Each week Zacco tracks the latest cyber security threats, current industry news or trends and insights into the latest protection best practice. The Cyber Security Digest is a weekly compilation of the most significant developments within both cybersecurity and digital protection space, with links to further information on how it might affect you, your company or your clients.
Essential reading for cyber security professionals, as well as the general public, to keep you informed of current events and emerging threats.
Google removed nine apps with over 5.8 million views after it was found stealing user’s Facebook login credentials. These malicious apps were disguised as photo-editing, optimizer, fitness, and astrology programs to trick victims into logging in using their Facebook ID and hijack their credentials using a simple JavaScript
The first recorded commercial Phishing attack is believed to be on e-gold in June 2001, but it is widely considered to have failed.
NVIDIA has released software updates for 26 vulnerabilities impacting its Jetson chipset. If exploited, this vulnerability could allow hackers to escalate privileges and even lead to denial-of-service and information disclosure
The Hard Drive Giant Western Digital has asked the users of their MyBook Live brand of network storage devices to disconnect their device from the internet due to a vulnerability that’s being exploited by hackers. This vulnerability allows hackers to wipe the devices remotely.
Cybersecurity researchers from Eclypsium found a set of vulnerabilities in Dell’s BIOSConnect feature of Dell’s support assistant. The hackers can gain arbitrary code execution at the BIOS/UEFI level. This also allows them to remotely implement code within the BIOS of the affected devices
The data breach was disclosed by Mercedes-Benz on Friday. The breach has exposed around 1.6 million customers and the exposed data include customer names, addresses, emails, phone numbers, social security numbers, and some purchased vehicle information
A French court has fined the furniture giant IKEA’s French subsidiary. A fine of 1.3 million was levied on them for using an illegal spying system on 400 customers and staffs
The vulnerability was discovered by Mayur Fartade. The now patched flaw would have allowed threat actors to view private/archived posts, stories, reels, IGTV without having to follow the user using Media ID
Based on a report published by security researchers from Avanan has revealed that hackers are using Google Doc exploit in a new phishing campaign by bypassing security filters
Cybersecurity researcher Evan Grant from security firm Tenable has discovered a vulnerability, that allows hackers to take over users account. If hackers exploit this vulnerability, they have access to users Teams chat, One Drive files and Emails
Several critical flaws have been discovered in Samsung’s pre-installed Samsung apps. If exploited the hackers can gain access to personal data without users consent and take control of the device. They can also edit contacts, calls, SMS/MMS, install arbitrary apps with device administrator rights, or read and write arbitrary files
Volkswagen has disclosed data breach suffered by third-party vendors. This has also affected the subsidiary company Audi and authorised dealers in U.S and Canada. Exposed data includes personal information about customers and prospective buyers, including name, personal or business mailing addresses, email addresses, phone numbers, vehicle purchased, leased, or inquired about, such as the Vehicle Identification Number (VIN), make, model, year, colour, and trim packages
The largest video game distributor in the world EA (Electronic Arts) Sports was a victim of a cyber attack. The hackers have stolen the source code of games and also gained the access to an internal graphics tool known as “Frostbite”. Hackers have claimed that they have accessed data worth 28 million. The buyers will be able to abuse all EA services as a reward
Microsoft security patch for June 2021 has released fixes for 50 vulnerabilities. Out of these 50 vulnerabilities 5 are considered as critical and 45 as important
The security researchers from sonic wall discovered a new flaw in the SonicWall Network Security Manager which allows attackers to perform OS command Injection. SonicWall has informed its customers to patch a post-authentication vulnerability immediately
The Chinese linked APT breached New York City’s Metropolitan Transportation Authority (MTA) exploiting the Pulse secure Zero-Day. The officials told that the breach was the third and the most significant in recent years. There was no damage as the attackers were not able to gain access to the (MTA) control systems
