Cyber Bites

If you haven't recently updated your Chrome, Opera, or Edge web browser to the latest available version, it would be an excellent idea to do so as quickly as possible, The Hacker News advises. Cybersecurity researchers on Monday disclosed details about a zero-day flaw in Chromium-based web browsers for Windows, Mac and Android that could have allowed attackers to entirely bypass Content Security Policy (CSP) rules since Chrome 73. Tracked as CVE-2020-6519 (rated 6.5 on...

Job search engine Seek confirmed while it suffered an "internal technical issue" on Monday, which resulted in the exposure of other candidate details when they were logged into their Seek Profiles, it does not view the incident as a notifiable data breach and will not be reporting it to the Office of Australian Information Commissioner (OAIC). According to ZDNet, The data breach was highlighted in a Reddit thread when one user posted how they could...

Citrix today released patches for multiple new security vulnerabilities affecting its Citrix Endpoint Management (CEM), also known as XenMobile, a product made for enterprises to help companies manage and secure their employees' mobile devices remotely, The Hacker News reported. Citrix Endpoint Management offers businesses mobile device management (MDM) and mobile application management (MAM) capabilities. It allows companies to control which apps their employees can install while ensuring updates and security settings are applied to keep...

Attempts by UK law enforcement to use facial recognition technology in crime investigation and prevention have taken a blow today, with a civil liberties group and an individual based on Cardiff winning a legal challenge brought to South Wales Police regarding the use of the technology. The group involved was called Liberty, who were working in conjunction with Ed Bridges, 37.

Kaspersky has shown that in Q2 of 2020, there has been a notable upswing in the volume of distributed denial of service DDoS attacks, which have tripled from Q2 of 2019. This is in response to the Covid19 remote working landscape, with less people on holiday than usual during the quarter, and more depending on online resources in order to complete their usual working tasks.

The notorious password stealing browser Agent Tesla is back. The trojan, used for remote access, now has the capability to steal passwords from web browsers as well as from VPNs. An active remote access trojan since 2014, Agent Tesla is a commercially available infostealer which also doubles as a keylogger.

According to BleepingComputer, bad actors are utilising fake security advisories to carry out phishing attacks on cPanel users. An administrative software typically installed on shared web hosting services, cPanel allows website owners to administer their site through a graphical user interface. However, last week, fake advisories were issued indicating "security concerns" that needed to be addressed. With these notifications, users are offered the 'latest', fraudulent updates, and urged to install them.  

In a Private Industry Notification (PIN) issued by the U.S domestic intelligence and security service, it was revealed that Iranian state-sponsored hackers are actively exploiting an F5 BIG-IP flaw. The flaw allows for unauthenticated remote code executions on devices used by Fortune 500 companies, government agencies and banks, shared BleepingComputer. The FBI have added further that these hackers may choose to collect or steal sensitive data from these organisations that could be shared either to...

On Friday, moderators of over 70 groups on Reddit Inc. were hacked. Messages in support of Donald Trump were then posted in both English and Mandarin, reaching millions of subscribers. Among the subreddits defaced were r/space, r/food. r/Japan, r/nfl, r/cfb and r/podcasts, all popular subreddits. According to SiliconAngle, while it is yet unknown how these moderator accounts were hacked, Reddit has found that many have not been using two-factor authentication. The popular social news aggregation...

A notorious ransomware gang has been hitting a key manufacturer of coronavirus ventilators in the US. The DoppelPaymer gang have threatened Boyce Technologies with releasing valuable data if the ransom is not paid – as it stands, the ransom amount has not been disclosed. It’s unfortunate to hear Boyce Technologies, an FDA-approved ventilator manufacturer, has had critical information stolen given they produce low-cost ventilators in just 30 days. It is believed the data stolen includes sales, purchase...