. We offer a free weekly CVE alert service, or an hourly service from $US20/mth, both of which include software updates and news relating to your software stack. Join more than 1,300 other users and sign up.

. . .

If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.

Get weekly security news and vulnerability alerts

Join over 1,000 others receiving a free weekly report with a round-up of vulnerabilities and security news customised to your software stack. See an example email

Example email for SecAlerts

Earlier: