Cybersecurity News Headlines Update on August 25, 2020

Former Uber CSO Indicted for Covering Up 2016 Breach. Former Uber CSO Joseph Sullivan has been indicted for allegedly covering up a 2016 data breach at the company. The breach compromised personal data belonging to 57 million Uber drivers and passengers; the information included Uber drivers driver’s license numbers. Sullivan allegedly failed to disclose the breach while the FTC was investigating a 2014 breach at the company.

Read more in:

CISA Releases 5G Security Strategy. On Monday, August 24, the US Cybersecurity and Infrastructure Security Agency (CISA) released a strategy to defend 5G networks against threats. The strategy “establishes five strategic initiatives that seek to advance the deployment of a secure and resilient 5G infrastructure.”

Read more in:

Malicious Code Found in Mintegral iOS SDK. A report from Snyk describes malicious code it detected in an iOS software development kit (SDK) that has been used in more than 1,200 apps; the vulnerable apps have been downloaded a collective total of more than 300 million times. The Mintegral iOS SDK collects user data and steals clicks from ads commits advertising attribution fraud.

Read more in:

Canpar Express Hit with Ransomware. The internal computer systems at Canadian delivery company Canpar Express were infected with ransomware last week. Customers complained of delayed deliveries. On Monday, August 24, files that appear to have been taken from Canpar systems were leaked on the dark web.

Read more in:

FBI and CISA Release “Vishing” Warning. The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) has issued a joint advisory warning of an increase in the threat of voice phishing, or “vishing,” attacks targeting people working from home during the pandemic. The attackers call their targeted victims and, pretending to be IT desk employees, tell them they need to use a different VPN login page. They then direct the victims to specially-crafted pages that harvested their VPN credentials. The advisory offers mitigation advice for organizations and end-users.

Read more in:

Zoom Outages Fixed. Video communications company Zoom experienced outages on Monday, August 24. The majority of the outages affected users in the UK and on the East Coast of the US. The issues were resolved shortly after 1:00pm ET (5:00pm UTC.)

Read more in:

Flaw in WooCommerce NAB Transact Extension. A critical payment bypass vulnerability in the WooCommerce NAB Transact extension could be exploited to make it appear to vendors that orders have been paid in full. The NAB extension, which is from National Australia Bank, lets online vendors process payment card transactions within their websites. Users are urged to upgrade to version 2.1.2.

Read more in:

Freepik Data Breach Affects 8.3M Users. Hackers used an SQL injection attack to steal email addresses and password hashes belonging to 8.3 million Freepik and Flaticon users. Freepik is a website that offers free photos and design graphics.

Read more in:

MITRE Active Defense Framework. MITRE’s Shield active cyber defense framework is designed to help organizations “engage… an active cyber defense.” The Shield Active Defense Matrix cross-references tactics – what defenders want to accomplish – with techniques for achieving those tactics.

Read more in:

Fix Available for BIND 9 Denial-of-Service Issue. A security flaw affecting BIND name server versions 9.16.1 through 9.17.1 could be exploited to cause denial-of-service conditions on vulnerable devices. Updated versions of BIND address this buffer overflow vulnerability as well as several less severe flaws.

Read more in:

WordPress Sites With Discount Rules for WooCommerce Plugin Being Targeted By Attackers. WordPress sites with Discount Rules for WooCommerce plugin installed have been warned of attacks exploiting vulnerabilities discovered on August 7 by researchers at WebAR. The flaws identified in Discount Rules for WooCommerce, already patched by developer with the release of version 2.1.0.

Read more in WordPress Sites Targeted via Vulnerabilities in WooCommerce Discounts Plugin

Safari Phishing Bug In Web Share API, Could Lead To Stolen Files. The bug was identified by Pawel Wylecial, co-founder of REDTEAM.PL. during April. The findings go public after Apple delayed patching the bug for almost a year, to the spring of 2021.

Read more in:

Published by Thomas Apel

, a dynamic and self-motivated information technology architect, with a thorough knowledge of all facets pertaining to system and network infrastructure design, implementation and administration. I enjoy the technical writing process and answering readers' comments included.