Cyber Weekly Digest - Week #35
Updated: Sep 4, 2020
This week's digest will feature the biggest and latest cyber security news. Keep reading to find out more about why New Zealand's stock exchange trading was disrupted, the new security feature for Office 365 and how one of India's largest travel sites had 43GB of exposed data destroyed.
1. New Zealand’s stock exchange was hit by a DDoS cyber-attack which meant trading temporarily halted.
New Zealand’s stock exchange announced it would not reopen due to a DDoS attack on Tuesday and Wednesday. NXZ stated that the attack had been conducted “offshore via its network service provider” and that they decided not to re-open while they focus on addressing the issue. The disruption has raised questions on New Zealand's security systems due to failing to stop the “offshore” attacks.
2. Office 365 now opens attachments in an isolated sandbox so that it can prevent infections.
At the beginning of the week Microsoft announced a new feature update, Application Guard. The new feature means that Office 365 users can open their attachments in an isolated sandbox which should prevent malicious attachments from executing and exploiting vulnerabilities.
3. A high-severity flaw was discovered in the desktop version of the TeamViewer app which could allow malicious actors to steal passwords.
The week also started with a high severity flaw being discovered in the TeamViewer app. The vulnerability is found in the desktop version of the app for Windows before 15.8.3. The flaw means that TeamViewer Desktop for Windows does not properly quote its custom URI handlers, which could expose passwords to an attacker.
4. A new study this week found that 47% of IT leaders have not updated their security for their move to the cloud.
CloudSec’s new study has highlighted that 47% of UK IT leaders have not adequately updated their security to account for their move to cloud environments. Many organisations are forced to move to cloud environments due to the pandemic which means that without the appropriate security in place, they are leaving themselves vulnerable.
5. Meow attacker deleted 43gb of data which was exposed by one of India's most popular travel sites.
India’s most popular travel booking site exposed 43GB of data which included physical addresses, mobile numbers, and some details of payment cards. This information could not only put customers in physical danger but also could have been used to conduct identity fraud. The bot-driven Meow attack campaign deleted all but 1GB of the data before the data could be saved. The Meow attacker has destroyed data from thousands of victims where cloud databases are not properly configured.