Top Weekly Cyber News: July 7-13, 2019

Hi folks! You may find below the latest news about global incidents, threats and attacks handpicked by our super XM Cyber team of experts.
Bleeping Computer – Amazon Accounts Targeted by 16Shop Phishing Kit
July 12
A new version of the 16Shop phishing kit has been observed in the wild, with more than 200 URLs loading login aimed at collecting login information from Amazon customers. [More]

Infosecurity Magazine – Apple Disables Walkie-Talkie App Over Privacy Concerns
July 12
Apple has disabled a popular comms app on its watchOS after concerns were raised over users being able to eavesdrop on each other. [More]

Bleeping Computer – Monroe College Hit With Ransomware, $2 Million Demanded
July 12
A ransomware attack at New York City’s Monroe College has shutdown the college’s computer systems at campuses located in Manhattan, New Rochelle and St. Lucia. [More]

SC Magazine – Dire straights: Glamoriser smart hair straighteners susceptible to hacking, warn researchers
July 12
A pen testing firm has disclosed a vulnerability in the Glamoriser smart hair straightener that could allow attackers to easy gain control of the device and perhaps create a fire hazard. [More]

Bleeping Computer – Over 17,000 Domains Infected with Code that Steals Card Data
July 11
Cybercriminals running Magecart operations have added payment card skimming code to more than 17,000 domains with JavaScript files in misconfigured Amazon S3 buckets. [More]

Bleeping Computer – 25 Million Android Devices Infected by ‘Agent Smith’ Malware
July 10
Malware researchers discovered a new malicious campaign for Android devices that replaces legitimate apps with tainted copies built to push advertisements or hijack valid ad events. [More]

ZDNet – Academics steal data from air-gapped systems via a keyboard’s LEDs
July 10
CTRL-ALT-LED technique can exfiltrate data from air-gapped systems using Caps Lock, Num Lock, and Scroll Lock LEDs. [More]

Threat Post – Zoom Zero-Day Bug Opens Mac Users to Webcam Hijacking
July 9
A zero-day vulnerability in the Zoom client for Mac allows a malicious website to hijack a user’s web camera without their permission. [More]


Purple is the New Black


Find and fix the exposures that put your critical assets at risk with ultra-efficient remediation.

See what attackers see, so you can stop them from doing what attackers do.