Internet Security Week - Edition No. 40

News on the blog!

Updates and improvements are necessary in all work, which is why our Newsletter is now called Internet Security Week .

In issue 40, 350 thousand Spotify accounts hijacked, attack can steal a car in 90 seconds, penalty for cases of electronic crimes and much more.

News

Baidu leaks data from millions of Android app users

Baidu Maps and Baidu App exposed phone information and unique equipment numbers; applications had already been banned from the Play Store.

By Leticia Riente in Olhar Digital

TSE assumes that DDoS attack took down e-Título app during the elections

The Superior Electoral Court (TSE) assumed that the DDoS attack it suffered during the first round of municipal elections, on Sunday (15) “may have caused instability in the e-Título application and in the electronic judicial process system (PJe)”.

By Guilherme M. Petry in The Hack

Around 350,000 Spotify accounts were hijacked through credential stuffing attacks

Researchers discovered an exposed database that contained data with 380 million records, including access passwords that were used to hijack almost 350,000 accounts.

By Amer Owaida in We Live Security

Attack can steal a Tesla Model X in 90 seconds

The company is releasing a patch for the vulnerabilities, which allowed a researcher to break into a car in 90 seconds and drive away.

By Andy Greenber in Wired

New Egregor ransomware operates with dual double extortion attacks

Security experts say double extortion attacks are a trend among ransomware operators.

At Ciso Advisor

Senate toughens penalties for electronic crime cases

Last Wednesday (25), the Senate approved bill (PL) 4554 / 2020, authored by Izalci Lucas (PSDB-DF). The text determines an increase in penalties for those who commit electronic fraud.

By Rui Maciel on Canaltech

Bug allows you to bypass two-factor authentication in cPanel

Software for web server administration has already been installed on more than 70 million domains; The flaw is serious, but it has already been corrected.

By Rafael Rigues in Olhar Digital

Smart doorbells send unencrypted data to China and can be easily hacked

British consumer rights group Witch? found vulnerabilities of all security levels in 11 different smart doorbells (IoT). The vulnerabilities were found in partnership with security researchers at NCC Group.

By Guilherme M. Petry in The Hack

SAD DNS – Analysis of the vulnerability that allows DNS poisoning attacks to be carried out

Researchers have discovered a way to allow DNS poisoning attacks to bounce back. In this post, we analyze how this vulnerability works and provide some tips on how to mitigate it.

By Alan Warburton in We Live Security

Hackers who may be Chinese return to spying on the Vatican

The attacks are from the Mustang Panda group, and target organizations that participate in relations between the Vatican and the Chinese Communist Party.

At Ciso Advisor

Brazil is one of the most targeted countries for major hacker attacks; understand

In the 2019 survey by the ITU (International Telecommunications Union), the country is in 70th place. In the Americas, it is in sixth place, behind Paraguay.

By Felipe Oliveira on Tilt Uol

How to prevent a cyber attack: for small businesses

See many reasons to worry about the dangers of the internet, especially if the environment is business, and even worse, if it is a small or medium-sized company.

By Kelvin Zimmer on Lumiun Blog

CyberTeam: group that invaded the TSE has already attacked 61 other Brazilian websites

The authorship of the attacks carried out on the Superior Electoral Court (TSE) has been confirmed, which culminated in the disclosure of various personal data of the agency's employees on the day of the 2020 municipal elections.

By Ramon De Souza on FreeGameGuide