Share Blog post
- A new bill has been introduced to the US Congress, which would allow hackers to report bugs directly to the Department of Homeland Security (DHS). The Public-Private Cybersecurity Cooperation Act, introduced Senators Rob Portman, and Maggie Hassan, requires DHS to create a permanent bug bounty program of sorts, that will ensure that hackers can report problems they find to the proper authorities without being prosecuted for breaking laws.
- Microsoft and Mastercard have partnered up to develop a universal identity management service. The two firms aim to create a service that can be availed by all, to prove their identity. The service could also be used for opening a new bank account, applying for a loan, online shopping, and more.
- A new USB malware scanning tool was launched by Symantec earlier this week. The device aims to protect outdated legacy systems which depend mainly on USB devices to update their systems, such as those used by the oil and gas, manufacturing, and transportation sectors.
- Hackers hit Quora, compromising the data of 100 million users. Information such as names, email addresses, IP, encrypted passwords, user IDs, and more was accessed by the attackers. The firm is still investigating the matter and is notifying customers about the breach.
- Magecart hackers began targeting admin credentials in new attacks. Magecart group 11, which has been active since early 2016, was found stealing credentials of site administrators. Group 11 is also believed to be responsible for the Vision Direct data breach earlier this year.
- Thousands of sensitive emails of US Republicans was hacked during the US 2018 midterm elections. The National Republican Congressional Committee (NRCC) reportedly hushed up a major data breach that it sustained earlier this year. The attack saw four senior NRCC aides’ phones surveilled for months by the hackers. Although NRCC alerted the FBI about the breach, senior Republican leaders were unaware about the attack until recently.
- A slew of massive Hollywood-style bank heists, targeting at least eight European banks, saw hackers steal millions of dollars. The attackers planted devices like a laptop, Raspberry Pi and Bash Bunny inside the targeted banks’ premises, which provided them with remote access to the banks’ networks.
- 21 new Linux malware strains were discovered. The new malware families possess sophisticated features like keylogging and backdoor capabilities. Out of the 21 families analyzed, 12 had never been documented.
- A new Spectre-like CPU attack was uncovered by a six-member security research team, comprising of three academics from Northeastern University and three researchers from IBM Research. The new attack is easier to execute and relies on the same processor design flaws. This attack also increases the speculative execution window length which adds to the attacker’s capabilities.
- A 20,000-strong WordPress botnet was found targeting other WordPress sites. The attackers were found using dictionary attacks to gain unauthorized access to the targeted sites. Site owners are advised to use security plugins, which can block such brute force attacks.
- A new Adobe zero-day vulnerability was found being leveraged by hackers. The bug allowed the attackers to hijack Windows PCs, by delivering malicious ActiveX-embedded documents via phishing emails. Fortunately, Adobe has released patches addressing the vulnerability.
Posted on: December 07, 2018
Get the Weekly Threat Briefing delivered to your email!
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.