Kathleen Maxted
Aug 28, 20202 min
Updated: Sep 4, 2020
New Zealand’s stock exchange announced it would not reopen due to a DDoS attack on Tuesday and Wednesday. NXZ stated that the attack had been conducted “offshore via its network service provider” and that they decided not to re-open while they focus on addressing the issue. The disruption has raised questions on New Zealand's security systems due to failing to stop the “offshore” attacks.
At the beginning of the week Microsoft announced a new feature update, Application Guard. The new feature means that Office 365 users can open their attachments in an isolated sandbox which should prevent malicious attachments from executing and exploiting vulnerabilities.
The week also started with a high severity flaw being discovered in the TeamViewer app. The vulnerability is found in the desktop version of the app for Windows before 15.8.3. The flaw means that TeamViewer Desktop for Windows does not properly quote its custom URI handlers, which could expose passwords to an attacker.
CloudSec’s new study has highlighted that 47% of UK IT leaders have not adequately updated their security to account for their move to cloud environments. Many organisations are forced to move to cloud environments due to the pandemic which means that without the appropriate security in place, they are leaving themselves vulnerable.
India’s most popular travel booking site exposed 43GB of data which included physical addresses, mobile numbers, and some details of payment cards. This information could not only put customers in physical danger but also could have been used to conduct identity fraud. The bot-driven Meow attack campaign deleted all but 1GB of the data before the data could be saved. The Meow attacker has destroyed data from thousands of victims where cloud databases are not properly configured.