Here are this week’s highlights in cybersecurity:

  • Google Chrome extensions can be fingerprinted and used for online tracking. More
  • The U.S. DoJ together with partners from Germany, the Netherlands and the United Kingdom, have dismantled the infrastructure of a Russian botnet known as RSOCKS which hacked millions of computers and other electronic devices around the world. The FBI purchased access to the botnet in order to identify its backend infrastructure and its victims. The initial purchase in early 2017 identified approximately 325,000 compromised victim devices throughout the world, with many in the US. More
  • QNAP warned customers on Friday to secure their devices against a new campaign of attacks deploying DeadBolt ransomware. Campaign is targeting devices running outdated versions of QTS 4.x. More
  • Former AWS employee, was convicted yesterday of seven federal crimes connected to her scheme to hack into cloud computer data storage accounts and steal data and computer power for her own benefit, announced U.S. Attorney Nick Brown. Paige Thompson a.k.a ‘erratic,’ was arrested in July 2019, after Capital One alerted the FBI to Thompson’s hacking activity in which she stole 100 million credit applications. More
  • RCS Labs, an Italian spyware vendor received help from some Internet service providers (ISPs) to infect Android and iOS users in Italy and Kazakhstan with commercial surveillance tools, according to a Google TAG report. In some cases, the actors worked with the target’s ISP to disable the target’s mobile data connectivity, after-which the attacker would send a malicious link via SMS asking the target to install an application to recover their data connectivity. More
  • Amazon demonstrated an experimental AI feature of Alexa that can learn how to mimic someone’s voice from just a single minute’s worth of recorded audio. More
  • Cryptographers have found at least five exploitable security flaws in the MEGA cloud storage service and warned that the issues could lead to devastating attacks on the confidentiality and integrity of user data in the MEGA cloud, contrary to their promise of delivering User-Controlled End-to-End Encryption. More
  • Chinese hackers distribute SMS bomber with malware hidden inside. The bomber works by sending the target number to several services the send OTP messages. The hidden malware is written in Nim and uses a modified version of the AES encryption algorithm which shows cryptographic know-how on part of the attackers. More

Don’t have time to check this page? You can get the news summary every week in your email inbox by subscribing to my newsletter.