Weekly Recap of Cybersecurity News 1/5

weekly recap cybersecurity news

In case you missed it, here are some of the biggest stories in cybersecurity from the past week!

 

Massive Intel Vulnerabilities Just Landed
Some feared the issue would leave millions on millions of computers vulnerable to snooping, whilst others fretted the fix would slow down PCs dramatically, due to the dramatic changes required to fix the problem. Now researchers have revealed it could really be as widespread and severe as feared.
Read More

 

PyCryptoMiner enslaves your PC to mine Monero
Researchers have stumbled across a new botnet which has gone under the radar for a long time while quietly enslaving PCs in the quest for cryptocurrency. Read More

 

Satori IoT botnet malware code given away for Christmas
It is a Happy New Year for threat actors targeting Huawei devices, it appears. A hacker has released the working code for a Huawei router exploit used by the Satori botnet over the holiday season as a freebie for cyberattackers seeking to target Huawei devices or bolster botnets. Read More

 

Cyberattack forces New York State hospital to run on downtime procedures
A cyberattack disrupted computer systems at Jones Memorial Hospital (JMH) in Wellsville, N.Y. on Thursday, the Buffalo-area health care facility has announced on its website. Read More

 

Forever 21 investigation reveals malware presence at some stores
Forever 21 has revealed that a data breach discovered in November has resulted in the theft of credit card information belonging to customers. The US clothing retailer said previously that a potential data breach was the subject of an investigation into its outlets after a third-party supplier tipped the company off to the potential lapse in security. Read More

 

Google Apps Script vulnerability could lead SaaS apps to download malware
A security vulnerability in Google Apps Script allowed hackers to download malware via Google Drive URLs to a victim’s computer highlighting the cybersecurity challenges inherent to enterprise Software as a Service (SaaS) offerings. Read More

 

Critical DHS breach put 250K employees’ personal data at risk
The Department of Homeland Security’s (DHS) Office of the Inspector General (OIG) recently experienced a breach in its case management system, exposing the personally identifiable information (PII) of numerous employees and other people involved in certain investigations. Read More

 

Ancestry.com Info Exposed by Leaky RootsWeb Server
A file containing email addresses and username/password combinations for Ancestry.com has been exposed on a RootsWeb.com server. Read More

 

Android Trojan Targets 200+ Global Financial Apps
An Android banking trojan that targets more than 232 banking apps has been uncovered, targeting financial institutions globally. Read More

 

Stealthy Crypto-Miners Are Slipping Into Web Ads
A stealthy attack that slips cryptocurrency miners into ads on unsuspecting websites is making the rounds. Inspection of these seemingly legitimate ads show they are actually in the business of mining for Monero. Read More

 

China Shuts Down 13,000 Websites for Breaking Internet Laws
The Chinese government has shut down more than 13,000 websites for breaking Internet laws, reports Xinhua, China’s state-run news agency. These rules and regulations have governed the country’s networks since 2015. Read More

 

MacOS LPE Exploit Gives Attackers Root Access
A researcher that goes by the handle “Siguza” released details of a local privilege escalation attack against macOS that dates back to 2002. A successful attack could give adversaries complete root access to targeted systems. Read More

 

Mozilla Patches Critical Bug in Thunderbird
Mozilla issued a critical security update to its popular open-source Thunderbird email client. The patch was part of a December release of five fixes that included two bugs rated high and one rated moderate and another low. Read More

 

Like our content?
Subscribe to our blog above and get content delivered straight to your inbox or follow us on LinkedIn, Twitter, and Facebook to stay up to date on the latest news in cybersecurity!