Weekly Recap of Cybersecurity News 1/12

weekly recap cybersecurity news

In case you missed it, here is a recap of the biggest cybersecurity news stories from the past week!

 

AMD processors: Not as safe as you might have thought

With all the hub-bub about Meltdown and Spectre, AMD CPUs are widely regarded as being perfectly safe. Well AMD chips may be safer, but they’re not invulnerable. Read More

 

Nuke Weapon Systems at Risk From Cyber-Attacks

Nuclear weapons systems are vulnerable to cyber-attacks which could at worst lead to compromise and inadvertent launches, a leading thinktank has warned. Read More

 

Carphone Warehouse fined £400,000 over 2015 data breach

Carphone Warehouse has been slapped with a £400,000 fine for a data breach which led to the theft of information belonging to millions of customers. Read More

 

Adobe patches information leak vulnerability

In comparison to Microsoft which is having a busy month patching due to Spectre and Meltdown, Adobe’s latest patch update addresses only one vulnerability, CVE-2018-4871, which occurs due to a computation which reads data past the end of a target buffer. Read More

 

SCADA Apps Riddled with Major Flaws

Mobile applications used in industrial control system (ICS) environments are shot through with vulnerabilities, exposing mission critical processes and infrastructure to attack, according to new research. Read More

 

Pyeongchang Olympics Hack: Attackers Evolve Beyond Zero Days

A campaign targeting the Pyeongchang Olympics began at the end of December 2017. The attack sent emails to organizations that were both associated with the Olympics and based in South Korea, persuading targets to open attached documents from what seemed to be a reliable source—South Korea’s National Counter-Terrorism Center (NCTC). These emails were intentionally timed. Read More

 

macOS High Sierra bug lets App Store preferences be unlocked with any fake password

A recently-discovered bug in macOS High Sierra allows any local admin access to the App Store preferences without the correct password. First noted in a security report on Open Radar, admins can punch in literally any password to gain access. Read More

 

Reddit Users Lose Bitcoin Tips After Third-Party Breach

Attackers infiltrated Reddit accounts using password reset emails sent via the third-party vendor. Several Redditors also reported that their Bitcoin Cash tip accounts had been emptied out. Read More

 

CoffeeMiner hijacks public Wi-Fi users’ browsing sessions to mine cryptocurrency

A researcher has published a proof-of-concept (PoC) project called CoffeeMiner which shows how threat actors can exploit public Wi-Fi networks to mine cryptocurrencies. Read More

 

First malicious Android app built with open source Kotlin language found wild

For the first time, a malicious Android application built with Kotlin has been discovered in the Google Play store. First noted by Trend Micro researchers in a Tuesday blog post, it’s possible that the app has already been downloaded thousands of times. Read More

 

Zero-day vulnerabilities hijack full Dell EMC Data Protection Suite

Security researchers have discovered a set of zero-day vulnerabilities within the Dell EMC Data Protection Suite Family products which allow attackers to fully hijack systems. Read More

 

Google Drive Exploited to Download Malware Directly from URL

A vulnerability has emerged that allows hackers to automatically download malware to a victim’s computer directly from a Google Drive URL. Read More

 

 

Like our content?
Subscribe to our blog above and get content delivered straight to your inbox or follow us on LinkedIn, Twitter, and Facebook to stay up to date on the latest news in cybersecurity!