Cybersecurity Weekly: Capital One fined, Qualcomm bugs, HaveIBeenPwned open sourced

Category: Industry news
August 11, 2020

Capital One fined for 2019 data breach affecting 106 million users. Nearly 50% of all smartphones affected by Qualcomm Snapdragon bugs. Have I Been Pwned code base goes open source. All this, and more, in this week’s edition of Cybersecurity Weekly.

 

1. Capital One fined for 2019 data breach affecting 106 million users

A United States regulator fined the credit card provider Capital One Financial Corp $80 million over last year’s data breach that exposed the personal information of more than 100 million credit card applicants of Americans. Besides credit card information, the hacker also managed to steal approximately 140,000 Social Security numbers.
Read more »

 

2. Nearly 50% of all smartphones affected by Qualcomm Snapdragon bugs

Several security vulnerabilities have been found in Qualcomm’s Snapdragon Digital Signal Processor chip. This could allow attackers to take control of more than 40% of all smartphones without user interaction, spy on their users and create unremovable malware capable of evading detection.
Read more »

 

3. Have I Been Pwned code base goes open source

In a personal blog post, HaveIBeenPwned.com’s creator Trow Hunt announced that he is open sourcing his code base.This comes after a failed attempt to auction the site over the past few months. Hunt says in his post that transparency and community support were also big drivers of the transition to open source.
Read more »

 

4. TeamViewer fixes bug that lets attackers access your PC

TeamViewer patched a vulnerability that could let attackers quietly establish a connection to your computer and further exploit the system. When successfully exploited, this bug would let an unauthenticated, remote actor execute code on your Windows PC, or obtain password hashes.
Read more »

 

5. Credit card skimmers using homograph domains and infected favicon

Last week, cybersecurity researchers highlighted an evasive phishing technique that attackers are exploiting in the wild. This attack targets visitors of several sites with a quirk in domain names, and leverages modified favicons to inject e-skimmers and covertly steal payment card information.
Read more »

 

6. Intel, ARM, IBM and AMD processors vulnerable to new side-channel attacks

According to new research, the root cause behind several previously disclosed speculative execution attacks against modern processors, such as Meltdown and Foreshadow, was misattributed to a prefetching effect. This resulted in hardware vendors releasing incomplete mitigations and countermeasures.
Read more »

 

7. Intel leak: 20GB of source code, internal docs from alleged breach

Classified and confidential documents from Intel, allegedly resulting from a breach, were uploaded last week to a public file sharing service. The cache of secret information is 20GB large and comes from an unknown source. It was announced as the first part in a series of Intel leaks, with more expected in the near future.
Read more »

 

8. Canon confirms ransomware attack in internal memo

Canon has suffered a ransomware attack that impacts numerous services, including Canon’s email, Microsoft Teams, U.S. website and other internal applications. Canon disclosed the ransomware attack in an internal employee memo and is working to address the issue.
Read more »

 

9. Hacked data broker accounts fueled phony COVID loans, unemployment claims

A group of thieves is thought to be responsible for collecting millions in fraudulent small business loans and unemployment insurance benefits from COVID-19 economic relief efforts. They recently gathered personal data on people and businesses they were impersonating by leveraging several compromised accounts at a U.S. consumer data broker.
Read more »

 

10. TeamViewer flaw could let hackers steal system password remotely

TeamViewer recently released a new version of its software that includes a patch for a severe vulnerability. If exploited, it could let remote attackers steal your system password and eventually compromise it. The attack can be executed almost automatically without requiring much interaction from the victim.
Read more »