Microsoft
Microsoft is warning users that hackers are actively exploiting a new zero-day vulnerability in Internet Explorer. No patch is yet available. To read more:https://thehackernews.com/2020/01/internet-explorer-zero-day-attack.html
Email threat detection
BitDam recently published a study on weaknesses in email threat detection. The study found that both Microsoft and Google are poor at finding unknown threats. To read more: https://thehackernews.com/2020/01/email-security-software.html
Jeff Bezos
Amazon CEO Jeff Bezos had his mobile phone hacked in 2018—and new research indicates that the hack may have come from the personal account of the crown prince of Saudi Arabia. To read more: https://www.theguardian.com/technology/2020/jan/21/amazon-boss-jeff-bezoss-phone-hacked-by-saudi-crown-prince
Tinder
A researcher discovered thousands of Tinder user images publicly available online. To read more: https://nakedsecurity.sophos.com/2020/01/21/what-do-online-file-sharers-want-with-70000-tinder-images/
THSuite
Researchers discovered a data breach in THSuite, a point-of-sale system used by the cannabis industry. An unsecured Amazon S3 bucket exposed sensitive data from dispensaries around the US. To read more: https://www.vpnmentor.com/blog/report-thsuite-breach/
Microsoft Customer Support
Microsoft disclosed a security breach that took place in December 2019. A database that stored anonymized customer-support analytics was exposed online. To read more: https://www.zdnet.com/article/microsoft-discloses-security-breach-of-customer-support-database/
AWS Engineer
An engineer with Amazon Web Services accidentally published customer information to a public GitHub repository. Researchers found a 954MB repository containing resource templates as well as log files from the second half of 2019. To read more: https://www.theregister.co.uk/2020/01/23/aws_engineer_credentials_github/?ck_subscriber_id=512831035
Gedia
The group responsible for a recent hack on Travelex launched a cyberattack on Gedia, a German automotive-parts supplier. The attack forced the company to shut down its IT systems and send workers home. To read more:https://www.computerweekly.com/news/252477247/Travelex-hackers-shut-down-German-car-parts-company-Gedia-in-massive-cyber-attack
Citrix
Hackers are abusing unpatched systems running Citrix using the disclosed vulnerability CVE-2019-19781. One of the groups attacking these servers is the REvil ransomware gang. Citrix has released a patch for the vulnerability, but some organizations are proving slow to deploy the patch. To read more: https://www.zdnet.com/article/hackers-target-unpatched-citrix-servers-to-deploy-ransomware/
Mitsubishi Electric
Mitsubishi Electric was hit by a cyberattack that may have compromised information on government agencies and business partners. Personal data on 8,000 people, including employees, were impacted. To read more: https://www.japantimes.co.jp/news/2020/01/20/business/corporate-business/mitsubishi-electric-cyberattack-china/
Website domains
Hackers are attacking and stealing web domains from online businesses. Investigative journalist Brian Krebs reports on one company that had a critical domain stolen by scammers. To read more: https://krebsonsecurity.com/2020/01/does-your-domain-have-a-registry-lock/
MDhex
Researchers disclosed six vulnerabilities, collectively referred to as MDhex, that impact seven GE Healthcare devices used to monitor patients’ vital signs. To read more: https://www.zdnet.com/article/mdhex-vulnerabilities-impact-ge-patient-vital-signs-monitoring-devices/