Written by 12:58 PM Information Security

W33 – What’s happening in InfoSec – by Tavian Hall from Jamaica

So what’s NEW this week???

 

FBI, NSA Share Details on New ‘Drovorub’ Linux Malware Used by Russia

The United States on Thursday published information on Drovorub, a previously undisclosed piece of malware that Russia-linked cyber-spies are using in attacks targeting Linux systems.

BootHole vulnerability in Linux systems renders servers unbootable

It was reported this week by Naked Security that Linux systems are affected by a vulnerability that can render those Linux servers unbootable.

Windows Defender Detected Citrix Services as Malware

Windows Defender has caused problems for some Citrix customers after deleting two services incorrectly detected as malware.

CactusPete hackers go on European rampage with Bisonal backdoor upgrade

The APT is attacking banks and military organizations in Eastern Europe.

UK Cybersecurity Firm Says North Korean Attacks on Israel Successful

Since the beginning of 2020, the North Korea-linked threat group known as Lazarus has successfully compromised dozens of organizations in Israel and other countries by targeting their employees with appealing job offers, UK-based cybersecurity firm ClearSky reported this week.

Researchers uncover critical flaw within Amazon Alexa which can lead to stolen voice history and data

Security researchers at Check Point have discovered the Amazon Alexa assistant can be hacked to make it hand over sensitive data including voice recordings due to flaws within the services subdomains.

Data from US Gun exchange exposed by hackers

Cybercriminals have infiltrated a Gun Exchange in Utah, US and released highly sensitive information on a cybercrime forumCybercriminals have infiltrated a Gun Exchange in Utah, US and released highly sensitive information on a cybercrime forum

Google attempting new URL displays to tackle phishing and other scams

Some Google Chrome users can expect a big change in how the browser displays URLs as the company tests out how domain names are seen in a bid to thwart online scams.

Unprotected AWS Server exposes over 350m passwords

Ethical hackers have discovered 350 million exposed email addresses on an unsecured server which were likely to have either been stolen or acquired back in October 2018.

Number of Cyber Attacks from Germany Increased, says Russian Foreign Minister

In the period from 2019 to 2020, Russia registered a sufficient number of cyberattacks from Germany to Russian facilities and organizations.

Canon USA’s stolen files leaked by Maze ransomware gang

A ransomware gang has published unencrypted files allegedly stolen from Canon during a ransomware attack earlier this month

NSA, FBI Warn of Linux Malware Used in Espionage Attacks

A never before seen malware has been used for espionage purposes via Linux systems, warn the NSA and FBI in a joint advisory.

The Race to Hack a Satellite at DEF CON

Eight teams competed to win cash, bragging rights, and the chance to control a satellite in space.

Zoom Faces More Legal Challenges Over End-to-End Encryption

The video-conferencing specialist has yet to roll out full encryption, but it says it’s working on it.

Facebook using AI to track hate speech

Facebook’s hate speech and malicious content identifying AI seem to be working as the company said that their AI identified and removed 134% more hate speech in the second quarter than in the first.

Black Hat USA 2020 Shines Spotlight on the Mental Challenges of Cybersecurity

Infosec practitioners face a variety of mental struggles in areas such as awareness training, problem solving, or general mental health. Several sessions at Black Hat USA 2020 highlighted these challenges and how to overcome them.

New Agent Tesla variant steals passwords from web browsers & VPNs

The new variant of Agent Tesla is equipped with many sophisticated features.

With iOS’s Privacy Nutrition Label, Apple Upstages Regulators

New iOS privacy features require developers to disclose what data they’re collecting, how they’re using it, and with whom they share it.

Top 6 cybersecurity books for IT auditors

Introduction Like many other information security professionals, you probably have a library of books on the topic of your career choice.

New Attack Lets Hackers Decrypt VoLTE Encryption to Spy on Phone Calls

A team of academic researchers—who previously made the headlines earlier this year for uncovering severe security issues in the 4G LTE and 5G networks—today presented a new attack called ‘ReVoLTE,’ that could let remote attackers break the encryption used by VoLTE voice calls and spy on targeted phone calls.

Surge in cyber attacks targeting open source software projects

There has been a massive 430% surge in next generation cyber attacks aimed at actively infiltrating open source software supply chains, Sonatype has found.

FireEye Announces New Bug-Bounty Program

The program, administered by Bugcrowd, will pay bounties of up to $2,500 per vulnerability.

Human Error Threatens Cloud Security

Virtually all security professionals believe that human error could put the security of cloud data at risk, according to new research published today.

Instagram Retained Deleted User Data Despite GDPR Rules

The photo-sharing app retained people’s photos and private direct messages on its servers even after users removed them.


Tavian Hall from Jamaica contributed this article. Tavian is a member of WISC (Women in InfoSec Caribbean), a Discord group from the G5 Cyber Security Foundation Ltd. Learn more about WISC  at wiscaribbean.org. WISC is a non-profit initiative supporting Caribbean women and girls to develop a career in Information Security.

Close