Cybersecurity Weekly: Capital One fined, Qualcomm bugs, HaveIBeenPwned open sourced
Capital One fined for 2019 data breach affecting 106 million users. Nearly 50% of all smartphones affected by Qualcomm Snapdragon bugs. Have I Been Pwned code base goes open source. All this, and more, in this week’s edition of Cybersecurity Weekly.
See Infosec IQ in action
1. Capital One fined for 2019 data breach affecting 106 million users
A United States regulator fined the credit card provider Capital One Financial Corp $80 million over last year's data breach that exposed the personal information of more than 100 million credit card applicants of Americans. Besides credit card information, the hacker also managed to steal approximately 140,000 Social Security numbers.
2. Nearly 50% of all smartphones affected by Qualcomm Snapdragon bugs
Several security vulnerabilities have been found in Qualcomm's Snapdragon Digital Signal Processor chip. This could allow attackers to take control of more than 40% of all smartphones without user interaction, spy on their users and create unremovable malware capable of evading detection.
3. Have I Been Pwned code base goes open source
In a personal blog post, HaveIBeenPwned.com’s creator Trow Hunt announced that he is open sourcing his code base.This comes after a failed attempt to auction the site over the past few months. Hunt says in his post that transparency and community support were also big drivers of the transition to open source.
4. TeamViewer fixes bug that lets attackers access your PC
TeamViewer patched a vulnerability that could let attackers quietly establish a connection to your computer and further exploit the system. When successfully exploited, this bug would let an unauthenticated, remote actor execute code on your Windows PC, or obtain password hashes.
5. Credit card skimmers using homograph domains and infected favicon
Last week, cybersecurity researchers highlighted an evasive phishing technique that attackers are exploiting in the wild. This attack targets visitors of several sites with a quirk in domain names, and leverages modified favicons to inject e-skimmers and covertly steal payment card information.
6. Intel, ARM, IBM and AMD processors vulnerable to new side-channel attacks
According to new research, the root cause behind several previously disclosed speculative execution attacks against modern processors, such as Meltdown and Foreshadow, was misattributed to a prefetching effect. This resulted in hardware vendors releasing incomplete mitigations and countermeasures.
7. Intel leak: 20GB of source code, internal docs from alleged breach
Classified and confidential documents from Intel, allegedly resulting from a breach, were uploaded last week to a public file sharing service. The cache of secret information is 20GB large and comes from an unknown source. It was announced as the first part in a series of Intel leaks, with more expected in the near future.
8. Canon confirms ransomware attack in internal memo
Canon has suffered a ransomware attack that impacts numerous services, including Canon's email, Microsoft Teams, U.S. website and other internal applications. Canon disclosed the ransomware attack in an internal employee memo and is working to address the issue.
9. Hacked data broker accounts fueled phony COVID loans, unemployment claims
A group of thieves is thought to be responsible for collecting millions in fraudulent small business loans and unemployment insurance benefits from COVID-19 economic relief efforts. They recently gathered personal data on people and businesses they were impersonating by leveraging several compromised accounts at a U.S. consumer data broker.
Phishing simulations & training
10. TeamViewer flaw could let hackers steal system password remotely
TeamViewer recently released a new version of its software that includes a patch for a severe vulnerability. If exploited, it could let remote attackers steal your system password and eventually compromise it. The attack can be executed almost automatically without requiring much interaction from the victim.