|
|
In case you missed it, here is a recap of the biggest cybersecurity news stories from the past week!
AMD processors: Not as safe as you might have thought
With all the hub-bub about Meltdown and Spectre, AMD CPUs are widely regarded as being perfectly safe. Well AMD chips may be safer, but they’re not invulnerable. Read More
Nuke Weapon Systems at Risk From Cyber-Attacks
Nuclear weapons systems are vulnerable to cyber-attacks which could at worst lead to compromise and inadvertent launches, a leading thinktank has warned. Read More
Carphone Warehouse fined £400,000 over 2015 data breach
Carphone Warehouse has been slapped with a £400,000 fine for a data breach which led to the theft of information belonging to millions of customers. Read More
Adobe patches information leak vulnerability
In comparison to Microsoft which is having a busy month patching due to Spectre and Meltdown, Adobe’s latest patch update addresses only one vulnerability, CVE-2018-4871, which occurs due to a computation which reads data past the end of a target buffer. Read More
SCADA Apps Riddled with Major Flaws
Mobile applications used in industrial control system (ICS) environments are shot through with vulnerabilities, exposing mission critical processes and infrastructure to attack, according to new research. Read More
Pyeongchang Olympics Hack: Attackers Evolve Beyond Zero Days
A campaign targeting the Pyeongchang Olympics began at the end of December 2017. The attack sent emails to organizations that were both associated with the Olympics and based in South Korea, persuading targets to open attached documents from what seemed to be a reliable source—South Korea’s National Counter-Terrorism Center (NCTC). These emails were intentionally timed. Read More
macOS High Sierra bug lets App Store preferences be unlocked with any fake password
A recently-discovered bug in macOS High Sierra allows any local admin access to the App Store preferences without the correct password. First noted in a security report on Open Radar, admins can punch in literally any password to gain access. Read More
Reddit Users Lose Bitcoin Tips After Third-Party Breach
Attackers infiltrated Reddit accounts using password reset emails sent via the third-party vendor. Several Redditors also reported that their Bitcoin Cash tip accounts had been emptied out. Read More
CoffeeMiner hijacks public Wi-Fi users’ browsing sessions to mine cryptocurrency
A researcher has published a proof-of-concept (PoC) project called CoffeeMiner which shows how threat actors can exploit public Wi-Fi networks to mine cryptocurrencies. Read More
First malicious Android app built with open source Kotlin language found wild
For the first time, a malicious Android application built with Kotlin has been discovered in the Google Play store. First noted by Trend Micro researchers in a Tuesday blog post, it’s possible that the app has already been downloaded thousands of times. Read More
Zero-day vulnerabilities hijack full Dell EMC Data Protection Suite
Security researchers have discovered a set of zero-day vulnerabilities within the Dell EMC Data Protection Suite Family products which allow attackers to fully hijack systems. Read More
Google Drive Exploited to Download Malware Directly from URL
A vulnerability has emerged that allows hackers to automatically download malware to a victim’s computer directly from a Google Drive URL. Read More
Like our content?
Subscribe to our blog above and get content delivered straight to your inbox or follow us on LinkedIn, Twitter, and Facebook to stay up to date on the latest news in cybersecurity!
