News

Researchers identified eight malicious Android apps, mostly camera utilities, and children’s games, that were spreading a new data-stealing malware strain that also signs victims up for expensive premium services. The malware, named Haken, was found in apps is in the Google Play marketplace. Since it was discovered, victims have claimed that the malware signs them up for premium subscription services without permission and covertly. The eight apps have since been removed from the Play Marketplace,...

  Google has brought its popular Lighthouse extension used by over 400,000 users to Mozilla Firefox so that web developers can test the browser's performance against submitted web pages. Lighthouse is an open-source tool for testing the performance of web pages through Google's PageSpeed Insights API and was released as an extension for Google Chrome in 2016. Source: Bleeping Computer

With the release of Google Chrome 80, Google quietly slipped in a new feature that allows users to create a link directly to a specific word or phrase on a page. A Brave Browser researcher, though, sees this as a potential privacy risk and is concerned Google added it too quickly. Source: Bleeping Computer

Slickwraps has revealed a data breach impacting over 850,000 user accounts, admitting its mistake in permitting customer records to become public. Slickwraps is an online store that offers skins for a variety of smartphones, tablets, gaming consoles, and laptops. Last week, the company said in a blog post that on February 21, Slickwraps discovered that customer records were available and "mistakenly made public via an exploit." Source: ZD Net

10.6 million people who had stayed at MGM Resorts have had their personal data published on a hacking forum, it was revealed this week. According to ZD Net the leaked personal data included names, addresses, phone numbers, emails and dates of birth. It is thought that the recent breach stems from an earlier incident which occurred last year, whereby unauthorised actors were able to access MGM’s internal cloud and therefore the personal information of previous...

A default password would let anyone access the Cisco Smart Software Manager On-Prem Base platform, even if it’s not directly connected to the internet.  A critical flaw in the High Availability (HA) service of Cisco Smart Software Manager On-Prem Base has been uncovered, which would open the door to remote attackers thanks to its use of a static, default password, even if the platform isn’t directly connected to the internet. Source: Threatpost

Neebs Gaming, a highly popular YouTube gaming channel boasting of 1.88 million subscribers, was hacked over the weekend by unidentified crypto scammers, who changed its name and banner to Coinbase Pro to collect Bitcoin from its viewers/subscribers. Source: HackRead

The US Department of Defence confirmed that computer systems controlled by the Defence Information Systems Agency (DISA) had been hacked, exposing the personal data of about 200,000 people.The agency oversees military communications including calls for US President Donald Trump. The data exposed included names and social security numbers. Source: BBC

Microsoft issued a patch for an Internet Explorer scripting engine memory corruption vulnerability that could lead remote code execution and that has been detected in the wild. The vulnerability, CVE-2020-0674, carries a CVSS rating of 7.5 and since it has been detected being abused in the wild requires users to update their systems as soon as possible. Source: SC Magazine

With 500,000 staff, making it one of the world’s largest private sector employers, ISS has operations in over 60 countries around the world. It provides building maintenance, janitorial services, office supplies, physical building security, catering and facilities management services to a large roster of enterprise clients. It makes revenues of approximately DKK75bn (£8.4bn) per annum. ISS said the attack began on 17 February. “As a precautionary measure and as part of our standard operating procedure,...