Each week Zacco tracks the latest cyber security threats, current industry news or trends and insights into the latest protection best practice. The Cyber Security Digest is a weekly compilation of the most significant developments within both cybersecurity and digital protection space, with links to further information on how it might affect you, your company or your clients.
Essential reading for cyber security professionals, as well as the general public, to keep you informed of current events and emerging threats.
Google new privacy practice will come into effect in later 2021. This will make it hard for apps on android phone and tablet to track users who have opted out of receiving personalised interest ads. When this feature rolls out “You will receive a string of zeros in place of the identifier” said google in the support document
The new privacy update which was rolled out quietly for the US was first discovered by TechCrunch. The company owned by ByteDance said in the newly introduced section“Image and Audio said that “We may collect biometric identifiers and biometric information as defined under U.S. laws, such as faceprints and voiceprints, from your User Content. Where required by law, we will seek any required permissions from you prior to any such collection
Security researchers from Trend Micro have discovered a new threat attack that involves crypto-jacking group Team TNT who have compromised 50, 000 Kubernetes clusters. The attackers can take over a cluster of any organization through RBAC misconfiguration or a cluster’s vulnerable version
Carnegie Mellon CERT Coordination Centre (CERT/CC) has discovered a total of 7 vulnerabilities that allow attackers to impersonate a legitimate device and launch a DOSS attack. The flowing is the list of vendors who have been affected Red Hat, Cisco, Android Open-Source Project (AOSP), Cradlepoint, Intel, Microchip Technology
Security researchers from CrowdStrike have discovered a malvertising campaign with an evasion technique. This malware uses fraudulent Google Ads which penetrates the search result pages to target unsuspected users
Researchers from Ruhr University Bochum have disclosed two new attack methods dubbed as Evil Annotation and Sneaky Signature. This allows attackers to alter documents visible content by displaying malicious content over the certified content without invalidating its signature
The security team at Microsoft has discovered a new malware campaign STRRAT. Security experts say that the hackers are distributing a trojan (Rat) through this malware. This malware steals malware from the infected systems and conceals itself as ransomware
Google on their security bulletin disclosed four of the security vulnerabilities exploited in the wild. Successful exploitation of this vulnerability could grand an adversary cartel blanche access to the targeted device and eventually taking over control
Security researcher Axel Souchet has published a proof-of-concept exploit code for the flaw. Specially crafted packets can be used on the targeted servers using the HTTP Protocol Stack. These stacks are used in Windows built-in IIS server, If the server is enabled this could be easily exploited
Air India disclosed a data breach which as affected 4.5 million customers over a period of 10 years. This was due to their Passenger Service System PSS provider fell victim to a cyber-attack this year. The breach involves personal data registered between August 26th, 2011 to 3rd February 2021
Adobe has released updates for its patch Tuesday and has fixed several vulnerabilities which affect 12 of its products. Among that a 0-day vulnerability affecting the adobe reader which is being exploited in the wild. The reports state that the vulnerability could allow any command execution virtually
Milan based online fraud prevention firm Cleafy’s has discovered a new Android banking trojan that has been affecting users across Europe. This malware can take full control of the targeted device remotely and can steal login credentials also can send and intercept messages
Security researchers from Anomali said that hackers are abusing Microsoft build Engine (MS Build) to deliver remote access trojans and password-stealing malware on targeted devices
Microsoft has released security updates for May 2021. It has released fixes for 55 vulnerabilities out of these vulnerabilities 4 are classified as critical and 50 are considered as important and 1as moderate
Security detectives from AV reviews site found a china based Elasticsearch server exposed online without secured protection like encryption or a password. The 7GB trove contained over 13 million personal information of users
Security researchers have discovered new vulnerabilities in Qualcomm’s mobile station modems (MSM). If this vulnerability is exploited, hackers could use the Android OS as an entry point to inject malicious codes into the phone and this allows them to access SMS messages and audio of phone conversations
