Cybersecurity Weekly: Capital One fined, Qualcomm bugs, HaveIBeenPwned open sourced
Capital One fined for 2019 data breach affecting 106 million users. Nearly 50% of all smartphones affected by Qualcomm Snapdragon bugs. Have I Been Pwned code base goes open source. All this, and more, in this week’s edition of Cybersecurity Weekly.
See Infosec IQ in action
1. Capital One fined for 2019 data breach affecting 106 million users
A United States regulator fined the credit card provider Capital One Financial Corp $80 million over last year's data breach that exposed the personal information of more than 100 million credit card applicants of Americans. Besides credit card information, the hacker also managed to steal approximately 140,000 Social Security numbers.
2. Nearly 50% of all smartphones affected by Qualcomm Snapdragon bugs
Several security vulnerabilities have been found in Qualcomm's Snapdragon Digital Signal Processor chip. This could allow attackers to take control of more than 40% of all smartphones without user interaction, spy on their users and create unremovable malware capable of evading detection.
3. Have I Been Pwned code base goes open source
In a personal blog post, HaveIBeenPwned.com’s creator Trow Hunt announced that he is open sourcing his code base.This comes after a failed attempt to auction the site over the past few months. Hunt says in his post that transparency and community support were also big drivers of the transition to open source.
4. TeamViewer fixes bug that lets attackers access your PC
TeamViewer patched a vulnerability that could let attackers quietly establish a connection to your computer and further exploit the system. When successfully exploited, this bug would let an unauthenticated, remote actor execute code on your Windows PC, or obtain password hashes.
5. Credit card skimmers using homograph domains and infected favicon
Last week, cybersecurity researchers highlighted an evasive phishing technique that attackers are exploiting in the wild. This attack targets visitors of several sites with a quirk in domain names, and leverages modified favicons to inject e-skimmers and covertly steal payment card information.
6. Intel, ARM, IBM and AMD processors vulnerable to new side-channel attacks
According to new research, the root cause behind several previously disclosed speculative execution attacks against modern processors, such as Meltdown and Foreshadow, was misattributed to a prefetching effect. This resulted in hardware vendors releasing incomplete mitigations and countermeasures.
7. Intel leak: 20GB of source code, internal docs from alleged breach
Classified and confidential documents from Intel, allegedly resulting from a breach, were uploaded last week to a public file sharing service. The cache of secret information is 20GB large and comes from an unknown source. It was announced as the first part in a series of Intel leaks, with more expected in the near future.
8. Canon confirms ransomware attack in internal memo
Canon has suffered a ransomware attack that impacts numerous services, including Canon's email, Microsoft Teams, U.S. website and other internal applications. Canon disclosed the ransomware attack in an internal employee memo and is working to address the issue.
9. Hacked data broker accounts fueled phony COVID loans, unemployment claims
A group of thieves is thought to be responsible for collecting millions in fraudulent small business loans and unemployment insurance benefits from COVID-19 economic relief efforts. They recently gathered personal data on people and businesses they were impersonating by leveraging several compromised accounts at a U.S. consumer data broker.
See Infosec IQ in action
10. TeamViewer flaw could let hackers steal system password remotely
TeamViewer recently released a new version of its software that includes a patch for a severe vulnerability. If exploited, it could let remote attackers steal your system password and eventually compromise it. The attack can be executed almost automatically without requiring much interaction from the victim.
In this Series
- Cybersecurity Weekly: Capital One fined, Qualcomm bugs, HaveIBeenPwned open sourced
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
